webpush-java icon indicating copy to clipboard operation
webpush-java copied to clipboard
verified publisher icon web-push-libs

please release new version with safe dependencies

Open teicher opened this issue 3 years ago • 1 comments

Hello, the current GA 5.1.1 pulls in org.asynchttpclient:async-http-client:2.10.4 which in turn pulls in a whole truckload of CVEs in nearly all io.netty components. build.gradle on master has already been updated to 2.12.3 so this should be built as a new version and made available on mvncentral. Many Thanks!

(CVE scanner: https://jeremylong.github.io/DependencyCheck/dependency-check-maven/ )

teicher avatar Nov 18 '22 15:11 teicher

I was stuck with this (and BouncyCastle dependency) so I wrote another open source library for web push notifications for JVM without external dependencies except standard library:

https://github.com/interaso/webpush

You can give it a try.

morki avatar Aug 23 '23 01:08 morki