Open Lastaapps opened 2 months ago
A potential fix for anyone reading this is to just update the libraries on your side, this should be safe.
implementation("ch.qos.logback:logback-core:1.4.12")
implementation("ch.qos.logback:logback-classic:1.4.12")
implementation("commons-net:commons-net:3.9.0")
implementation("org.apache.commons:commons-text:1.10.0")
implementation("org.jsoup:jsoup:1.15.3")
implementation("xalan:xalan:2.7.3")
Describe the bug Hi, I just included the version
1.3.0-alpha.2
skrape.it into my project, and IntelliJ reports that the package depends on vulnerable versions of quite a few libraries. When I try version1.2.2
, it's the same. I don't say that users of this library are directly vulnerable, but it's suspicious at least. All the vulnerabilities have quite a high score, so it would make sense just to make1.2.3
release just with these libs bumped. Thanks for the great project!All the vulnerabilities reported by IntelliJ