exceptionfactory commented on PR #6144: URL: https://github.com/apache/nifi/pull/6144#issuecomment-1162086464
@mr1716 I'm not sure what it reporting `jetty-schemas` 5.2 as a vulnerable dependency, but it is a false positive. The [jetty-schemas 5.2](https://search.maven.org/artifact/org.eclipse.jetty.toolchain/jetty-schemas) dependency is the latest version available, it does not contain code, only XML Schema Definitions. In addition, the changes proposed will not work, because Jetty 11 has many additional changes over 9.4, and the Jetty version is managed through the `jetty.version` property. This is a case where more detailed evaluation is necessary, so closing this pull request. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org