Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

please release new version with safe dependencies #200

Open
teicher opened this issue Nov 18, 2022 · 1 comment
Open

please release new version with safe dependencies #200

teicher opened this issue Nov 18, 2022 · 1 comment

Comments

@teicher
Copy link

teicher commented Nov 18, 2022

Hello,
the current GA 5.1.1 pulls in org.asynchttpclient:async-http-client:2.10.4
which in turn pulls in a whole truckload of CVEs in nearly all io.netty components.
build.gradle on master has already been updated to 2.12.3 so this should be built as a new version and made available on mvncentral.
Many Thanks!

(CVE scanner: https://jeremylong.github.io/DependencyCheck/dependency-check-maven/ )
@morki
Copy link

morki commented Aug 23, 2023

I was stuck with this (and BouncyCastle dependency) so I wrote another open source library for web push notifications for JVM without external dependencies except standard library:

https://github.com/interaso/webpush

You can give it a try.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@morki @teicher