Vulnerabilities found in com.google.cloud.tools.jib

ankitvashishta · August 15, 2023, 7:41am

org.yaml:snakeyaml vulnerability found on v1.33. Fixed in v2.0
com.google.guava:guava vulnerability found on v31.1-jre. Fixed in v32.0

Can these be updated ?

guybrand · August 15, 2023, 8:39am

Hi,

Can you elaborate more on where you are seeing this and why this post is in the scans.gradle.com forum?

Thanks and regards,

Guy

Vampire · August 15, 2023, 8:40am

Ask the Jib developers?

Vampire · August 15, 2023, 8:41am

Or just update those transitive dependencies for you using dependency constraints and test whether everything still works or whether there were breaking changes that make it not work.

Topic		Replies	Views
Could not resolve all artifacts Help/Discuss	0	555	September 30, 2021
Testing Gradle dependencies for security vulnerabilities News	2	1737	August 3, 2017
Unable to figure out how a transitive dependency of a particular version is ending up in my jar? Help/Discuss	11	2346	December 11, 2019
Issues with gradleApi() and transitive dependencies Old Forum Archive	1	1345	November 24, 2014
Problem with outdated version of snakeyaml Old Forum Archive	2	762	October 4, 2013

Vulnerabilities found in com.google.cloud.tools.jib

Related topics