search

damnhandy / Handy-URI-Templates

A Java URI Template processor implementing RFC6570
https://damnhandy.github.io/Handy-URI-Templates/
Other
202 stars 37 forks source link

Remove joda-time and use Java 8 time instead #67

Open chriskilding opened 3 years ago

chriskilding commented 3 years ago

Remove joda-time library and use Java 8 time instead.

chriskilding commented 3 years ago

Relevant to https://github.com/damnhandy/Handy-URI-Templates/issues/55

chriskilding commented 3 years ago

This is initially a mechanical line-by-line port from the Joda methods to the relevant Java 8 time methods. Will see what fails and evolve it from there.

chriskilding commented 3 years ago

One fairly regular error stands out at first, when it tries to format a date:

java.time.temporal.UnsupportedTemporalTypeException: Unsupported field: YearOfEra
chriskilding commented 3 years ago

Fixed, but there is a catch: the java.util.Date instance is converted to a LocalDateTime using the system default ZoneId. This is not usually a safe assumption. This needs to be examined in any future review.

chriskilding commented 3 years ago

@damnhandy would you be able to review this?

chriskilding commented 3 years ago

@damnhandy would you be able to take a look at this?

damnhandy commented 3 years ago

Hey @chriskilding, I'll be taking a look at this. I'm making some changes to the CI set up of the project, it's been kind of a mess for years. Once I get through that for version 2.2.0, I'll also be setting the min Java version to Java 8. Right now, the min Java version has been Java 1.7, mainly due to the fact that this library had been used by a few Android devs and the Java Time API had not been available. Now that we're many years out, I think it's safe make Java 8 the minimum Java version.

jmott commented 3 years ago

Happy to see traction here, I'm getting some pressure about my use of damnhandy due to the EOL status of joda-time, and I'd rather not have to go looking for another solution. Thanks!

sratz commented 3 years ago

Bumping this.

We would also like migrate to the latest version of handy-uri-templates, but with joda-time this is not an option.

jetersen commented 2 years ago

Would really like to see this land 😄 Some of the Jenkins plugin uses this lib and it would be nice to have a library not depend on any libraries.

sratz commented 1 year ago

Any update here?

benjsmi commented 4 months ago

+1 to reviewing this. Joda-Time is now vulnerable! https://nvd.nist.gov/vuln/detail/CVE-2024-23080