MeterianBot has fixed one issue in your codebase

[github-actions]

Hey! We’ve found issues with some of the libraries you are using in your project, MeterianBot managed to fix some of them for you but unfortunately not all of them. They just need your approval.

The security score of your project is 100, the stability score 100 and the licensing score 100.
You can have a more detailed look at the report here.

Fixes

• We’ve updated org.apache.logging.log4j:log4j-core 2.15.0 to 2.16.0 minor release, because of CVE-2021-45046.

    Threat severity: MEDIUM      CVSS score: 4

The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack.

---

Issues

• org.apache.logging.log4j:log4j-api 2.14.1 is outdated.

    org.apache.logging.log4j:log4j-api 2.16.0 minor release is the latest available version.

---

Licenses

Have a look at the report for more details and find out how a licenses can impact your business.
Test