Provides transitive vulnerable dependency maven:org.apache.commons:commons-text:1.9

[liming1010]

Bug Type (问题类型)

rest-api (结果不合预期)

Before submit

• 我已经确认现有的 Issues 与 FAQ 中没有相同 / 重复问题 (I have confirmed and searched that there are no similar problems in the historical issue and documents)

Environment (环境信息)

版本1.0

Expected & Actual behavior (期望与实际表现)

<dependency>
            <groupId>org.apache.hugegraph</groupId>
            <artifactId>hugegraph-client</artifactId>
            <version>1.0.0</version>
        </dependency>

这个版本提示

Provides transitive vulnerable dependency maven:org.apache.commons:commons-text:1.9
CVE-2022-42889 9.8 Improper Control of Generation of Code ('Code Injection') vulnerability

经过查询，是个洞

Vertex/Edge example (问题点 / 边数据举例)

No response

Schema [VertexLabel, EdgeLabel, IndexLabel] (元数据结构)

No response

[imbajin]

Thanks for your report, maybe they need update in https://github.com/apache/incubator-hugegraph-commons ?

BTW, I help u to transfer the issue to here(toolchain)