Dependency upgrade due to vulnerabilities #14
Description
Hello friends,
Thank you for maintaining aws-sig4! 🙌
I'm probably not the first one to notice, that there are a few security vulnerabilities in dependencies https://mvnrepository.com/artifact/org.sharetribe/aws-sig4/0.1.4 (not sure if all of them are listed, because I get a bit different list from nvd-scan locally).
The most obvious culprit is buddy/buddy-core "1.2.0", which has quite a few vulnerabilities even in the latest release.
I'd be happy to work on a PR for the upgrade, but it seems like it would entail a switch from jdk15 to jdk18, which might include breaking changes(as far as I understand).
There's probably a reason why that upgrade didn't happen. 🤔
Let me know what you think!
PS: feel free to close this if I misunderstood the vulnerabilities and they are actually tolerable.