clintropolis commented on PR #18355: URL: https://github.com/apache/druid/pull/18355#issuecomment-3146167590
i actually think we can suppress this maybe? the cve mentions grpc c++ and links to https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 but i can't see any indication grpc-java is impacted. the scanner does sometimes get confused, and these two things have the same version numbers, so maybe it got flagged incorrectly? The AI agrees with me, tho :shrug: <img width="666" height="384" alt="Screenshot 2025-08-01 at 8 12 35 PM" src="https://github.com/user-attachments/assets/ba3cb975-cd00-4177-ba5c-ffe00c5122bd"; /> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
