Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update flexmark-all to latest 0.64.8 #809

Merged
merged 6 commits into from
Oct 19, 2023
Merged

Conversation

mrdziuban
Copy link
Contributor

This would eliminate a number of CVEs from the transitive org.apache.pdfbox:pdfbox dependency. It's currently v2.0.16, but by upgrading flexmark-all it would become v2.0.24, which has patched all of these vulnerabilities

@mrdziuban
Copy link
Contributor Author

Ah I see now that this would mean dropping java 8, as flexmark 0.64.0 made java 11 the minimum required version. Not sure if mdoc is ready to do that yet, but I'll leave this open for now until someone says "no" 🙂

@tgodzik
Copy link
Contributor

tgodzik commented Oct 16, 2023

I think we might start dropping support for Java 8. If anyone needs it to work on Java 8 they can always use an older version of the library. If they care about bugfixes and CVE they should start working on JDK 11.

We mdoc in Metals, but I plan to migrate to use Java 17 by default.

Could you remove the CI jobs for JDK 8?

@mrdziuban
Copy link
Contributor Author

Could you remove the CI jobs for JDK 8?

Absolutely, done!

@mrdziuban
Copy link
Contributor Author

I also updated build.sbt to use 11 as the argument to -release and -target instead of 1.8

@mrdziuban
Copy link
Contributor Author

@tgodzik it looks like dropping java 8 might also necessitate dropping scala 2.12...

-target is deprecated: Scala 2.12 cannot emit valid class files for targets newer than 8

What do you think about that?

build.sbt Outdated Show resolved Hide resolved
mrdziuban and others added 2 commits October 16, 2023 12:42
Co-authored-by: Tomasz Godzik <tgodzik@users.noreply.github.com>
@mrdziuban
Copy link
Contributor Author

CI failure looks like an intermittent HTTP error

download error: Caught java.io.IOException (Server returned HTTP response code: 502 for URL: https://oss.sonatype.org/content/repositories/snapshots/org/scalameta/metals_2.13/0.11.10+1-4aa438b0-SNAPSHOT/metals_2.13-0.11.10+1-4aa438b0-SNAPSHOT.pom) while downloading https://oss.sonatype.org/content/repositories/snapshots/org/scalameta/metals_2.13/0.11.10+1-4aa438b0-SNAPSHOT/metals_2.13-0.11.10+1-4aa438b0-SNAPSHOT.pom

@tgodzik tgodzik merged commit 7a650e1 into scalameta:main Oct 19, 2023
15 checks passed
@mrdziuban mrdziuban deleted the patch-1 branch October 19, 2023 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants