Unsafe Dependency Resolution through guru.nidi:code-assert

[bonndan]

Hi!

First of all thanks for graphviz-java which works like a charm for my purposes.

My code is inspected by snyk.io and I get the following warning:

Affected module: com.beust:jcommander@1.48

Introduced through: guru.nidi:graphviz-java@0.18.1

Exploit maturity: No known exploit

Fixed in: com.beust:jcommander@1.75

Detailed paths Introduced through: guru.nidi:graphviz-java@0.18.1 › guru.nidi:code-assert@0.9.15 › net.sourceforge.pmd:pmd-java@5.8.1 › net.sourceforge.pmd:pmd-core@5.8.1 › com.beust:jcommander@1.48

Could you have a look at that?

[sirocchj]

@bonndan FYI, I raised #198 for this reason