vishwesh-D-kumar
commented
1 year ago @stevehu @GavinChenYan kindly have a look . Thanks!
Closed vishwesh-D-kumar closed 1 year ago
vishwesh-D-kumar
commented
1 year ago @stevehu @GavinChenYan kindly have a look . Thanks!
stevehu
commented
1 year ago @vishwesh-D-kumar Thanks a lot for pointing it out. I have synced the dependencies with the light-4j, and it should be OK now. Please review and let us know if you have questions.
vishwesh-D-kumar
commented
1 year ago Sounds good , I think the updates to snakeyaml and jackson should do the trick . lIght4j also seems to have these issues on maven- but a quick look at the repo tells me youve already updated the dependency versions and are preparing for a new maven release release , so thats already taken care of . Cheers!
vishwesh-D-kumar
commented
1 year ago How long would this take to appear in maven central?
stevehu
commented
1 year ago We need a little bit more tests and should have a release this weekend. Thanks.
https://mvnrepository.com/artifact/com.mservicetech/openapi-schema-validation/2.0.5 lists 8 CVE security issues, which is a lot of security consideraitions . At a glance these can be removed by updating dependent libraries, (such as fasterXML jackson-databind version to 2.140-rc1 or above). A quick minor release for this would allow teams to easily uptake this great library, without having to go through a lot of security considerations.