This will help address bug fixes as well as security issues that have been flagged.
guava-24.0-jre.jar (pkg:maven/com.google.guava/guava@24.0-jre, cpe:2.3:a:google:guava:24.0:*:*:*:*:*:*:*) : CVE-2018-10237
je-5.0.84.jar (pkg:maven/com.sleepycat/je@5.0.84, cpe:2.3:a:oracle:berkeley_db:5.0.84:*:*:*:*:*:*:*, cpe:2.3:a:oracle:oracle_berkeley_db:5.0.84:*:*:*:*:*:*:*) : CVE-2017-3604, CVE-2017-3605, CVE-2017-3606, CVE-2017-3607, CVE-2017-3608, CVE-2017-3609, CVE-2017-3610, CVE-2017-3611, CVE-2017-3612, CVE-2017-3613, CVE-2017-3614, CVE-2017-3615, CVE-2017-3616, CVE-2017-3617, CVE-2019-2708, CVE-2020-2981
logback-core-1.1.7.jar (pkg:maven/ch.qos.logback/logback-core@1.1.7, cpe:2.3:a:logback:logback:1.1.7:*:*:*:*:*:*:*) : CVE-2017-5929
tika-core-1.16.jar (pkg:maven/org.apache.tika/tika-core@1.16, cpe:2.3:a:apache:tika:1.16:*:*:*:*:*:*:*) : CVE-2018-11761, CVE-2018-11762, CVE-2018-11796, CVE-2018-1335, CVE-2018-1338, CVE-2018-1339, CVE-2018-17197, CVE-2018-8017, CVE-2019-10088, CVE-2019-10094, CVE-2020-1950, CVE-2020-1951
I'm not as a familiar with gradle, but if it would be easier to get a PR as a starting point I can do that.
Please consider enabling Dependabot.
https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/
This will help address bug fixes as well as security issues that have been flagged.
When I run owasp dependency check I get the below dependencies flagged when using version 4.4.0
https://jeremylong.github.io/DependencyCheck/
I'm not as a familiar with gradle, but if it would be easier to get a PR as a starting point I can do that.
Related to #456