Feature/update guava dependency

auth0 / jwks-rsa-java

MIT License

195 stars 73 forks source link

Feature/update guava dependency #171

Closed amy-mccaleb closed 1 year ago

amy-mccaleb commented 1 year ago

Changes

Google Guava dependency updated to 31.1 since the 30.0 version is showing as "Out of Date".

References

https://github.com/google/guava

Checklist

[X ] I have read the Auth0 general contribution guidelines
[X ] I have read the Auth0 Code of Conduct
[X ] All existing and new tests complete without errors

brianwarner commented 1 year ago

Hi Auth0 team, I'm in the Fidelity OSPO and work with @amy-mccaleb. It looks like the gradelw check is hanging. Is there anything we can do to restart it? @jimmyjames would you know?

Thanks!

jimmyjames commented 1 year ago

👋 thanks for the contribution! I'll see why CI is hung and try and bump it, we'll get this change in. Thanks!

brianwarner commented 1 year ago

That's great, thanks for having a look!

bharathkarnam commented 1 year ago

please update Guava dependency to 32.0.1 since there is an owasp CVE-2023-2976, this is currently blocking a lot of builds. Thanks!

amy-mccaleb commented 1 year ago

Closing for now since errors

raphaelcolomine-onespan commented 1 year ago

Closing for now since errors

Is there a plan to update guava lib ? As someone already mention it contains https://nvd.nist.gov/vuln/detail/CVE-2023-2976 that blocking some projects