CVEs reported in Maven central - Update dependencies for removal

[vishwesh-D-kumar]

https://mvnrepository.com/artifact/com.mservicetech/openapi-schema-validation/2.0.5 lists 8 CVE security issues, which is a lot of security consideraitions . At a glance these can be removed by updating dependent libraries, (such as fasterXML jackson-databind version to 2.140-rc1 or above). A quick minor release for this would allow teams to easily uptake this great library, without having to go through a lot of security considerations.

[vishwesh-D-kumar]

@stevehu @GavinChenYan kindly have a look . Thanks!

[stevehu]

@vishwesh-D-kumar Thanks a lot for pointing it out. I have synced the dependencies with the light-4j, and it should be OK now. Please review and let us know if you have questions.

[vishwesh-D-kumar]

Sounds good , I think the updates to snakeyaml and jackson should do the trick .
lIght4j also seems to have these issues on maven- but a quick look at the repo tells me youve already updated the dependency versions and are preparing for a new maven release release , so thats already taken care of . Cheers!

[vishwesh-D-kumar]

How long would this take to appear in maven central?

[stevehu]

We need a little bit more tests and should have a release this weekend. Thanks.