Update com.cognitect/http-client version - Githubissues

cognitect-labs / aws-api

AWS, data driven

Apache License 2.0

731 stars 100 forks source link

Update com.cognitect/http-client version #216

Closed mkossa closed 2 years ago

mkossa commented 2 years ago

Thanks for all the awesome work on this lib!

Dependencies

com.cognitect/http-client version 1.0.110 appears to be using an old version of some jetty libs:

com.cognitect.aws/api 0.8.568
  . com.cognitect/http-client 1.0.110
    . org.eclipse.jetty/jetty-client 9.4.44.v20210927
      . org.eclipse.jetty/jetty-http 9.4.44.v20210927

Description

There is a vulnerability with the older version of org.eclipse.jetty/jetty-http being used that should be patched out in 9.4.47 or later.

dchelimsky commented 2 years ago

Duplicate of https://github.com/cognitect-labs/aws-api/issues/215