Even though this is about a Guava vulnerability, because graphql-java shades the Guava library, vulnerabilities-scanning software is flagging graphql-java as also being vulnerable.

Graphql-java seems to be using few modules of guava the fix for vulnerability in release 20.4 the 20.4 version uses 32.0.0 version of guava which still contains the vulnerablity CVE-2023-2976

I am creating this ticket to ask if you could release a patch version including this update and to use guava versions >=32.0.1 to remove the vulnerablity

The Guava vulnerability reported has been fixed in Guava version >=32.0.1.