jihoonson opened a new pull request, #12437: URL: https://github.com/apache/druid/pull/12437
### Description The Travis CI cron job flagged https://nvd.nist.gov/vuln/detail/CVE-2021-43138. This failure is a false alarm as the CVE is about the Async javascript library (https://github.com/caolan/async), not `async-http-client-netty-utils`. Even though we do use the Async library for the web console development, I think we can still suppress this CVE as the Async library is a [dev dependency](https://github.com/apache/druid/blob/master/web-console/package-lock.json#L6394-L6402). This PR also cleans up a stale suppression for netty-3.10.5.Final which we no longer use. <hr> <!-- Check the items by putting "x" in the brackets for the done things. Not all of these items apply to every PR. Remove the items which are not done or not relevant to the PR. None of the items from the checklist below are strictly necessary, but it would be very helpful if you at least self-review the PR. --> This PR has: - [x] been self-reviewed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
