Multiple vulnerabilities in app-config dependencies

[danielsitnik]

Hi guys, it's me again. 😄 I've been using app-config for some time now and it's been working great.

However, I can't help but notice that the current version has a number of high and critical vulnerabilities:

As I'm working in a corporate environment, our applications are subject to vulnerability scanning and our security guys will start questioning me about these issues very soon. 😁

I'd like to ask if you can look into it and maybe fix the vulnerable versions in a 2.8.7 release?

Also, is there any news on when can we expect the new version 3? I'm really hopeful for the more modular approach that should be introced in it.

Thanks!