You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I see that latest version in pom.xml is 2.9.1, but latest jar in release 1.26 seems to contain 2.8.5.
(via file in jar: META-INF/maven/com.google.code.gson/gson/pom.xml)
If so, can you release a jar with newest deps as in source code pom.xml?
Thanks
Are you still planning to release to maven central? This can help with external dependency management.
The text was updated successfully, but these errors were encountered:
Hi,
I was looking into a security issue in a dependency of cryptolens.
That is: https://nvd.nist.gov/vuln/detail/CVE-2022-25647 for gson 2.8.5.
I see that latest version in pom.xml is 2.9.1, but latest jar in release 1.26 seems to contain 2.8.5.
(via file in jar: META-INF/maven/com.google.code.gson/gson/pom.xml)
If so, can you release a jar with newest deps as in source code pom.xml?
Thanks
Are you still planning to release to maven central? This can help with external dependency management.
The text was updated successfully, but these errors were encountered: