You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using version 2.6.0 of amazon-kinesis-client which which depends on version 3.21.12 of protobuf-java which has a security issue:
I see that in your default branch, you have bumped protobuf-java to 4.27.0 (which doesn't have the security issue). Do you intend to create a release of amazon-kinesis-client with this change soon?
If not, how safe is it for us to exclude the dependency on protobuf-java? How is it used by amazon-kinesis-client?
The text was updated successfully, but these errors were encountered:
I am using version 2.6.0 of
amazon-kinesis-clientwhich which depends on version 3.21.12 ofprotobuf-javawhich has a security issue:I see that in your default branch, you have bumped
protobuf-javato 4.27.0 (which doesn't have the security issue). Do you intend to create a release ofamazon-kinesis-clientwith this change soon?If not, how safe is it for us to exclude the dependency on
protobuf-java? How is it used byamazon-kinesis-client?The text was updated successfully, but these errors were encountered: