You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We can resolve via upgrading the package which brings in an older, vulnerable software.amazon.ion:ion-java, com.amazonaws:aws-java-sdk-kms, to 1.12.668, which doesn't have this dependency. Note that software.amazon.ion:ion-java has been moved in groupId to com.amazon.ion:ion-java. But this upgrade removes the dep entirely.
Sec Vuln discovered 3 days ago in:
https://github.com/TBD54566975/web5-kt/actions/runs/8054648142/job/21999680974
We can resolve via upgrading the package which brings in an older, vulnerable
software.amazon.ion:ion-java,com.amazonaws:aws-java-sdk-kms, to1.12.668, which doesn't have this dependency. Note thatsoftware.amazon.ion:ion-javahas been moved ingroupIdtocom.amazon.ion:ion-java. But this upgrade removes the dep entirely.Addressed upstream in c314311