UPSE-288: more Java 11 updates #228
Conversation
![sonatype-lift[bot]](https://avatars.githubusercontent.com/in/9843?s=60&v=4){kind=small}
| @@ -175,11 +183,23 @@ | |||
| <groupId>commons-httpclient</groupId> | |||
| <artifactId>commons-httpclient</artifactId> | |||
| <version>3.1</version> | |||
There was a problem hiding this comment.
High Vulnerability:
maven : commons-httpclient/commons-httpclient : 3.1
0 Critical, 1 High, 1 Medium, 0 Low vulnerabilities have been found across 1 dependencies.
View the Lift console for details about these vulnerabilities.
ℹ️ Learn about @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
There was a problem hiding this comment.
More broadly we probably want to migrate to the new maven package for httpclient
v3: https://mvnrepository.com/artifact/commons-httpclient/commons-httpclient (currently used)
v4: https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient
v5: https://mvnrepository.com/artifact/org.apache.httpcomponents.client5/httpclient5
But that may be outside the scope of the Java 11 upgrade
| @@ -327,26 +359,26 @@ | |||
| <version>1.1.2</version> | |||
There was a problem hiding this comment.
High Vulnerability:
maven : taglibs/standard : 1.1.2
0 Critical, 1 High, 0 Medium, 0 Low vulnerabilities have been found across 1 dependencies.
View the Lift console for details about these vulnerabilities.
ℹ️ Learn about @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
There was a problem hiding this comment.
This package has moved in maven central.
We probably want switch to the new package https://mvnrepository.com/artifact/org.apache.taglibs/taglibs-standard-impl at some point.
That may not be needed as part of the Java 11 upgrade.
There was a problem hiding this comment.
Created issue #230 to handle this one too! Thanks Christian
|
How do we handle the sonatype-lift issues? |
If you have some time available, it would be great to upgrade those dependencies. |
More Java 11 updates: