Open
Description
Subject of the issue
There's one vuln being flagged after 2.8.1 (which fixed most of them, thanks).
Provides transitive vulnerable dependency maven:commons-codec:commons-codec:1.12 WS-2019-0379 6.5 Input Validation Results powered by Mend.io
I see the comment in pom.xml
<!-- version 1.14 adds some stronger constraints to base64 encoding which breaks a test. -->
But mvn clean test doesn't have any issues when I changed to 1.14 or latest 1.18.1.
If someone could point me at the failing test I could try and make a PR with fix?
Your environment
I'm building in Gradle (from IDEA using the package checker bundled plugin) with:
implementation("com.algorand:algosdk:2.8.1")
Steps to reproduce
- Create a project that depends on above
- View in mend.io
- (Or just note that 1.12 commons-codec has a vuln https://mvnrepository.com/artifact/commons-codec/commons-codec/1.12)
Expected behaviour
No vulnerabilities
Actual behaviour
Vulnerability is reported - I don't think this has real impact, but customers in this domain don't like vulnerabilities ;-)