Closed mrdziuban closed 11 months ago
mrdziuban
commented
11 months ago Ah I see now that this would mean dropping java 8, as flexmark 0.64.0 made java 11 the minimum required version. Not sure if mdoc is ready to do that yet, but I'll leave this open for now until someone says "no" 🙂
tgodzik
commented
11 months ago I think we might start dropping support for Java 8. If anyone needs it to work on Java 8 they can always use an older version of the library. If they care about bugfixes and CVE they should start working on JDK 11.
We mdoc in Metals, but I plan to migrate to use Java 17 by default.
Could you remove the CI jobs for JDK 8?
mrdziuban
commented
11 months ago Could you remove the CI jobs for JDK 8?
Absolutely, done!
mrdziuban
commented
11 months ago I also updated build.sbt to use 11 as the argument to -release and -target instead of 1.8
mrdziuban
commented
11 months ago @tgodzik it looks like dropping java 8 might also necessitate dropping scala 2.12...
-target is deprecated: Scala 2.12 cannot emit valid class files for targets newer than 8What do you think about that?
mrdziuban
commented
11 months ago CI failure looks like an intermittent HTTP error
download error: Caught java.io.IOException (Server returned HTTP response code: 502 for URL: https://oss.sonatype.org/content/repositories/snapshots/org/scalameta/metals_2.13/0.11.10+1-4aa438b0-SNAPSHOT/metals_2.13-0.11.10+1-4aa438b0-SNAPSHOT.pom) while downloading https://oss.sonatype.org/content/repositories/snapshots/org/scalameta/metals_2.13/0.11.10+1-4aa438b0-SNAPSHOT/metals_2.13-0.11.10+1-4aa438b0-SNAPSHOT.pom
This would eliminate a number of CVEs from the transitive
org.apache.pdfbox:pdfboxdependency. It's currently v2.0.16, but by upgradingflexmark-allit would become v2.0.24, which has patched all of these vulnerabilities