Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request: Remove pinning of commons-io:commons-io to 2.4 #73

Open
RSchindler93 opened this issue Nov 14, 2024 · 2 comments
Open

Request: Remove pinning of commons-io:commons-io to 2.4 #73

RSchindler93 opened this issue Nov 14, 2024 · 2 comments

Comments

@RSchindler93
Copy link

Hello,

I recently tried to upgrade from version 2.4.0 to version 3.02 and as it turns out 'commons-io:commons-io'
is now pinned to version 2.4. Since we are already using other gradle plugins with commons-io with higher versions this creates a
dependency resolution problem.

I would like to understand why 'commons-io:commons-io' is pinned to 2.4 (maven central shows two vulnerabilities)
and if it would be possible to remove this constraint?

Thank you in advance!
@zbynek
Copy link
Collaborator

zbynek commented Nov 14, 2024

It's been pinned like that since 17e1b7d that's already included in 2.4.0, not sure why it's only causing problems with 3.x. Checking...

@zbynek
Copy link
Collaborator

zbynek commented Nov 15, 2024

@RSchindler93 3.0.3 is released with some minor dependency updates, including this one. Can you please check that it solves your dependency resolution problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zbynek @RSchindler93