The Snyk reported a critical vulnerability on apache avro library which is introduced by AWS kinesis client library transitively.
We are already using the latest version of AWS kinesis client library.
This PR overrides the Apache Avro library to use version 1.11.4 which fixes the vulnerability. It is a patch version bump from the version 1.11.3 we are using.
What does this change?
The Snyk reported a critical vulnerability on
apache avrolibrary which is introduced by AWS kinesis client library transitively.We are already using the latest version of AWS kinesis client library.
This PR overrides the Apache Avro library to use version 1.11.4 which fixes the vulnerability. It is a patch version bump from the version 1.11.3 we are using.