Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

importing brevo with gradle brings unwanted dependencies, with CVE reports #1

Open
mathieuruellan opened this issue Oct 3, 2024 · 3 comments
Open

importing brevo with gradle brings unwanted dependencies, with CVE reports #1

mathieuruellan opened this issue Oct 3, 2024 · 3 comments

Comments

@mathieuruellan
Copy link

mathieuruellan commented Oct 3, 2024
edited
Loading

Hello,

I'm using brevo for a project of my company.

This is what i get when i'm importing brevo with api dependency, I don't get why my final app should have maven-core in runtime.

image

The other issue is theses deps have cve tickets, and if its' not a big problem with building tools, it shouldn't be bundled in a final running product. It blocks in the CI at the scan stage and could be a problem with our customer security audits.

image

Regards,

Mathieu Ruellan
Developer/Manager at MyScript
@sdtorresl
Copy link

Currently, the 1.0.0 version is having this vulnerability: the https://devhub.checkmarx.com/cve-details/CVE-2022-29599/

@FixTryane
Copy link

Same here. We just add the Brevo jdk to our project and we got 3 new CVEs reported by our CI analysis :

Did you plan to make a new release to update these dependencies ?

Regards,

François-Xavier CHASSAGNE
Tryane SAS

@rchristilaw
Copy link

Hello Brevo team, any update on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mathieuruellan @sdtorresl @rchristilaw @FixTryane