Bump major versions of dependencies required
kjeller opened this issue · 0 comments
kjeller commented
Some of the dependency versions needs to be bumped major versions to avoid vulnerabilities.
Looking at a few on maven repository:
- Jsoup 1.11.2: 2 direct vulnerabilities and multiple indirect ones
- Jackson kotlin module 2.9.2: 66 indirect vulnerabilities
- logback-core: 1 direct vulnerability
Because of major version bumps, source code changes might also be required.