github reporting transient JAR risks

[Steve Loughran <st...@hortonworks.com>]

FYI, I got email from github today telling me that we need to bump up httpclient

Begin forwarded message:

From: GitHub <no...@github.com>>
Subject: [steveloughran/hadoop-trunk] One of your dependencies may have a security vulnerability
Date: 17 October 2018 at 01:13:30 BST
To: steveloughran/hadoop-trunk <ha...@noreply.github.com>>
Cc: Security alert <se...@noreply.github.com>>
Reply-To: steveloughran/hadoop-trunk <no...@github.com>>


[GitHub]<https://github.com/>   Sign in<https://github.com/login>
steveloughran,

We found a potential security vulnerability in a repository for which you have been granted security alert access.

[@steveloughran]        steveloughran/hadoop-trunk<https://github.com/steveloughran/hadoop-trunk>
Known moderate severity security vulnerability detected in org.apache.httpcomponents:httpclient < 4.3.6 defined in pom.xml<https://github.com/steveloughran/hadoop-trunk/blob/stevel/HADOOP-8545-swift/hadoop-project/pom.xml>.
pom.xml<https://github.com/steveloughran/hadoop-trunk/blob/stevel/HADOOP-8545-swift/hadoop-project/pom.xml> update suggested: org.apache.httpcomponents:httpclient ~> 4.3.6.
Always verify the validity and compatibility of suggestions with your codebase.



Review vulnerable dependency<https://github.com/steveloughran/hadoop-trunk/network/alert/hadoop-project/pom.xml/org.apache.httpcomponents:httpclient/open>

________________________________


Only users who have been assigned access to security alerts will receive these notifications.

Unsubscribe <https://github.com/notifications/unsubscribe-vulnerability/AAJ5KtMbNOecIR9rUT2OmXqf3co8yS8Tks5ulnYpgaJpZM4Xirdg> · Email preferences<https://github.com/settings/emails> · Terms<https://help.github.com/articles/github-terms-of-service/> · Privacy<https://help.github.com/articles/github-privacy-policy/> · Sign into GitHub<https://github.com/login>


GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107