google-oss-bot
commented
13 hours ago I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
Open bmuschko opened 13 hours ago
google-oss-bot
commented
13 hours ago I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
What feature would you like to see?
Some of the dependencies referenced by the plugin are pretty old. For example, it uses
google-api-client1.30.9, released 4 years ago. In turn, the dependency pulls in a very old version ofjackson-core, 2.10.2, which contains a security vulnerability with "high" severity.How would you use it?
Gradle doesn't create an isolated classloader between different plugins in a project. Therefore, Jackson core can easily conflict with other Jackson core versions in the combined plugin classpath.