Closed poovamraj closed 1 year ago
We are updating the version of Guava to latest as fix for CVE-2023-2976. We have verified the major version change shouldn't break the flow for us mentioned here
https://nvd.nist.gov/vuln/detail/CVE-2023-2976 https://github.com/google/guava/releases/tag/v32.0.0 https://github.com/google/guava/releases/tag/v32.1.1
Thanks @poovamraj! Replaced by #184 which fixes the transitive dependency issue in https://github.com/google/guava/issues/6654
Changes
We are updating the version of Guava to latest as fix for CVE-2023-2976. We have verified the major version change shouldn't break the flow for us mentioned here
References
https://nvd.nist.gov/vuln/detail/CVE-2023-2976 https://github.com/google/guava/releases/tag/v32.0.0 https://github.com/google/guava/releases/tag/v32.1.1