pjfanning commented on code in PR #4401:
URL: https://github.com/apache/fineract/pull/4401#discussion_r1980144395
##########
buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle:
##########
@@ -150,16 +150,16 @@ dependencyManagement {
dependency
"org.apache.oltu.oauth2:org.apache.oltu.oauth2.httpclient4:1.0.1"
dependency "io.gsonfire:gson-fire:1.9.0"
dependency "com.google.code.findbugs:jsr305:3.0.2"
- dependency "commons-codec:commons-codec:1.17.1"
- dependency "org.projectlombok:lombok:1.18.34"
+ dependency "commons-codec:commons-codec:1.18.0"
+ dependency "org.projectlombok:lombok:1.18.36"
- dependency 'org.bouncycastle:bcpkix-jdk15to18:1.79'
- dependency 'org.bouncycastle:bcprov-jdk15to18:1.79'
+ dependency 'org.bouncycastle:bcpkix-jdk15to18:1.80'
+ dependency 'org.bouncycastle:bcprov-jdk15to18:1.80'
dependency 'org.bouncycastle:bcprov-jdk15on:1.70'
dependency 'org.bouncycastle:bcpg-jdk15on:1.70'
Review Comment:
why keep dependencies on jdk15on and jdk15to18 jars - don't they have the
same classes (with some variations) and will therefore clash with each other?
I would recommend dropping all these and using bcpg-jdk18on, bcprov-jdk18on,
bcpkix-jdk18on.
bcprov-jdk15on and bcpg-jdk15on 1.70 have security issues and no new jars
are being released for jdk15on
Surely, you can accept Java 8 is a minimum these days.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
