xalan (an XSLT processor) is apparently unmaintained and likes to show up in vulnerability scans due to CVE-2022-34169. Yes, this library is most likely just used for testing, so this isn't critical, but it would still be great if such warnings could be avoided if possible.
What I have been wondering -- is xalan still needed by selenese-runner-java? It seems to have been added in commit 488ba46 (make implicit dependencies explicit and add dependency on htmlunit-driver explicitly. It does actually seem to be required by any other dependency (anymore), and I'm not aware that selenese-runner-java has any XSLT processing features? I've excluded xalan when adding selenese-runner-java as a dependency and everything still seems to be working fine, but perhaps we're just not using the feature that requires xalan?
xalan (an XSLT processor) is apparently unmaintained and likes to show up in vulnerability scans due to CVE-2022-34169. Yes, this library is most likely just used for testing, so this isn't critical, but it would still be great if such warnings could be avoided if possible.
What I have been wondering -- is xalan still needed by
selenese-runner-java? It seems to have been added in commit 488ba46 (make implicit dependencies explicit and add dependency on htmlunit-driver explicitly. It does actually seem to be required by any other dependency (anymore), and I'm not aware thatselenese-runner-javahas any XSLT processing features? I've excludedxalanwhen addingselenese-runner-javaas a dependency and everything still seems to be working fine, but perhaps we're just not using the feature that requires xalan?