openvsx
openvsx copied to clipboard
Fix OpenVSX vulnerabilities
Fixes #465, log4j-core
version updated to 2.17.2
Fixes #467, spring-webmvc
version updated to 5.3.20
Update Spring Boot from 2.4.0
to 2.7.0
Update gradle wrapper to 6.9.1
, so that it's compatible with Spring Boot 2.7.0
Replace springfox with springdoc
Resolve circular dependency by moving download count logic to DownloadCountService
Update API documentation to OpenAPI 3
Fix ElasticSearch search result constructors
@amtadev Can you verify that the vulnerabilities mentioned in #465 and #467 are fixed by this PR?
Below you find the output of the ./gradlew dependencies
command:
dependencies-new.txt
Yes they are. thank you
@amvanbaren when do you reckon this PR will be ready to be merged and changes deployed as a docker image? thanks
@amtadev I'm currently waiting on feedback, so that the current release can be deployed to production: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/1377
Once that release is deployed, then this (and other) PRs will be merged for a new release.
@amvanbaren any idea when will this PR be merged and deployed? thanks
@amvanbaren Hi, when do you think this PR will be merged?