[
https://issues.apache.org/jira/browse/MNG-7533?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17585528#comment-17585528
]
Michael Osipov commented on MNG-7533:
-------------------------------------
The dependency isn't used:
{noformat}
[INFO] --- maven-dependency-plugin:3.1.1:analyze (default-cli) @
wagon-http-shared ---
[WARNING] Used undeclared dependencies found:
[WARNING] org.codehaus.plexus:plexus-utils:jar:3.3.0:compile
[WARNING] Unused declared dependencies found:
[WARNING] commons-io:commons-io:jar:2.6:compile
[WARNING] org.slf4j:slf4j-simple:jar:1.7.32:test
[WARNING] org.apache.maven.wagon:wagon-provider-test:jar:3.5.3-SNAPSHOT:test
{noformat}
{{grep}} the source code...
> jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with
> maven v3.8.6
> --------------------------------------------------------------------------------------
>
> Key: MNG-7533
> URL: https://issues.apache.org/jira/browse/MNG-7533
> Project: Maven
> Issue Type: Bug
> Environment: Production
> Reporter: John Roddy
> Priority: Major
> Attachments: MicrosoftTeams-image (5).png
>
>
> jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with
> maven v3.8.6. We're using the latest for maven which is v3.8.6. Please
> upgrade jar to the latest to remediate the Prisma vulnerability associated
> with maven v3.8.6. Thank you!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
