OWASP Dependency Checker flags issues on dependent libraries

When we run the checker on the project we get the following libraries flagged up which are from the 3.0.2 azure-eventhubs client.
group: 'com.microsoft.azure', name: 'azure-eventhubs', version: '3.0.2'

Issues:
```
nimbus-jose-jwt-6.0.1.jar (pkg:maven/com.nimbusds/nimbus-jose-jwt@6.0.1, cpe:2.3:a:connect2id:nimbus_jose\+jwt:6.0.1:*:*:*:*:*:*:*) : CVE-2019-17195
guava-20.0.jar (pkg:maven/com.google.guava/guava@20.0, cpe:2.3:a:google:guava:20.0:*:*:*:*:*:*:*) : CVE-2018-10237
adapter-rxjava-2.4.0.jar (pkg:maven/com.squareup.retrofit2/adapter-rxjava@2.4.0, cpe:2.3:a:squareup:retrofit:2.4.0:*:*:*:*:*:*:*) : CVE-2018-1000844, CVE-2018-1000850
```

Can we have an update on these dependencies please?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OWASP Dependency Checker flags issues on dependent libraries #970

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

OWASP Dependency Checker flags issues on dependent libraries #970

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions