Craig Andrews
Craig Andrews
common-beanutils < 1.11.0 has a high severity vulnerability, [CVE-2025-48734: Apache Commons Improper Access Control vulnerability](https://github.com/advisories/GHSA-wxr5-93ph-8wr9). It would nice to bump this dependency version to eliminate that risk.
Can we get this merged and released? I'm really looking forward to Python 3.13 support :) Thank you!
Thank you for reporting this issue! I finally tracked it down and submitted a fix: https://github.com/esphome/esphome/pull/9242 In my testing, it solves the problem.
Would disabling the gradle daemon workaround this issue? https://docs.gradle.org/current/userguide/gradle_daemon.html#disable_for_a_build I'd be curious to learn from others if that avoids this problem.
I think having the optional to disable jar scanning is great and should be added. _However_, I think Trivy should caution users and make it very clear that using this...
@micahsnyder can you please take a look whenever you get the chance?
> Sorry for the extra busy work. No worries! I've rebased this MR including adding the changes to 1.4.
Is there a workaround, some way that the expression can be changed and still work with the current version of yq?
@mikefarah this is significant regression for my colleagues and I (and I suspect many others as well), could you please take a look at it? Thank you in advance and...
This change is particularly important as it addresses [CVE-2025-24359](https://nvd.nist.gov/vuln/detail/CVE-2025-24359).