Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump guava version to latest #183

Closed
wants to merge 2 commits into from
Closed

Bump guava version to latest #183

wants to merge 2 commits into from

Conversation

poovamraj
Copy link
Contributor

Changes

We are updating the version of Guava to latest as fix for CVE-2023-2976.
We have verified the major version change shouldn't break the flow for us mentioned here

References

https://nvd.nist.gov/vuln/detail/CVE-2023-2976
https://github.com/google/guava/releases/tag/v32.0.0
https://github.com/google/guava/releases/tag/v32.1.1

@poovamraj poovamraj requested a review from a team as a code owner July 27, 2023 17:02
@jimmyjames
Copy link
Contributor

Thanks @poovamraj! Replaced by #184 which fixes the transitive dependency issue in google/guava#6654

@jimmyjames jimmyjames closed this Jul 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants