Vulnerability in dependencies

[michalpiekarski]

Depends on vulnerable Thrift version.

https://nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Athrift%3A0.9.3

[rjrudin]

Ran the snyk Gradle plugin against the latest on develop branch, and there's no longer a Thrift vulnerability. The develop branch is now compiling against Jena 4.3.2, which depends on 0.15.0 of Thrift. 0.9.3 was released in 2015, and 0.15.0 in 2021, so fairly certain the vulnerability was addressed.