Update dependencies #1461
Merged
Update dependencies #1461
Commits on Oct 31, 2023
-
dep: Update mina-core, commons-compress and guava
Update dependencies: Mina Core, Guava and commons-compress. These don't need any other adjustments.
-
Update JSoup to version 1.16.2. This requires renaming `Whitelist` to `Safelist`, because the class name was changed in version 1.15.1 in a breaking change.
-
dep: Update slf4j to 1.7.36 and switch from log4j1 to reload4j
Replace log4j 1.2.17 with reload4j 1.2.25. log4j 1.x was caught in the fire of the Log4Shell vulnerability, even though the 1.x line was not affected by the vulnerability. Still, this looks bad when it shows up in security scanners even though it doesn't mean it has the Log4Shell vulnerability. Switch to reload4j instead. This is a drop-in replacement of log4j. Actually, it is log4j rebooted by the same author. The reload4j 1.x line fixes security issues that have since surfaced. At the same time we update to the latest slf4j version, which also switched to reload4j for the log4j12 line.
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.