log4j needs updating in rise-v2g*.jar

[kaihendry]

I noticed these third party jar files trigger vulnerability warnings:

1. /opt/everest/libexec/everest/3rd_party/rise_v2g/rise-v2g-evcc-1.2.6.jar
2. /opt/everest/libexec/everest/3rd_party/rise_v2g/rise-v2g-secc-1.2.6.jar

This is a problem for companies with strict compliance, so I am keen to figure out if we can patch them.

I think the jars are pulled in via https://github.com/EVerest/everest-core/blob/main/modules/JsRiseV2G/index.js but it's really not super clear.

[nikswamy]

Wrong repo/org? I think you mean https://github.com/EVerest/

[kaihendry]

omg, sorry!