You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I tried to look around for how this is done exactly but couldn't find the exact source location. The resulting checker.jar has shaded guava from known vulnerable version. Is there a hard requirement that is shaded and if so, can it be upgraded to latest release?
The text was updated successfully, but these errors were encountered:
Thank you for pointing out this issue. I appreciate it.
One reason for the shading is explained at the very end of https://checkerframework.org/manual/#common-problems-running . Without shading, Error Prone and Nullaway break the Checker Framework, and other tools might too, and this applies to libraries as well.
I will upgrade the version of Guava that the Checker Framework uses, so that will be in the next release, which is planned for May 1 or earlier.
mernst
changed the title
Shaded Guava is listed as vulnerable by dependency check plugin
Update org.checkerframework.annotatedlib:guava to Guava 33.1.0
Apr 9, 2024
I tried to look around for how this is done exactly but couldn't find the exact source location. The resulting checker.jar has shaded guava from known vulnerable version. Is there a hard requirement that is shaded and if so, can it be upgraded to latest release?
The text was updated successfully, but these errors were encountered: