Closed lalewis1 closed 2 months ago
Hi Lawson,
Thanks for report.
Updating com.amazonaws:aws-java-sdk-s3 to 1.12.767 drops the ion-java dependency.
Putting in a direct dependency on zookeeper will address the Curator dependency on ZooKeeper. There will be a warning still show if the Versions Maven Plugin is used, it does not respect the maven resolution rules, but the RDF Delta choice will be used.
The project does have dependabot turned on.
Awesome, thanks Andy :)
and I was not aware of dependabot, very cool.
Hi All,
Thanks for the wonderful software.
We have been using the rdf-delta-server jar as part of some of our projects but recent vulnerability scanning has revealed some vulnerabilities.
specifically they are to do with the following packages as reported by Trivy:
The zookeeper and logback vulnerabilities need to be fixed by bumping the curator-test dependencies to newer versions. (I am in the process of signing up for a JIRA account so that I can log an issue for this with curator.apache.org)
But the amazon jdk dependency looks like it can be bumped in the dependencies of this repository.
https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-s3
Link shows that a newer version exists with the vulnerability patched.
Anyway thanks for any assistance, and let me know if you would like more details.