Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gwt-dev depends on a vulnerable gson package #10077

Open
Oberonc opened this issue Jan 2, 2025 · 1 comment · May be fixed by #10079
Open

gwt-dev depends on a vulnerable gson package #10077

Oberonc opened this issue Jan 2, 2025 · 1 comment · May be fixed by #10079
Milestone
2.13

Comments

@Oberonc
Copy link

Oberonc commented Jan 2, 2025

gwt-dev package version 2.12.1 depends on com.google.code.gson 2.6.2 which has the following vulnerability:
https://osv.dev/vulnerability/GHSA-4jrv-ppp4-jm57
@niloc132 niloc132 added this to the 2.13 milestone Jan 2, 2025
@zbynek
Copy link
Contributor

zbynek commented Jan 4, 2025

Complete list of known vulnerable dependencies: https://github.com/vmj/gwt-dev-vulnerabilities (also discussed in jiakuan/gwt-gradle-plugin#90 ).

vegegoku added a commit to vegegoku/gwt that referenced this issue Jan 5, 2025
@vegegoku
update gson to latest
7358944 
fix gwtproject#10077
vegegoku added a commit to vegegoku/gwt that referenced this issue Jan 8, 2025
@vegegoku
update gson to latest
418f47c 
fix gwtproject#10077
@vegegoku vegegoku linked a pull request Jan 8, 2025 that will close this issue
Open
vegegoku added a commit to vegegoku/gwt that referenced this issue Jan 8, 2025
@vegegoku
update gson to latest
b2160d4 
fix gwtproject#10077
vegegoku added a commit to vegegoku/gwt that referenced this issue Jan 15, 2025
@vegegoku
update gson to latest
1bf411e 
fix gwtproject#10077
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.13
Development

Successfully merging a pull request may close this issue.

update gson to latest vegegoku/gwt
3 participants
@niloc132 @zbynek @Oberonc