Review dependencies for 4.3
Description
Environment
is related to
Confluence content
Activity
Updated cryptacular and the Bouncy Castle components (see JPAR-205) and that means we are for now up-to-date. I am going to close this (again) and treat anything else that comes up independently, including if we want to have another pass closer to release.
I’ll do the cherry-picking of this stuff over to the main branch under a separate ticket.
Update of janino from 3.1.6 to 3.1.9 held back for lack of a key:
https://github.com/janino-compiler/janino/issues/194
I don’t see anything in the change log for janino that would make it a big problem if we couldn’t bump to this version:
http://janino-compiler.github.io/janino/changelog.html
It would still be nice to be running the latest.
It turns out that versions:display-dependency-updates is still very, very broken, it’s just broken in entirely different ways now. So although the things I have updated did need it, I’ve missed several things that the plugin wrongly excluded. I will go back and review everything manually. There may be a short delay…
Reopening for manual check of xmlsec and bouncy castle.
We all seem content with that, so I will declare victory and close this issue and leave Scott to include the scary language in the release notes.
It’s time to review our dependencies for a new minor release. I won’t list every change here, just noteworthy ones as well as things we did not decide to update.