You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I ran into an issue with CVE dependency scanning for Gradle counterpart to this plugin which depends on this project.
Transitively, there is a dependency here on a crufty version of plexus-utils that has an XML injection security bug. I filled against the Gradle plugin project here:
Reviewing pom.xml for the plugin, I see many or most dependencies our outdated. A refresh to latest or near latest versions would likely address the CVE, as well as pick up any dependency bug fixes that have happened along the way. It's not sexy work, but is good craftsmanship.
When I gain some roundtuits, I may try updating myself, and see how it goes.
The text was updated successfully, but these errors were encountered:
binkley
changed the title
Several project dependencies our outdated
Several project dependencies are outdated
Aug 28, 2021
I can't process an issue that boils down to, "old versions, lolz!". If you have something specific you want to fix please submit a PR. Note that some dependencies are pinned due to supporting older Java versions.
I ran into an issue with CVE dependency scanning for Gradle counterpart to this plugin which depends on this project.
Transitively, there is a dependency here on a crufty version of
plexus-utils
that has an XML injection security bug. I filled against the Gradle plugin project here:andygoossens/gradle-modernizer-plugin#1
Reviewing
pom.xml
for the plugin, I see many or most dependencies our outdated. A refresh to latest or near latest versions would likely address the CVE, as well as pick up any dependency bug fixes that have happened along the way. It's not sexy work, but is good craftsmanship.When I gain some roundtuits, I may try updating myself, and see how it goes.
The text was updated successfully, but these errors were encountered: