Vulnerable declared dependency
Reports vulnerabilities in Gradle, Maven, NPM, PyPI and Go dependencies declared in your project. A full list of Gradle and Maven dependencies is shown in the Project tool window under External Libraries.
Fixing the reported problems helps prevent your software from being compromised by an attacker.
To solve a problem, you can update to a version where the vulnerability is fixed (if available) or switch to a dependency that doesn't have the vulnerability.
The quick-fixes available may suggest updating to a safe version or visiting the website to learn more about a particular vulnerability.
Locating this inspection
- By ID
Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.
VulnerableLibrariesLocal- Via Settings dialog
Path to the inspection settings via IntelliJ Platform IDE Settings dialog, when you need to adjust inspection settings directly from your IDE.
Inspection ID: VulnerableLibrariesLocal
Inspection options
Here you can find the description of settings available for the Vulnerable declared dependency inspection, and the reference of their default values.
- Ignoring dependencies
Option ID:
isIgnoringEnabledDefault value:
Not selected- Ignored dependencies
Default value:
None
Suppressing Inspection
You can suppress this inspection by placing the following comment marker before the code fragment where you no longer want messages from this inspection to appear:
More detailed instructions as well as other ways and options that you have can be found in the product documentation:
Inspection Details | |
|---|---|
By default bundled with: | GoLand 2025.2, IntelliJ IDEA 2025.2, PhpStorm 2025.2, PyCharm 2025.2, Qodana for Go 2025.2, Qodana for JS 2025.2, Qodana for JVM 2025.2, Qodana for PHP 2025.2, WebStorm 2025.2 |