auto-value-gson icon indicating copy to clipboard operation
auto-value-gson copied to clipboard

Published 20 hours ago verified publisher icon rharter

Dependency updates

Open mpminardi opened this issue 3 years ago • 0 comments

Hello there. I use this library and noticed that it was pulling in a number of out of date dependencies, some of which have known vulnerabilities (e.g., https://nvd.nist.gov/vuln/detail/CVE-2020-8908 for guava). As part of updating them I did the following:

  1. Moved from the deprecated maven plugin to maven-publish
  2. Removed the android logic in the gradle-mvn-push as it seemed like it wasn't actually being triggered
  3. Updated the gradle wrapper to 7.2.0
  4. Updated shadow to 7.0.0 and updated dependencies between auto-value-gson-extension and auto-value-gson-runtime to get it to properly work on clean builds
  5. Updated all dependencies to the latest versions I could find when possible

Let me know if any of these changes should be walked back or if you want some of this split into separate PRs.

mpminardi avatar Sep 01 '21 01:09 mpminardi