Are we expecting there to be a new version that resolves this vulnerability?
https://mvnrepository.com/artifact/org.vaadin.tarek/collapsible-splitlayout/3.0.0
It is a false positive, mvnrepository.com includes test-scope dependencies to that report. It should not, as those are not included in the jar. The project seems to use web-driver manager in its test suite, but that does not affect your main application in any way.
1 Like