JFlex depends on unsafe ant@1.7.0

There is a dependency de.jflex:jflex@1.6.1 → org.apache.ant:ant@1.7.0
ant@1.7.0 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEANT-30510
