build(deps): pin lsp4intellij to version 0.95.0

[TomerFi]

No description provided.

[github-advanced-security]

You have successfully added a new SonarCloud configuration ``. As part of the setup process, we have scanned this repository and found no existing alerts. In the future, you will see all code scanning alerts on the repository Security tab.

[TomerFi]

@jeffmaury looks like I don't have permissions to view our snyk's organization.
can you please provide information about the CI failure?

[TomerFi]

/hold

[TomerFi]

Version 0.95.1 introduced a bug.
Opening files doesn't trigger diagnostics.
Details in #107

[TomerFi]

/unhold

[TomerFi]

@jeffmaury
Testing locally with Snyk's CLI shows that adding the constraints for com.google.guava:guava:30.0-jre and com.google.code.gson:gson:2.8.9 resolves the vulnerability issues reported by Snyk.

I'm not quite sure why does Snyk's CI still shows the same vulnerabilities for the same dependency versions.

Can you please help figuring this out?

I can't dont have enough time to assign to this project

[TomerFi]

I can't dont have enough time to assign to this project

@jeffmaury Seeing that testing with Snyk CLI reports this vulnerabilities issue was resolved after I added the constraints, I'm going to click the button in Snyk's test for marking this test successful.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[TomerFi]

rebased from the master after previous prs merged.

[TomerFi]

Displaying how Snyk's CLI reports the vulnerabilities in the main branch but not on the fixed branch containing the dependency constraints:

This gif was made with my personal token and not my Red Hat one for brevity.

Using my Red Hat token and pointing to our organization (--org="redhat-developer") makes the cli include license policies in its test, which only appear when using the CLI, its not included while using CI for organizations without a paid plan:

[TomerFi]

A git diff between the fixed and main branches showing the dependency constraints made to resolve the vulnerabilities issue:

[TomerFi]

A snapshot from Snyk's test page still reporting the vulnerabilities:

[TomerFi]

Based on the images I provided above this comment proving this branch has no vulnerabilities reported, I'm marking this false-positive test manually as successful in Snyk's UI:

[TomerFi]

relates to #93