https://kotlinlang.org logo
Join Slack
Powered by
Hi I've just updated intellij and it now complains...
# http4k
n
Hi I've just updated intellij and it now complains about vulnerabilities on this line in my gradle build file:
Copy code
implementation platform("org.http4k:http4k-bom:5.26.0.0")
The first one is CVE-2023-40167, Score: 5.3 it's seems related to Jetty I import Jetty in this way:
Copy code
implementation "org.http4k:http4k-server-jetty"
Is it possible to upgrade it? Thanks
d
If there's a patch available of jetty then you can just override the jetty version in your gradle until we can get a version bump into the next release 🙃
👍 1
n
do you mean like this ?
Copy code
implementation "org.http4k:http4k-server-jetty:12.0.11"
it doesn't work Should I import jetty directly?
I try this way // https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server implementation group: 'org.eclipse.jetty', name: 'jetty-server', version: '12.0.11'
c
Copy code
dependencies {
    constraints {
        implementation "org.http4k:http4k-server-jetty:12.0.11"
    }
}
✔️ 1
n
Got it! Thank you very much!
c
d
On closer inspection it seems that the latest version is already up to date with Jetty, so you shouldn't need to actually put that constraint in... https://mvnrepository.com/artifact/org.http4k/http4k-server-jetty/5.26.0.0
n
You say it's a intellij "bug" ?
d
Something is up yes. If you're not bringing in jetty somewhere else then try invalidating caches etc..
c
Run:
Copy code
./gradlew :YOUR_MODULE_NAME:dependencyInsight --dependency org.eclipse.jetty:jetty-server --configuration testRuntimeClasspath
(if you're in a multiplatform project, replace the configuration by 
jsTestRuntimeClasspath
, 
jvmTestRuntimeClasspath
or any other platform you have the problem on)
n
after "invalidate and restart" ide does not restart .. definitely must check something ..
after reboot and start ide, the warning is gone, so it was a cache/ide problem ..
👍 1
c
Can you run the 
:dependencyInsight
task to be sure? Maybe you do you have a problem and IntelliJ just forgot it after the restart, that happens too
n
I tried ./gradlew payment_order_printer:dependencyInsight --dependency org.eclipse.jetty:jetty-server --configuration testRuntimeClasspath but gradle complains: Cannot locate tasks that match 'payment_order_printer:dependencyInsight' as project 'payment_order_printer' not found in root project 'payment_order_printer'
afaik payment_order_printer is my project name
c
Ah, if it's the root project, you can just use 
:dependencyInsight …
instead of 
:project:dependencyInsight …
(the "root `build.gradle.kts`" is called 
:
)
n
ah didnt know thanks a lot 😅 yes it works and the dependency is in, like Dave said: org.eclipse.jettyjetty server12.0.11 +--- org.eclipse.jetty.websocketjetty websocket core server12.0.11 | \--- org.eclipse.jetty.websocketjetty websocket jetty server12.0.11 | \--- org.http4khttp4k server jetty5.26.0.0 | +--- testRuntimeClasspath (requested org.http4k:http4k-server-jetty) | \--- org.http4khttp4k bom5.26.0.0 | \--- testRuntimeClasspath +--- org.eclipse.jetty.websocketjetty websocket jetty server12.0.11 (*) \--- org.http4khttp4k server jetty5.26.0.0 (*
c
All good then 🙂
n
thanks you very much Ivan and Dave! Learned lot of things, as always ..
😊 3
5 Views
Open in Slack
PreviousNext
Powered by