michael-o commented on pull request #21: URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-911205914
> > > Somewhat. They block Jetty for everyone(including the projects where the vulnerabilities applies) which affects this plugin indirectly. > > > If it helps, what we use is similar to this : > > > https://www.google.com/amp/s/blog.sonatype.com/keeping-third-party-dependencies-in-check-with-nexus%3fhs_amp=true > > > > > > Many vendors provide this superficial crap -- as you can see it proves nothing here. > > @michael-o > so many tools send warning/alarms because of dependencies with security issues/CVE. > maybe (certainly) it's wrong but big companies use those tools as a policy and we can't fight this!! > BUT we still want people using Apache Maven so we have to live with that! I know and that is sadly stupid. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org