I saw previous work done on fixing vulnerabilities in the dependencies in #634 , but apparently there was no acceptable release of maven-assembly-plugin available at the time. I believe there is one now (3.7.1 or 3.7.0).
I started by branching off of develop and ran the CI workflow on my own repo, which seemed to work at least for the windows builds. I then branched off of release/5.0 and will submit a PR shortly.
As I said, I'm not used to the Java ecosystem (or contributing to other projects on GitHub in general), so I apologize if I did this the wrong way and I'm willing to try again should anyone be willing to offer me guidance.
glenrobson
commented
3 months ago
Hello,
I'm trying to fix this vulnerability in Cantaloupe 5 (and future versions obviously).
I'm not a Java developer so I'm a bit lost in the tooling but I tried to change the version number here : https://github.com/camille-hdl/cantaloupe-upgrade-maven-assembly/commit/a2cdd0f0fa3f12dabb8ed57a909d7b7d90b02714
I saw previous work done on fixing vulnerabilities in the dependencies in #634 , but apparently there was no acceptable release of maven-assembly-plugin available at the time. I believe there is one now (3.7.1 or 3.7.0).
I started by branching off of
developand ran the CI workflow on my own repo, which seemed to work at least for the windows builds. I then branched off ofrelease/5.0and will submit a PR shortly.As I said, I'm not used to the Java ecosystem (or contributing to other projects on GitHub in general), so I apologize if I did this the wrong way and I'm willing to try again should anyone be willing to offer me guidance.
Thank you for your work on Cantaloupe
Camille