tangiel
commented
6 years ago The particular library which Guava depends on in the Checker Framework is MIT licensed, so that is not an issue.
Open akankshagaur opened 6 years ago
tangiel
commented
6 years ago The particular library which Guava depends on in the Checker Framework is MIT licensed, so that is not an issue.
tangiel
commented
6 years ago So there is an issue in that Guava 21+ requires Java 8, unless you use the -android dependency. Right now App Engine still supports Java 7 so we have to support it. But that could also mean classpath conflicts with people who use the Java 8 runtime and the -jre dependency. I'm not entirely sure what the best solution is right now.
akankshagaur
commented
6 years ago Ok,that clarifies the issue. Thanks
Hi,
I see that Google endpoints framework releases do not contain the latest releases of its dependent libraries which have security vulnerabilities.
For. E.g Guava dependency version used is 20 while latest version is 25.1. Also, since guava is based on checker framework which is GPL, won't it affect developers? Is there an alternative for checker framework which can be used in endpoints framework?
Thanks