in one of our microservice project we are using
org.elasticsearch.client:elasticsearch-rest-high-level-client:jar:7.17.23
which internally uses "com.tdunning:t-digest:jar:3.2"
this is sonar vulnerability issues, is there anything on the agent to maybe use latest version of implement it internally?
Welcome!
That's one of the issues of the old client. It comes with a dependency on Elasticsearch core code which has also other deps like this one.
The recommandation is to switch to the "new" Java client.
HTH