scylla-apiclient: update Guava dependency

Update the version of Guava dependency to 32.1.3-jre. Before the change, security scanners (such as Trivy) reported that com.google.guava used in the project was vulnerable to CVE-2023-2976 ("HIGH" severity) and CVE-2020-8908. The issues are fixed in later versions of Guava and after this commit the security scanner doesn't report any problems related to Guava dependency. Fixes #223
scylladb · Oct 20, 2023 · c41a381 · c41a381
1 parent 93a36f2
commit c41a381
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/scylla-apiclient/pom.xml b/scylla-apiclient/pom.xml
@@ -50,7 +50,7 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>29.0-jre</version>
+            <version>32.1.3-jre</version>
         </dependency>
         <dependency>
             <groupId>com.google.collections</groupId>