Spring Cloud Netflix spring-cloud-starter-netflix-eureka-client:4.3.0 has vulnerability with dependency guava:16.0

guava:16.0 has vulnerabilities:

https://mvnrepository.com/artifact/com.google.guava/guava/16.0

to fix the issue upgrade to guava:33.4.8-jre

@OlgaMaciaszek

Comment From: OlgaMaciaszek

Hello, @ziad-saade, that version is brought about by Netflix/Archaius, but not used either by Netflix/Eureka or Spring Cloud Netflix as Netflix/Eureka overrides it with 33.0.0-jre. You can see it if you run ./mvnw clean dependency-tree on Spring Cloud Netflix.

com.netflix.eureka:eureka-core:jar:2.0.5:compile
[INFO] |  |  +- com.fasterxml.woodstox:woodstox-core:jar:6.4.0:compile
[INFO] |  |  |  \- org.codehaus.woodstox:stax2-api:jar:4.2.1:compile
[INFO] |  |  \- com.google.guava:guava:jar:33.0.0-jre:runtime