Hi all, Libraries vended via flink-shaded are stripped from META-INF [1]. Lack of the metadata causes some vulnerability scanners miss the known CVEs against the shaded libraries. Should we follow the spirit of best security practices and allow better transparency by re-instating the META-INF files in flink-shaded? Can you think of any downsides of doing so?
Kind regards, Krzysztof [1] https://issues.apache.org/jira/browse/FLINK-15815
