helidon-io · romain-grecourt · Nov 5, 2020 · Nov 5, 2020 · Nov 5, 2020
diff --git a/dependencies/pom.xml b/dependencies/pom.xml
@@ -918,11 +918,6 @@
                 <artifactId>weld-environment-common</artifactId>
                 <version>${version.lib.weld}</version>
             </dependency>
-            <dependency>
-                <groupId>org.jboss.weld.probe</groupId>
-                <artifactId>weld-probe-core</artifactId>
-                <version>${version.lib.weld}</version>
-            </dependency>
             <dependency>
                 <groupId>org.jboss.classfilewriter</groupId>
                 <artifactId>jboss-classfilewriter</artifactId>

diff --git a/etc/dependency-check-suppression.xml b/etc/dependency-check-suppression.xml
@@ -26,75 +26,6 @@
    <cpe>cpe:/a:processing:processing</cpe>
 </suppress>
 
-<!-- weld-probe-core contains META-INF/client/probe.js which has some javascript
-     CVEs. This javascript appears to be for developement and is never served
-     by Helidon. So we exclude these CVEs
--->
-<suppress>
-   <notes><![CDATA[
-   file name: weld-probe-core-3.1.4.Final.jar: probe.js
-   ]]></notes>
-   <packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
-   <cve>CVE-2015-9251</cve>
-</suppress>
-<suppress>
-   <notes><![CDATA[
-   file name: weld-probe-core-3.1.4.Final.jar: probe.js
-   ]]></notes>
-   <packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
-   <cve>CVE-2018-14040</cve>
-</suppress>
-<suppress>
-   <notes><![CDATA[
-   file name: weld-probe-core-3.1.4.Final.jar: probe.js
-   ]]></notes>
-   <packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
-   <cve>CVE-2018-14041</cve>
-</suppress>
-<suppress>
-   <notes><![CDATA[
-   file name: weld-probe-core-3.1.4.Final.jar: probe.js
-   ]]></notes>
-   <packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
-   <cve>CVE-2018-14042</cve>
-</suppress>
-<suppress>
-   <notes><![CDATA[
-   file name: weld-probe-core-3.1.4.Final.jar: probe.js
-   ]]></notes>
-   <packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
-   <cve>CVE-2019-11358</cve>
-</suppress>
-<suppress>
-   <notes><![CDATA[
-   file name: weld-probe-core-3.1.4.Final.jar: probe.js
-   ]]></notes>
-   <packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
-   <cve>CVE-2019-8331</cve>
-</suppress>
-<suppress>
-   <notes><![CDATA[
-   file name: weld-probe-core-3.1.4.Final.jar: probe.js
-   ]]></notes>
-   <packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
-   <cve>CVE-2020-11022</cve>
-</suppress>
-<suppress>
-   <notes><![CDATA[
-   file name: weld-probe-core-3.1.4.Final.jar: probe.js
-   ]]></notes>
-   <packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
-   <cve>CVE-2020-11023</cve>
-</suppress>
-<suppress>
-   <notes><![CDATA[
-   file name: weld-probe-core-3.1.4.Final.jar: probe.js
-   ]]></notes>
-   <packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
-   <vulnerabilityName>reDOS - regular expression denial of service</vulnerabilityName>
-</suppress>
-<!-- End of Weld/javascript related supressions -->
-
 <!-- This CVE is against the etcd server. We ship a Java client -->
 <suppress>
    <notes><![CDATA[

diff --git a/microprofile/weld/weld-se-core/pom.xml b/microprofile/weld/weld-se-core/pom.xml
@@ -37,6 +37,12 @@
             <groupId>org.jboss.weld.se</groupId>
             <artifactId>weld-se-core</artifactId>
             <optional>true</optional>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.jboss.weld.probe</groupId>
+                    <artifactId>weld-probe-core</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <!--
             Hard-coding reduced dependencies below.
@@ -64,17 +70,6 @@
             <artifactId>weld-api</artifactId>
             <scope>compile</scope>
         </dependency>
-        <dependency>
-            <groupId>org.jboss.weld.probe</groupId>
-            <artifactId>weld-probe-core</artifactId>
-            <scope>compile</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.jboss.weld</groupId>
-                    <artifactId>weld-core-impl</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
         <dependency>
             <groupId>org.jboss.weld</groupId>
             <artifactId>weld-spi</artifactId>