danielbraeutigam
commented
3 years ago @rpalcolea Any news on this? Seems like you are updating gradle versions on regular bases. Can you please answer my question?
Closed danielbraeutigam closed 3 years ago
danielbraeutigam
commented
3 years ago @rpalcolea Any news on this? Seems like you are updating gradle versions on regular bases. Can you please answer my question?
hpoettker
commented
3 years ago The problem should already be fixed by the commit https://github.com/nebula-plugins/nebula-project-plugin/commit/67e9c6304cd35d01e614b2727e339b9050f67677
The outdated ElasticSearch dependency was imported from gradle-metrics-plugin that is by now archived and no longer a part of gradle-dependency-lock-plugin.
A release with the updated dependencies would be really appreciated.
hpoettker
commented
3 years ago The problem is fixed in the release 8.0.0. I think the issue can be closed.
I overlooked the release as it is not marked as latest on the release page https://github.com/nebula-plugins/nebula-project-plugin/releases Sorry for that!
rpalcolea
commented
3 years ago Hi @hpoettker , thanks for the heads up! closing this now
We experienced a problem in conjunction with the OWASP dependency-check plugin (see https://github.com/jeremylong/DependencyCheck/issues/2909#issuecomment-712818813) . The reason for this seems to be an old dependency of ElasticSearch and therefore Lucene, which is more than 5 years old.
Is it possible to update the dependency to a more recent version to avoid this conflict in classpath?