OWASP Dependency Checker flags issues on dependent libraries

When we run the checker on the project we get the following libraries flagged up which are from the 3.0.2 azure-eventhubs client.
group: 'com.microsoft.azure', name: 'azure-eventhubs', version: '3.0.2'

Issues:
```
nimbus-jose-jwt-6.0.1.jar (pkg:maven/com.nimbusds/nimbus-jose-jwt@6.0.1, cpe:2.3:a:connect2id:nimbus_jose\+jwt:6.0.1:*:*:*:*:*:*:*) : CVE-2019-17195
guava-20.0.jar (pkg:maven/com.google.guava/guava@20.0, cpe:2.3:a:google:guava:20.0:*:*:*:*:*:*:*) : CVE-2018-10237
adapter-rxjava-2.4.0.jar (pkg:maven/com.squareup.retrofit2/adapter-rxjava@2.4.0, cpe:2.3:a:squareup:retrofit:2.4.0:*:*:*:*:*:*:*) : CVE-2018-1000844, CVE-2018-1000850
```

Can we have an update on these dependencies please?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

OWASP Dependency Checker flags issues on dependent libraries #970

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

OWASP Dependency Checker flags issues on dependent libraries #970

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions