lhotari opened a new issue #2732: URL: https://github.com/apache/bookkeeper/issues/2732
**BUG REPORT** The org.inferred:freebuilder:1.14.9 dependency causes Bookkeeper to be flagged for jQuery vulnerabilities. This happens in the Sonatype IQ vulnerability scanner which will also scan embedded js files. For example, it find jQuery in the path `org/inferred/freebuilder/shaded/org/openjdk/tools/javadoc/internal/doclets/formats/html/resources/jquery/external/jquery jquery-1.10.2.js` inside the freebuilder jar file. ***Expected behavior*** Bookkeeper shouldn't expose freebuilder as a dependency at all. It's an annotation processor which should be [defined as optional dependency in maven](https://github.com/inferred/FreeBuilder#maven) and [with `compileOnly` in gradle](https://github.com/inferred/FreeBuilder#gradle). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
