Hi Manuel,
Your dependency check is taking a sh*t on you and your valuable time. I would
ditch it for something actually working.
For the record, Dropwizard 4.0.7 is not using any of the vulnerable versions of
Apache HttpClient.
Hello there,
i am using dropwizard (version 4.0.7) and when i run a dependency check it
shows the following (transitive) vulnerability:
metrics-httpclient5-4.2.25.jar
(pkg:maven/io.dropwizard.metrics/metrics-httpclient5@4.2.25,
cpe:2.3:a:apache:httpclient:4.2.25:*:*:*:*:*:*:*) :