Affected version
Latest
Bug description
The dependencies need to be bumped to newer versions to resolve CVE warnings.
In particular, org.apache.rat:apache-rat-plugin needs to have its version explicitly specified (latest is 0.17) rather than relying on the parent version (currently at 0.16.1), as the latter has a CVE in transitive dependency org.apache.commons:commons-text at version 1.3.
Affected version
Latest
Bug description
The dependencies need to be bumped to newer versions to resolve CVE warnings.
In particular, org.apache.rat:apache-rat-plugin needs to have its version explicitly specified (latest is 0.17) rather than relying on the parent version (currently at 0.16.1), as the latter has a CVE in transitive dependency org.apache.commons:commons-text at version 1.3.