yaronkaikov
commented
11 months ago @scylladb/scylla-maint Can you please merge this and update the submodule ?
Closed tchaikov closed 11 months ago
yaronkaikov
commented
11 months ago @scylladb/scylla-maint Can you please merge this and update the submodule ?
roydahan
commented
11 months ago @yaronkaikov so this one is in? I thought you were saying it will break next if it gets in.
yaronkaikov
commented
11 months ago It merged here, but the submodule is not updated in Scylla core until we fix https://github.com/scylladb/java-driver/pull/267
roydahan
commented
10 months ago @avelanarius FYI
update "guava" package from 18.0 to 32.1.3.
Update the version of guava dependency to 31.1.3-jre. Before the change, security scanners (such as Trivy) reported that
guavaused in the project was vulnerable to CVE-2018-10237 and CVE-2023-2976 (both "MEDIUM" severify and CVE-2020-8908 as "LOW" severity (both "HIGH" severity).Those issues were fixed in guava 31.1.3 and after this commit the security scanner doesn't report any problems related to this dependency.
because guava 31 introduced quite a few non-backward compatible changes, we have to address them on a case-by-case basis.
previous this change was reverted in 3963c3abf71a6df310ca8f3849e4cf8562469666 because it missed the change to address the incompatible API changes.
Fixes: https://github.com/scylladb/scylla-tools-java/issues/365