[ https://issues.apache.org/jira/browse/MNG-7535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606274#comment-17606274 ]
Karl Heinz Marbaise commented on MNG-7535: ------------------------------------------ There is nothing mentioned in https://github.com/google/guava nor something which indicates that on https://guava.dev/ > Latest release of Maven contain EOL component - EOL-Google Guava 25.1 > --------------------------------------------------------------------- > > Key: MNG-7535 > URL: https://issues.apache.org/jira/browse/MNG-7535 > Project: Maven > Issue Type: Dependency upgrade > Components: Dependencies > Affects Versions: 3.8.6 > Reporter: Chris Campbell > Priority: Minor > Fix For: waiting-for-feedback > > > We are utilizing the latest maven releases and getting EOL findings ( > EOL-Google Guava 25.1 ) from our internal Enterprise Security team that we > must remediate. > Will maven releases update to a newer, non-EOL of these components? If not, > is there anything we can do ourselves to remediate and use non-EOL versions? -- This message was sent by Atlassian Jira (v8.20.10#820010)