You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
xalan (an XSLT processor) is apparently unmaintained and likes to show up in vulnerability scans due to CVE-2022-34169. Yes, this library is most likely just used for testing, so this isn't critical, but it would still be great if such warnings could be avoided if possible.
What I have been wondering -- is xalan still needed by selenese-runner-java? It seems to have been added in commit 488ba46 (make implicit dependencies explicit and add dependency on htmlunit-driver explicitly. It does actually seem to be required by any other dependency (anymore), and I'm not aware that selenese-runner-java has any XSLT processing features? I've excluded xalan when adding selenese-runner-java as a dependency and everything still seems to be working fine, but perhaps we're just not using the feature that requires xalan?
The text was updated successfully, but these errors were encountered:
xalan (an XSLT processor) is apparently unmaintained and likes to show up in vulnerability scans due to CVE-2022-34169. Yes, this library is most likely just used for testing, so this isn't critical, but it would still be great if such warnings could be avoided if possible.
What I have been wondering -- is xalan still needed by
selenese-runner-java? It seems to have been added in commit 488ba46 (make implicit dependencies explicit and add dependency on htmlunit-driver explicitly. It does actually seem to be required by any other dependency (anymore), and I'm not aware thatselenese-runner-javahas any XSLT processing features? I've excludedxalanwhen addingselenese-runner-javaas a dependency and everything still seems to be working fine, but perhaps we're just not using the feature that requires xalan?The text was updated successfully, but these errors were encountered: