Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Guava dependency #1319

Closed
Urokhtor opened this issue Mar 4, 2021 · 2 comments
Closed

Update Guava dependency #1319

Urokhtor opened this issue Mar 4, 2021 · 2 comments

Comments

@Urokhtor
Copy link

Urokhtor commented Mar 4, 2021

Pact uses version 18.0 of Guava which was released in 2014. There are known vulnerabilities in this version (CVE-2018-10237 and CVE-2020-8908). While Pact is a library used in test runtime, it would still be good to keep the dependencies up to date.

This old version of Guava is causing headaches for people using dependency scanners because they get a lot of false positive vulnerabilities because of that.
@mefellows
Copy link
Member

Thanks. Makes sense if it can be done, care to take a go at a PR to fix it?

uglyog pushed a commit that referenced this issue Mar 5, 2021
chore: update Google Guava to 30.1-jre #1319
bfe9113
@uglyog
Copy link
Member

uglyog commented Mar 13, 2021

4.2.2 released

This was referenced Mar 15, 2021
Closed
Closed
Merged
Merged
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@uglyog uglyog closed this as completed Apr 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mefellows @uglyog @Urokhtor