You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
JGraphT itself doesn't use Google Guava at all; we just provide an optional adapter module which does
The adapter module does not use FileBackedOutputStream directly
From looking at the Guava code, I don't think anything else uses it indirectly
So there's no actually vulnerability for JGraphT. The issue would be if someone was using our adapter module, and ended up with a dependency conflict as a result of trying to use the latest version of Guava. So if someone runs into that, we'll need to provide a point release at that time.
Issue
com.google.guava until 31.01 is affected by the CVE-2023-2976
Steps to reproduce (small coding example)
Expected behaviour
jgrapht guava without an vulnerable dependency
Other information
The text was updated successfully, but these errors were encountered: