Unresolved CVE in v 7.13.0

[SB6310-Equans]

Hello,

We're using your librarie in one of our projects, and while resolving it's vulnerabilities, it seems that the latest version available on the maven repository repository does not resolved these CVE :

[ERROR] swagger-parser-core-2.1.22.jar: CVE-2019-7238(9.8), CVE-2020-10204(7.2), CVE-2020-10199(8.8)
[ERROR] swagger-parser-safe-url-resolver-2.1.22.jar: CVE-2022-2900(9.1), CVE-2022-2216(9.8)

We're using owasp dependency check

org.owasp
dependency-check-maven

Are those in your backlog at the moment ?

Thank you.

[wing328]

just filed #21325 to update swagger parser to the latest version

[SB6310-Equans]

Thank you for this.

We actually found another one, with a much lower criticity : [ERROR] threetenbp-1.7.0.jar: CVE-2024-23082(5.3)