Fork me on GitHub
Grant Horner18:01:51

@seancorfield I know depstar is technically deprecated, but it seems like it has a dependency on a "bad" log4j version. I don't really see a way that it could be exploited, but it might be nice for users who haven't migrated to if you released a new version with a "fixed" log4j dependency


The repo is archived and readonly. Since it is only run as part of a dev or CI build setup, I don't see much of an attack vector from third parties?

👍 1