The following dependency: ``` lazy val alpn_api = "org.eclipse.jetty.alpn" % "alpn-api" % "1.1.3.v20160715" ``` Is subject to this vulnerability: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7656 Whatever this means, we can't use http4s in my company because of a requirement to have a OWASP score lower than 3.9. Anyway to drop this library? Thanks
The following dependency:
Is subject to this vulnerability:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7656
Whatever this means, we can't use http4s in my company because of a requirement to have a OWASP score lower than 3.9.
Anyway to drop this library?
Thanks