eolivelli commented on issue #792: ZOOKEEPER-3262 Update dependencies flagged by OWASP report URL: https://github.com/apache/zookeeper/pull/792#issuecomment-459869080 @phunt we are suppressing specifics CVEs, they are tied to specific versions of dependencies, I think there is no trouble even for the future. We should check suppressed CVEs in the future, maybe such suppressions won't be needed any more, but having them in the codebase does not hurt. IMHO The is no risk that suppressing a CVE will have an impact on other checks
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
