Skip to content

Update Guava dependency to address security vulnerabilities (CVE-2020-8908, GHSA-7g45-4rm6-3mm3) #1171

Open
Open
Update Guava dependency to address security vulnerabilities (CVE-2020-8908, GHSA-7g45-4rm6-3mm3)#1171
@aitzol-deontics

Description

@aitzol-deontics
aitzol-deontics
opened on Mar 5, 2026

Issue: Vulnerable Guava dependency in google-oauth-client 1.39.0

Current: Ships with Guava 31.1-android (vulnerable)
Recommended: Update to Guava 32.0.1-android or newer

Vulnerabilities:

Impact: Forces developers to manually override transitive dependencies for security compliance.

Request: Please update Guava dependency in next release.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions