[BUG] security vulnerabilities in libraries

[Lastaapps]

Describe the bug
Hi, I just included the version 1.3.0-alpha.2 skrape.it into my project, and IntelliJ reports that the package depends on vulnerable versions of quite a few libraries. When I try version 1.2.2, it's the same. I don't say that users of this library are directly vulnerable, but it's suspicious at least. All the vulnerabilities have quite a high score, so it would make sense just to make 1.2.3 release just with these libs bumped. Thanks for the great project!

All the vulnerabilities reported by IntelliJ

• https://devhub.checkmarx.com/cve-details/CVE-2021-37533/
• https://devhub.checkmarx.com/cve-details/CVE-2022-42889/
• https://devhub.checkmarx.com/cve-details/CVE-2022-34169/
• https://devhub.checkmarx.com/cve-details/CVE-2021-37714/
• https://devhub.checkmarx.com/cve-details/CVE-2022-36033/
• https://devhub.checkmarx.com/cve-details/CVE-2023-6378/

[Lastaapps]

A potential fix for anyone reading this is to just update the libraries on your side, this should be safe.

    implementation("ch.qos.logback:logback-core:1.4.12")
    implementation("ch.qos.logback:logback-classic:1.4.12")
    implementation("commons-net:commons-net:3.9.0")
    implementation("org.apache.commons:commons-text:1.10.0")
    implementation("org.jsoup:jsoup:1.15.3")
    implementation("xalan:xalan:2.7.3")

[jilvin]

Shouldn't we get this fixed? Anyone tracking this issue somewhere else?

[jilvin]

Issue #202 covers a subset of the vulnerabilities reported here in this issue. Fixing this issue should close #202 too.