realm-annotation-processor-10.12.0 still dependent on kotlin-stdlib-1.5.31.jar

realm / realm-java

Realm is a mobile database: a replacement for SQLite & ORMs

http://realm.io

Apache License 2.0

11.45k stars 1.75k forks source link

realm-annotation-processor-10.12.0 still dependent on kotlin-stdlib-1.5.31.jar #7734

Open klaasel opened 1 year ago

klaasel commented 1 year ago

I don't know it this is the correct place to post, but I couldn't find a dedicated realm annotation processor repository.

According to Mend (previously WhiteSource), our native Android app containing Realm still has a dependency on kotlin-stdlib-1.5.31 because of the realm-annotation-processor-10.12.0. This is the latest version according to mvnrepository.com. This poses a medium security vulnerability, and should be updated to 1.6.

clementetb commented 1 year ago

Thanks for reporting the issue, we will address the issue.

clementetb commented 1 year ago

Thanks, we will bump in the next release, meanwhile, you can fix to a specific version on your project using the strict syntax. See