Hi Phoenix team, I've built and tested upcoming 5.1.4 version by building it from the 5.1 branch (5.1.3-124-gb6ca402f9) and would like to ask to address several CVEs before releasing 5.1.4. Phoenix integration in Trino ( https://github.com/trinodb/trino) is one of two connectors with really high number of CVEs that we would like to remove from our codebase - either by updating a connector to a newer, CVE-free dependency or by dropping connector code and support for Phoenix (actually Phoenix5 accounts for 95% of remaining CVEs in our codebase).
I'm attaching a list of detected vulnerabilities. Please let me know how we can workaround these vulnerabilities.