OWASP dependency check on liquibase-core shows vulnerable JavaScript components

Description

When I run OWASP Dependency Check on liquibase-core artefact, it shows vulnerable JavaScript components. I am surprised that liquibase-core even contains any JavaScript files. See attached OWASP Dependency Check report HTML file.

Ideally, at least for my use of Liquibase, there would be no JavaScript in the liquibase-core artefact.

Environment

Linux, Maven, org.liquibase:liquibase-core:3.8.0 artifact.

Status

Assignee

Unassigned

Reporter

Václav Haisman

Labels

None

Components

Affects versions

Priority

Major
Configure