Plexus utils 3.6.0 is affected by a CVE: https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec
Would be possible to update the dependency by a non affected version (I think 3.9.0?) and have a maven 3.9.15 with the upgrade? I develop a maven plugin and that makes my code to appear in security scanners, even though the dependency has a provided scope and is downloaded by Maven itself. Thank you -- Clebert Suconic --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
