dankito/Readability4J

Bump major versions of dependencies required

kjeller opened this issue · 0 comments

Some of the dependency versions needs to be bumped major versions to avoid vulnerabilities.

Looking at a few on maven repository:

  • Jsoup 1.11.2: 2 direct vulnerabilities and multiple indirect ones
  • Jackson kotlin module 2.9.2: 66 indirect vulnerabilities
  • logback-core: 1 direct vulnerability

Because of major version bumps, source code changes might also be required.