Remove Guava or upgrade Guava version to one without vulnerabilities

[The version of Guava in the project is 22](https://github.com/outfoxx/typescriptpoet/blob/62d7d4b276b6039bd04729ddb135a9428e61b03e/build.gradle.kts#L33). Is it being used?

This version is affected by several CVEs:

- https://www.cvedetails.com/cve/CVE-2018-10237/
- https://www.cvedetails.com/cve/CVE-2020-8908/
- https://www.cvedetails.com/cve/CVE-2023-2976/

Summary: https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-52274/Google-Guava.html

This is causing failures in security tooling for this library.

It looks like Guava was possibly added with the [initial](https://github.com/outfoxx/typescriptpoet/commit/065ede211c2bcc82696b286aab4059ac5b7a2a78#diff-49a96e7eea8a94af862798a45174e6ac43eb4f8b4bd40759b5da63ba31ec3ef7R48) project generation and is possibly not being used. I don't see any imports referencing this library.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove Guava or upgrade Guava version to one without vulnerabilities #28

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Remove Guava or upgrade Guava version to one without vulnerabilities #28

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions