Closed MeikeMertschFortum closed 10 months ago
Hi @MeikeMertschFortum, thanks for taking the time to report this! We will upgrade okhttp and its underlying okio in future releases like we have been doing. However, it seems jetty 9.4.51 is the latest version in 9.x series. If you needs to use a newer veresion, you may want to switch to bolt-jakarta-jetty library, which is compatible with jetty 11.x series.
Hello @seratch , looks like the vulnerabilities are still there https://mvnrepository.com/artifact/com.slack.api/slack-api-client/1.32.1 is there a plan to update the slack-api-client anytime soon ? Or is there a replacement for it ?
@kamilgregorczyk The old versions of Jetty libraries are "test" dependencies, which are used only in unit tests for the slack-api-client library itself. Therefore, it does not affect your app code at all.
The latest release does not have any issues mentioned here: https://github.com/slackapi/java-slack-sdk/releases/tag/v1.35.0 Let me close this issue now.
Hi!
When importing com.slack.api:bolt-jetty:1.30.0 to my project, Dependabot started warning about possible security issues. Could you update the versions of
The Slack SDK version
com.slack.api:bolt-jetty:1.30.0
Dependency tree
Issue descriptions by Dependabot