idursto commented on issue #7641: URL: https://github.com/apache/maven/issues/7641#issuecomment-3781431969
Bumping this as this is something that is a pretty critical need...companies are running into the exact scenario **weberjn** commented above. They run internal quarantines on Nexus and internal sonatype scans that pick up vulnerabilities before they are potentially even caught and marked in a "public" setting and with no way exclude the direct dependency of the plug-in our hands our tied to either remove the plug-in completely and lose out on the functionality it had offered or accept the vulnerabilities (which most companies have a 0 tolerance for and is not an option). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
