-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate from *jdk15on
bouncycastle packages to *jdk18on
or *jdk15to18
#286
Comments
*jdk15on
bouncycastle packages to jdk18on
or jdk15to18
*jdk15on
bouncycastle packages to *jdk18on
or *jdk15to18
Thanks for the detailed report @yeikel ! Seems like something that could go into rewrite-migrate-java; would you agree there? |
I believe so given that Java 8 is a requirement. Do we support Java versions below 8?
The only question I have is about the version change. Should this be hardcoded to |
To run OpenRewrite we require at least Java 8, but there's no reason recipes can't change code on Java 7 or even 6 I think, as much as that frightens me.
I think we can use dependency version selectors to not hard code a version, but instead pick the latest available at the time the recipe is (re)run. That should help when you run the recipe periodically as well, instead of as a one-off migration. |
What problem are you trying to solve?
What precondition(s) should be checked before applying this recipe?
org.bouncycastle
*-jdk15on
Describe the situation before applying the recipe
Describe the situation after applying the recipe
Additional context
Using the
*jdk15on
packages puts projects at risk as this package is no longer updated with these coordinates (ie : tools like dependabot can't help here)See :
https://nvd.nist.gov/vuln/detail/CVE-2023-33201
https://github.com/github/advisory-database/commits/main/advisories/github-reviewed/2023/07/GHSA-hr8g-6v94-x4m9/GHSA-hr8g-6v94-x4m9.json
GHSA-hr8g-6v94-x4m9
The text was updated successfully, but these errors were encountered: