Skip to content

Outdated dependencies detected in package CDS #2493

Open
Open
Outdated dependencies detected in package CDS#2493
@anmoljain365

Description

@anmoljain365
anmoljain365
opened on Apr 8, 2026

We are using your packages as a dependency in our project.

In our internal security scan (conducted via Black Duck), we observed that the package CDS OData V4 adapter (v4.8.0), CDS Starter for Spring Boot (v4.8.0) and CDS Starter for CloudFoundry (v4.8.0) have dependencies that have not been updated for more than 1 year and even though newer versions are available.

We are raising this issue to bring this to your attention. Could you please confirm if there are any plans to maintain or update this package and its dependencies going forward?

Outdated Dependency List (from Black Duck scan)

Dependencies

Library Version Package
aalto-xml 1.3.3 CDS OData V4 adapter
Apache Commons Codec 1.18.0 CDS OData V4 adapter
Apache Commons IO 2.18.0 CDS OData V4 adapter
Guava InternalFutureFailureAccess and InternalFutures 1.0.3 CDS OData V4 adapter
Guava ListenableFuture only 9999.0-empty-to-avoid-conflict-with-guava CDS OData V4 adapter
JSpecify annotations 1.0.0 CDS OData V4 adapter
SLF4J API Module 2.0.17 CDS OData V4 adapter
stax2-api 4.2.2 CDS OData V4 adapter
OpenTelemetry Java 1.49.0 CDS OData V4 adapter
cron-utils 9.2.1 CDS Starter for Spring Boot
jms 3.1.0 CDS Starter for Spring Boot
reactive-streams-jvm 1.0.4 CDS Starter for CloudFoundry

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions