The dropwizard 2.1.1 dependency had some vulnerable transitive dependencies. Most of them are mitigated with the 2.1.7 upgrade, with the exception of snakeyaml 1.31, which we manually exclude and override with non-vulnerable snakeyaml 2.0.
Looks like building on linux has additional dependencies compared to Mac OS. I'll rebuild on my linux box, fix the dependencies, and update the PR, stay tuned.
The dropwizard 2.1.1 dependency had some vulnerable transitive dependencies. Most of them are mitigated with the 2.1.7 upgrade, with the exception of snakeyaml 1.31, which we manually exclude and override with non-vulnerable snakeyaml 2.0.