new release to bump dependency spring-core
#429
Assignees
Labels
Comments
|
We have plans to release a new version of library this Friday. That’s where those dependencies are going to be update. Thank you for the report! |
|
There’s no need for us to release anything for you to get the fix in spring-core. spring retry does not need a particular bug fix version of spring core and you should manage the framework version with the bom if you’re not using spring boot. |
|
I am closing this in favor of #435 as I don't want to imply that the upgrade is necessary for what's described here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there
https://mvnrepository.com/artifact/org.springframework.retry/spring-retry/2.0.5 reports that spring-core dependency has one vulnerability.
2 questions:
would it be possible for you to prepare a new release that updates the dependency? (seems like Dependabot is not configured correct to catch that)
Are you aware of a workaround that can be used until a new release is ready. If so, please provide an example.
Thanks for your time and effort maintaining this project ❤️
The text was updated successfully, but these errors were encountered: