Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Address vulnerabilities reported by Snyk #43

sergei-ivanov opened this issue Sep 23, 2018 · 0 comments

Address vulnerabilities reported by Snyk #43

sergei-ivanov opened this issue Sep 23, 2018 · 0 comments


Copy link

@sergei-ivanov sergei-ivanov commented Sep 23, 2018

Is your feature request related to a problem? Please describe.
Snyk reports a vulnerability in the Guava library, and also the plugin code is affected by Zip Slip vulnerability.

Describe the solution you'd like
Currently it is impossible to upgrade Guava because of a Java version lock-in. Since there's only minimal use for it in the project, it makes more sense to root it out.
Zip Slip requires a small code change.

Describe alternatives you've considered

Additional context
For more information, please see:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant