The version of ch.qos.logback:logback-classic and ch.qos.logback:logback-core used by the nohttp gradle plugins has a reported security vulnerability rated as high severity.
Due to the way the dependency configurations are assembled by the plugin, it is difficult for users to upgrade to a newer version. Even if the nohttp Gradle plugin is not itself vulnerable, as more users enable Dependabot alerts for their Gradle repositories, these reports will become widespread.
Please release a new version of the plugin using a patched version of logback.
The version of
ch.qos.logback:logback-classicandch.qos.logback:logback-coreused by the nohttp gradle plugins has a reported security vulnerability rated as high severity.Due to the way the dependency configurations are assembled by the plugin, it is difficult for users to upgrade to a newer version. Even if the nohttp Gradle plugin is not itself vulnerable, as more users enable Dependabot alerts for their Gradle repositories, these reports will become widespread.
Please release a new version of the plugin using a patched version of logback.