Not sure if there’s anywhere to put a ticket in fo...
# troubleshoota
alert-teacher-6920
06/09/2022, 2:41 PMNot sure if there’s anywhere to put a ticket in for this, but when using the datahub-client from io.acryl for Java, dependency scanners like OWASP’s flag the client as depending on a vulnerable version of guava that’s pretty old. It doesn’t seem like the client actually depends on it though, just some nested pom file used to build the artifact mentions it. Normally I think those files aren’t published in the jar. Is there anyway to fix that or somewhere I could put a ticket in for that?
b
big-carpet-38439
06/09/2022, 2:58 PMHi Mark - would you be willing to create an issue for this one? We will have to take a deeper look to try to clear this indirect dependency
a
alert-teacher-6920
06/09/2022, 3:02 PMYeah where do I do that?
b
big-carpet-38439
06/09/2022, 3:03 PMOn Github 🙂
a
alert-teacher-6920
06/09/2022, 3:03 PMNot to be obtuse, but is there one for the datahub-client or acryl?
alert-teacher-6920
06/09/2022, 3:03 PMOr does this just go on DataHub’s main one?
alert-teacher-6920
06/09/2022, 3:03 PMOr is there a link to a project?
b
big-carpet-38439
06/09/2022, 3:04 PMThis would be on DataHub's main repo
a
alert-teacher-6920
06/09/2022, 3:04 PMI can’t find on Maven Central any link to a repo for that project, which would be useful.
alert-teacher-6920
06/09/2022, 3:04 PMAh ok