-
While updating a license for the Fedora package `docbook5-style-xsl`, the legal team discovered that we were unintentionally packaging multiple JAR binaries from the package's `tools/` folder.
The …
-
Vulnerable Library - poi-ooxml-5.2.0.jar
Path to vulnerable library: /java/formula-injection/pom.xml,/java/racecondition-file-write/pom.xml,/java/racecondition/pom.xml
Found in HEAD commit: dbff…
-
Tomcat service in Windows with openJ9 crashes when certain Java code is executed. This seems to happen because starting with 1.4.0, Commons Daemon enables the Control Flow Guard flag, and some specifi…
-
I have a build file with CRLF line endings and am using the autocrlf setting with Git. When running the sorter via the Gradle plugin (sortDependencies) then the dependencies are sorted but the file is…
-
Please remove the library as its only one method is used and may cause issues with other plugins!
-
## Bug report
The following piece of code works in v24.06,0-edge but not in the latest version:
```
@Grab(group='org.apache.commons', module='commons-text', version='1.12.0')
import org.apache.…
-
This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Open
These updates have all …
-
We have a lot of dependencies, it might be nice to get rid of some of them. An easy case would be to pick between Google's Guava and Apache's commons, since they are more of less providing the same th…
-
https://gitdetective.io/apache/commons-lang
https://gitdetective.io/apache/commons-io
https://gitdetective.io/apache/commons-math
Kythe isn't producing output on these projects. Need to build lat…
-
These are the dependencies in my POM
io.dropwizard
dropwizard-core
1.3.5
com.smoketurner
drop…