Security risk: deserialization of untrusted data

[erwinc1]

source: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-32236

[codecov-io]

Codecov Report

Merging #9 into master will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master       #9   +/-   ##
=========================================
  Coverage     72.13%   72.13%           
  Complexity      113      113           
=========================================
  Files            20       20           
  Lines           506      506           
  Branches         38       38           
=========================================
  Hits            365      365           
  Misses          118      118           
  Partials         23       23

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7201b29...3f69e4a. Read the comment docs.

[robertotru]

I don't have time to test this now. If someone else could peer review the PR I'd be glad to proceed.

[OzWolf]

There has been some time between the original commit and now, but the current linked documentation says Guava minimum version should be 24.1.1-jre or higher but the forum post linking from that issue says 25.0-jre or later is needed to fix the issue itself.

So the move to 23.0 in the PR does not rectify the linked issued for Guava.