Merge pull request #250 from groovy/guava

Fix Guava CVEs
groovy · May 23, 2023 · f5d2014 · f5d2014
2 parents 3e50f9e + b27275c
commit f5d2014
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/pom.xml b/pom.xml
@@ -77,6 +77,13 @@
       <version>3.5.1</version>
       <scope>runtime</scope>
     </dependency>
+    <dependency>
+      <!-- fix CVE-2018010237 and CVE-2020-8908 coming from org.apache.maven:maven-core -->
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+      <version>30.0-jre</version>
+      <scope>runtime</scope>
+    </dependency>
     <dependency>
       <!-- this is to support use of Groovysh (Groovy jars don't include) -->
       <groupId>org.fusesource.jansi</groupId>