Home > Blockchain >  How to upgrade commons-codec 1.11 used by aws-sdk:ssm in gradle Java
How to upgrade commons-codec 1.11 used by aws-sdk:ssm in gradle Java

Time:07-22

As part of security scan this vulnerability is shown with commons-codec 1.11 (which needs to be upgraded with 1.13), but this dependency is pulled down by aws-sdk:ssm -> httpclient -> commons-codec

i am looking for work-around, i understand the proper fix needs to be done by aws-sdk:ssm

is there a way to resolve it ? i already upgraded latest aws-sdk, but it is still using old version

implementation platform('software.amazon.awssdk:bom:2.17.230')
implementation 'software.amazon.awssdk:regions'
implementation 'software.amazon.awssdk:ssm'

enter image description here

CodePudding user response:

Use strictly version option to override the version present in the final package

implementation('commons-codec:commons-codec') {
    version {
        strictly '1.15'
    }
}

after this config, the final package zip contains codec 1.15, not 1.11 which was referenced in httpClient, it worked without any issues, but it will break if there is any breaking changes between the versions

Ref: https://docs.gradle.org/current/userguide/dependency_downgrade_and_exclude.html

Page link:https//www.codepudding.com/Blockchain/483949.html

Prev:Create gradle file programmatically from build.gradle file
Next:Is there a way to create dynamic ranges given an array of values, and counting how many belong to ea
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding