Resolve probable false positive with code scanning re: Druid driver

[crisptrutski]

This looks like a false positive:

1. It refers to a pom file that doesn't exist in the repo.
2. It refers to a different version of the vertica driver to the one we package.
3. Printing out the dependency tree¹ with the drivers on the class path doesn't show the old version of the affected package.

Tracking issue for:

• https://github.com/metabase/metabase/security/code-scanning/245

Footnotes

1. clj -A:dev:ee:ee-dev:drivers:drivers-dev:build -Stree ↩

[crisptrutski]

Created this to avoid wasting other people's time on investigating. Hopefully the scanner auto-resolves this shortly.

[piranha]

Pom files do not exist since they are created by a .github/script/write-poms.sh specifically to track deps with Snyk. :) But pom.xml in question refers org.clojure/clojure 1.11.2 explicitly, so it doesn't really make any sense to me - I'm going to dismiss the alert.