Update TestNG Version to avoid Security Vulnerabilities
inktomi opened this issue · comments
Gradle Version
8.6
AGP Version
8.2.2
Code Minifier/Optimizer
R8
Version
4.3.0
Sentry SDK Version
7.4.0
Steps to Reproduce
Include the gradle plugin, then run your build in an environment that blocks libaries with known CVE issues.
Expected Result
Build succeeds because no versions of libraries contain known CVEs.
Actual Result
CVE-2022-4065 is found because of TestNG 7.5
hi @inktomi this was a regression that added unwanted dependencies to the build classpath, which got fixed in #660. We're going to release a new version of the gradle plugin tomorrow CET time with this fixed included. I'll keep you posted, but gonna close this issue as it's been already addressed. Thank you for the report!
@inktomi version 4.3.1 is out, please give it a try and let us know if that works, thanks! https://github.com/getsentry/sentry-android-gradle-plugin/releases/tag/4.3.1
I was out, but I'll try it today and report back!
apparently this didn't fix it, I'll take another look soon, see #656 (comment)