Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gradle AppDistributionPlugin should upgrade its dependencies #6556

Open
bmuschko opened this issue Dec 3, 2024 · 3 comments
Open

Gradle AppDistributionPlugin should upgrade its dependencies #6556

bmuschko opened this issue Dec 3, 2024 · 3 comments
Labels

Comments

@bmuschko
Copy link

bmuschko commented Dec 3, 2024

What feature would you like to see?

Some of the dependencies referenced by the plugin are pretty old. For example, it uses google-api-client 1.30.9, released 4 years ago. In turn, the dependency pulls in a very old version of jackson-core, 2.10.2, which contains a security vulnerability with "high" severity.

How would you use it?

Gradle doesn't create an isolated classloader between different plugins in a project. Therefore, Jackson core can easily conflict with other Jackson core versions in the combined plugin classpath.

@google-oss-bot
Copy link
Contributor

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

@bmuschko
Copy link
Author

Do you know when this will be released, @tagboola ?

@tagboola
Copy link
Contributor

Sorry, didn't mean to close this. I'll re-open it and close it when we actually ship the change.

@bmuschko we're targeting a release in January 2025.

@tagboola tagboola reopened this Dec 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants