Fix your dependencies, please!

Question

Fix your dependencies, please!

uhausbrand opened this issue a year ago · 3 comments

Hi,
I tried to update your library from 6.0.0 to 7.0.0 recently and was surprised to see that you ship now maven-gpg-plugin and all its transitive dependencies. Why on earth do you do that?

Could you please check your dependencies and only ship those which are really needed for compiling and using your library.

Answer 1 · 2023-10-18T12:12:10.000Z

Some dependencies also have known vulnerabilities.. @Kool-Hussain @shubhamUpadhyayInBlue

Warning: Provides transitive vulnerable dependency maven:org.codehaus.plexus:plexus-utils:3.0.15 CVE-2017-1000487 9.8 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability

Answer 2 · 2024-09-13T14:27:52.000Z

The new version of Brevo Java SDK has been released, and this plugin has been updated, please use the new version.
https://central.sonatype.com/artifact/com.brevo/brevo
Thanks

Answer 3 · 2024-09-23T13:56:10.000Z

The new version of Brevo Java SDK has been released, and this plugin has been updated, please use the new version. https://central.sonatype.com/artifact/com.brevo/brevo Thanks

Thanks for letting us know. Will the dependencies be fixed there?