michael-o commented on pull request #21: URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-910510416
> > > Somewhat. They block Jetty for everyone(including the projects where the vulnerabilities applies) which affects this plugin indirectly. > > If it helps, what we use is similar to this : > https://www.google.com/amp/s/blog.sonatype.com/keeping-third-party-dependencies-in-check-with-nexus%3fhs_amp=true Many vendors provide this superficial crap -- as you can see it proves nothing here. > If this PR is considered stale then I can resume and maybe target the latest version instead? Split between Java 8 upgrade and Jetty upgrade in at least two PRs. @hboutemy @rfscholte Yet another reason why we need to split this plugin in two. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org