On Thu, Nov 23, 2023 at 3:10 PM sebb wrote:
>
> On Thu, 23 Nov 2023 at 13:05, Gary Gregory wrote:
>
> Generally a user can override the default version stated in the component pom.
> Indeed this happens automatically in Maven if another jar declares a
> dependency on a later version with the same
On Thu, 23 Nov 2023 at 13:05, Gary Gregory wrote:
>
> Hello,
>
> First, if you want to disclose a vulnerability in a Commons component
> itself, please read https://commons.apache.org/security.html
>
> Now, back to dependencies.
>
> In general, we use GitHub's Dependabot to inform us of new versio
Hello,
First, if you want to disclose a vulnerability in a Commons component
itself, please read https://commons.apache.org/security.html
Now, back to dependencies.
In general, we use GitHub's Dependabot to inform us of new versions of
dependencies. Dependabot then creates the PRs and builds the
The test suite now runs on ubuntu-latest, windows-latest and
macos-latest with Java 8,11,17,21
On macOS, the OpenSSL library path has to be provided, otherwise the
test can crash with
'"...bin/java is loading libcrypto in an unsafe way"
AFAICT, this is where libcrypto.dylib does not resolve to a
