capistrant commented on code in PR #18259:
URL: https://github.com/apache/druid/pull/18259#discussion_r2211283386
##########
owasp-dependency-check-suppressions.xml:
##########
@@ -355,7 +355,7 @@
<!-- However, vulnerability scan still shows this CVE. Pac4j release notes
mention 5.3.1 as "fully fixed" version. -->
<!-- Remove suppression once upgraded to 5.3.1. -->
<notes><![CDATA[
- file name: pac4j-core-4.5.7.jar
+ file name: pac4j-core-5.7.3.jar
Review Comment:
per the comment above this line, is this CVE that we are suppressing able to
be removed from this file since we are going past 5.3.1
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
