Vulnerabilities in dependencies
Closed this issue · 1 comments
craigatron commented
We're using the most recent release (0.2.44) and our vulnerability scanner picked up a number of vulnerabilities in some of the adapter's dependencies. Looks like the most severe ones are in:
- com.google.oauth-client:google-oauth-client
- org.json:json
- io.netty:netty-handler
- org.eclipse.jetty.http2:http2-hpack
- io.netty:netty-codec
- com.google.protobuf:protobuf-java
- com.google.code.gson:gson
I'd be happy to take a stab at updating them myself but figured I'd check to see if y'all have an easy process for that first.
IvanIsCoding commented
Please do submit vulnerability fixes, even if it is just a small dependency bump! I tried to cover most of those in an update a couple of months ago, but again there is a constant churn for dependency updates etc