You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm probably not the first one to notice, that there are a few security vulnerabilities in dependencies https://mvnrepository.com/artifact/org.sharetribe/aws-sig4/0.1.4 (not sure if all of them are listed, because I get a bit different list from nvd-scan locally).
The most obvious culprit is buddy/buddy-core "1.2.0", which has quite a few vulnerabilities even in the latest release.
I'd be happy to work on a PR for the upgrade, but it seems like it would entail a switch from jdk15 to jdk18, which might include breaking changes(as far as I understand).
There's probably a reason why that upgrade didn't happen. 🤔
Let me know what you think!
PS: feel free to close this if I misunderstood the vulnerabilities and they are actually tolerable.
The text was updated successfully, but these errors were encountered:
Hello friends,
Thank you for maintaining
aws-sig4! 🙌I'm probably not the first one to notice, that there are a few security vulnerabilities in dependencies https://mvnrepository.com/artifact/org.sharetribe/aws-sig4/0.1.4 (not sure if all of them are listed, because I get a bit different list from
nvd-scanlocally).The most obvious culprit is buddy/buddy-core "1.2.0", which has quite a few vulnerabilities even in the latest release.
I'd be happy to work on a PR for the upgrade, but it seems like it would entail a switch from jdk15 to jdk18, which might include breaking changes(as far as I understand).
There's probably a reason why that upgrade didn't happen. 🤔
Let me know what you think!
PS: feel free to close this if I misunderstood the vulnerabilities and they are actually tolerable.
The text was updated successfully, but these errors were encountered: