Please release a new version. #454
Description
First off thanks for all the work that has gone into this library! Currently, the latest release of java-client-api is 0.3.8. It depends on com.fasterxml.jackson.core:jackson-databind:2.3.4, which has several vulnerabilities – see the GitHub Advisory Database I expect that most, if not all, vulnerabilities are irrelevant in context of java-client-api. But nevertheless I would like to ask you to release a new version of java-client-api, which depends on a newer version of com.fasterxml.jackson.core:jackson-databind. I see that the current pom.xml references com.fasterxml.jackson.core:jackson-databind:2.9.9, which has much less vulnerabilities, and there is PR #450, which suggests to bump jackson-databind.version to 2.10.3. At work, we are using OWASP Dependency Check to scan Java projects to identify the use of known vulnerable components. It reports that one of my projects uses a component that has known critical vulnerabilities. The reason for that is that the respective project depends on java-client-api:0.3.8, which depends on com.fasterxml.jackson.core:jackson-databind:2.3.4. I saw that Milestone 0.4.0 is 79% complete. Is it necessary to close of all of the remaining open issues? Which ones are the most important ones?