Version 0.2.1 of zjsonpatch is dependent on guava 18.0, which has a known vulnerability (CVE-2018-10237).  Latest version of zjsonpatch (0.4.6) does not appear to depend on Guava, so we should upgrade to that version