Trivy detected issue with adyen libraries that is using libraries with vulnerabilities org.bouncycastle:bcprov-jdk15to18. Can you remove/update it it to 1.84?
│ org.bouncycastle:bcprov-jdk15to18 │ CVE-2026-5598 │ HIGH │ fixed │ 1.81 │ 1.84 │ bouncycastle: BC-JAVA: private key leakage via non-constant │
│ │ │ │ │ │ │ time comparisons │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2026-5598
Dependencies tree
I +--- com.adyen.checkout:3ds2:5.18.0 | | +--- com.adyen.checkout:ui-core:5.18.0 | | | +--- com.adyen.checkout:components-core:5.18.0 | | | | +--- com.adyen.checkout:checkout-core:5.18.0 | | | | | +--- androidx.annotation:annotation:1.9.1 (*) | | | | | +--- org.jetbrains.kotlinx:kotlinx-coroutines-core:1.9.0 -> 1.10.2 (*) | | | | | +--- org.jetbrains.kotlinx:kotlinx-coroutines-android:1.9.0 -> 1.10.2 (*) | | | | | +--- org.jetbrains.kotlin:kotlin-parcelize-runtime:1.9.25 -> 2.2.0 (*) | | | | | +--- org.jetbrains.kotlin:kotlin-stdlib:1.9.25 -> 2.2.10 (*) | | | | | \--- com.squareup.okhttp3:okhttp:4.12.0 -> 5.1.0 (*) | | | | +--- androidx.activity:activity:1.10.1 (*) | | | | +--- androidx.fragment:fragment-ktx:1.8.6 -> 1.8.9 (*) | | | | +--- androidx.lifecycle:lifecycle-runtime-ktx:2.8.7 -> 2.9.4 (*) | | | | +--- androidx.lifecycle:lifecycle-viewmodel-ktx:2.8.7 -> 2.9.4 (*) | | | | \--- org.jetbrains.kotlin:kotlin-stdlib:1.9.25 -> 2.2.10 (*) | | | +--- androidx.autofill:autofill:1.3.0-rc01 (*) | | | +--- androidx.constraintlayout:constraintlayout:2.2.1 (*) | | | +--- com.google.android.material:material:1.12.0 -> 1.13.0 (*) | | | +--- androidx.databinding:viewbinding:8.8.1 -> 8.11.1 (*) | | | +--- org.jetbrains.kotlin:kotlin-stdlib:1.9.25 -> 2.2.10 (*) | | | +--- androidx.appcompat:appcompat:1.7.0 -> 1.7.1 (*) | | | +--- androidx.recyclerview:recyclerview:1.4.0 (*) | | | \--- androidx.browser:browser:1.8.0 (*) | | +--- com.adyen.threeds:adyen-3ds2:2.2.26 | | | +--- androidx.activity:activity-ktx:1.10.1 (*) | | | +--- androidx.annotation:annotation:1.9.1 (*) | | | +--- androidx.appcompat:appcompat:1.7.1 (*) | | | +--- **org.bouncycastle:bcprov-jdk15to18:1.81** | | | +--- org.jetbrains.kotlin:kotlin-stdlib:2.0.20 -> 2.2.10 (*) | | | +--- org.jetbrains.kotlinx:kotlinx-coroutines-android:1.9.0 -> 1.10.2 (*) | | | \--- org.jetbrains.kotlinx:kotlinx-serialization-json:1.7.3 -> 1.9.0 (*) | | \--- org.jetbrains.kotlin:kotlin-stdlib:1.9.25 -> 2.2.10 (*)
Trivy detected issue with adyen libraries that is using libraries with vulnerabilities org.bouncycastle:bcprov-jdk15to18. Can you remove/update it it to 1.84?
│ org.bouncycastle:bcprov-jdk15to18 │ CVE-2026-5598 │ HIGH │ fixed │ 1.81 │ 1.84 │ bouncycastle: BC-JAVA: private key leakage via non-constant │
│ │ │ │ │ │ │ time comparisons │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2026-5598
Dependencies tree
I
+--- com.adyen.checkout:3ds2:5.18.0 | | +--- com.adyen.checkout:ui-core:5.18.0 | | | +--- com.adyen.checkout:components-core:5.18.0 | | | | +--- com.adyen.checkout:checkout-core:5.18.0 | | | | | +--- androidx.annotation:annotation:1.9.1 (*) | | | | | +--- org.jetbrains.kotlinx:kotlinx-coroutines-core:1.9.0 -> 1.10.2 (*) | | | | | +--- org.jetbrains.kotlinx:kotlinx-coroutines-android:1.9.0 -> 1.10.2 (*) | | | | | +--- org.jetbrains.kotlin:kotlin-parcelize-runtime:1.9.25 -> 2.2.0 (*) | | | | | +--- org.jetbrains.kotlin:kotlin-stdlib:1.9.25 -> 2.2.10 (*) | | | | | \--- com.squareup.okhttp3:okhttp:4.12.0 -> 5.1.0 (*) | | | | +--- androidx.activity:activity:1.10.1 (*) | | | | +--- androidx.fragment:fragment-ktx:1.8.6 -> 1.8.9 (*) | | | | +--- androidx.lifecycle:lifecycle-runtime-ktx:2.8.7 -> 2.9.4 (*) | | | | +--- androidx.lifecycle:lifecycle-viewmodel-ktx:2.8.7 -> 2.9.4 (*) | | | | \--- org.jetbrains.kotlin:kotlin-stdlib:1.9.25 -> 2.2.10 (*) | | | +--- androidx.autofill:autofill:1.3.0-rc01 (*) | | | +--- androidx.constraintlayout:constraintlayout:2.2.1 (*) | | | +--- com.google.android.material:material:1.12.0 -> 1.13.0 (*) | | | +--- androidx.databinding:viewbinding:8.8.1 -> 8.11.1 (*) | | | +--- org.jetbrains.kotlin:kotlin-stdlib:1.9.25 -> 2.2.10 (*) | | | +--- androidx.appcompat:appcompat:1.7.0 -> 1.7.1 (*) | | | +--- androidx.recyclerview:recyclerview:1.4.0 (*) | | | \--- androidx.browser:browser:1.8.0 (*) | | +--- com.adyen.threeds:adyen-3ds2:2.2.26 | | | +--- androidx.activity:activity-ktx:1.10.1 (*) | | | +--- androidx.annotation:annotation:1.9.1 (*) | | | +--- androidx.appcompat:appcompat:1.7.1 (*) | | | +--- **org.bouncycastle:bcprov-jdk15to18:1.81** | | | +--- org.jetbrains.kotlin:kotlin-stdlib:2.0.20 -> 2.2.10 (*) | | | +--- org.jetbrains.kotlinx:kotlinx-coroutines-android:1.9.0 -> 1.10.2 (*) | | | \--- org.jetbrains.kotlinx:kotlinx-serialization-json:1.7.3 -> 1.9.0 (*) | | \--- org.jetbrains.kotlin:kotlin-stdlib:1.9.25 -> 2.2.10 (*)