Provides transitive vulnerable dependency maven:org.apache.commons:commons-text:1.9

Bug Type (问题类型)

rest-api (结果不合预期)

Before submit

[X] 我已经确认现有的 Issues 与 FAQ 中没有相同 / 重复问题 (I have confirmed and searched that there are no similar problems in the historical issue and documents)

Environment (环境信息)

版本1.0

Expected & Actual behavior (期望与实际表现)

<dependency>
            <groupId>org.apache.hugegraph</groupId>
            <artifactId>hugegraph-client</artifactId>
            <version>1.0.0</version>
        </dependency>

这个版本提示

Provides transitive vulnerable dependency maven:org.apache.commons:commons-text:1.9
CVE-2022-42889 9.8 Improper Control of Generation of Code ('Code Injection') vulnerability

经过查询，是个洞

Vertex/Edge example (问题点 / 边数据举例)

No response

Schema [VertexLabel, EdgeLabel, IndexLabel] (元数据结构)

No response

apache / incubator-hugegraph-toolchain

Provides transitive vulnerable dependency maven:org.apache.commons:commons-text:1.9 #541

Bug Type (问题类型)

Before submit

Environment (环境信息)

Expected & Actual behavior (期望与实际表现)

Vertex/Edge example (问题点 / 边数据举例)

Schema [VertexLabel, EdgeLabel, IndexLabel] (元数据结构)