Docker image is affected by a Fixable GHSA-rcjc-c4pj-xxrp in library 'org.apache.derby:derby' (version 10.16.1.1), resolved by version 10.17.1.0

Any update here?

Please see the release notes for Flyway 10.7.1 and details added to the Derby support page.
Unfortunately since Flyway cannot currently upgrade to support Java 21 and Derby have not released a fix for their versions which support Java 17, we have had to remove the Derby driver and leave it to the user to make their decision on how to approach this.