Update xtend_lib version and remove guava version rule

eclipse-lsp4j / lsp4j

A Java implementation of the language server protocol intended to be consumed by tools and language servers implemented in Java.

https://eclipse.org/lsp4j

Other

613 stars 145 forks source link

Update xtend_lib version and remove guava version rule #673

Closed cherylking closed 2 years ago

cherylking commented 2 years ago

Fixes #672

By updating the xtend_lib version to 2.28.0, the guava version used in the transitive dependencies is updated to a 30.0+ version that does not contain the CVE-2020-8908 vulnerability. In order to get the build to pass locally, I also had to remove the rule that was forcing an older guava version.

eclipse-lsp4j-bot commented 2 years ago

Can one of the admins verify this patch?

jonahgraham commented 2 years ago

@eclipse-lsp4j-bot run tests

jonahgraham commented 2 years ago

@eclipse-lsp4j-bot rerun tests

cherylking commented 2 years ago

So will this go into 0.17.0? And is there any timeline for that release?

cdietrich commented 2 years ago

thx @cherylking

jonahgraham commented 2 years ago

So will this go into 0.17.0? And is there any timeline for that release?

Lets discuss in #671