Do you know which jars depend on this plexus-utils 3.6.0 ? Le jeu. 2 avr. 2026 à 13:02, Clebert Suconic <[email protected]> a écrit :
> Plexus utils 3.6.0 is affected by a CVE: > > https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec > > > > Would be possible to update the dependency by a non affected version > (I think 3.9.0?) and have a maven 3.9.15 with the upgrade? > > I develop a maven plugin and that makes my code to appear in security > scanners, even though the dependency has a provided scope and is > downloaded by Maven itself. > > > > Thank you > > -- > Clebert Suconic > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- ------------------------ Guillaume Nodet
