Sergio Ribeiro
Sergio Ribeiro
Thank you for your contribution but I'm closing this PR as, in the meantime, this vulnerability was fixed when we moved to artifactory.
@jimjag, @nickl-, @stain Under [OSSRH-86958](https://issues.sonatype.org/browse/OSSRH-86958), 'jimjag' was granted publishing permission for "org.beanshell" groupId. This was December 2022... are there any predictions on when the 2.1.1 version could be made available...
Closing dependabot's PRs as they are not being used at this time. This specific issue is covered by [PPP-4891](https://hv-eng.atlassian.net/browse/PPP-4891). [PPP-4891]: https://hv-eng.atlassian.net/browse/PPP-4891?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
This PR is no longer valid: - has conflicts as current code already includes these changes - [PPP-4481](https://hv-eng.atlassian.net/browse/PPP-4481) is closed (fixed) since 2022 (March) Closing. [PPP-4481]: https://hv-eng.atlassian.net/browse/PPP-4481?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
Closing the PR as this is no longer relevant.
Closing in favour of [maven-parent-poms#548](https://github.com/pentaho/maven-parent-poms/pull/548).
@MarijanaTR and @lucboudreau: Apache POI was upgraded to 3.17 with [pentaho-reporting#1108](https://github.com/pentaho/pentaho-reporting/pull/1108) and this was for 8.1 GA... We're using 4.1.1 since 9.2 GA.
Closing this PR as it seems that the intended changes were merged under [pentaho-kettle#9443](https://github.com/pentaho/pentaho-kettle/pull/9443) and [PRD-6159](https://hv-eng.atlassian.net/browse/PRD-6159) is already closed. [PRD-6159]: https://hv-eng.atlassian.net/browse/PRD-6159?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ