The last 10 versions share a common transitive vulnerability in org.eclipse.jgit-5.8.1.202007141445-r.jar #152
Comments
|
Hi! First of all, thank you for opening your first issue. Elementary, we appreciate all feedback that helps us continue improving this plugin. As this is a community project we can't commit to official due dates for reviews and developing, but we're definitely committed to delivering services, integrations and plugins of top quality. So please be patient, we will review your issue and get back to you as soon as we can! Regards, |
|
Hi @rbhuet2! From what I see, the JGit dependency comes from The latest version of While I can't provide a due date, I can confirm that such upgrade will definitely be done and thanks to this issue we see now it needs to have a higher priority. Thanks for bringing this into our attention! |
|
Hi @rbhuet2! @shaikhu came up with a solution to this JGit issue and now version 2.8.1 has been published: Please let us know if this enables using the plugin on your environment. |
|
I just tested version 2.8.1 and it works perfectly. Thanks @shaikhu for the quick response! |
Describe the bug****To Reproduce
Steps to reproduce the behavior:
classpath "org.sonatype.gradle.plugins:scan-gradle-plugin:2.7.0"
apply plugin: 'org.sonatype.gradle.plugins.scan'
Could not GET 'https://nexus.xxx.com/repository/public/org/eclipse/jgit/org.eclipse.jgit/5.8.1.202007141445-r/org.eclipse.jgit- 5.8.1.202007141445-r.jar'. Received status code 403 from server: -------------------->>> REQUESTED ITEM IS QUARANTINED -------------------->>>
Expected behavior
The plugin should reference a version of jgit that does not have any critical vulnerabilities.
Screenshots
Desktop (please complete the following information):
Additional context
The text was updated successfully, but these errors were encountered: