Dependency updates #3
Conversation
This commit updates the dependencies and plugins to their latest available, stable versions. It also migrates the tests from Junit 4 to Junit 5.
from the bouncycastle release notes: CVE-2016-1000339: AESFastEngine has a side channel leak if table accesses can be observed. The use of lookup large static lookup tables in AESFastEngine means that where data accesses by the CPU can be observed, it is possible to gain information about the key used to initialize the cipher. We now recommend not using AESFastEngine where this might be a concern. The BC provider is now using AESEngine by default.
|
@123Haynes: Thanks a lot for your PRs (jitsi/jitsi-srtp#13 and this), I am very happy :) A long time ago, I have communicated about old dependencies on GitHub, on Twitter (private and public), and recently on the forum. Can you look in https://github.com/jitsi/jitsi desktop client repository too? I have done PR a long time ago (and recently) without solutions: In this organization: |
|
@123Haynes: I have updated the first ticket with all PRs included yours, can you look if it is good or not for other? |
|
@ibauersachs: Can you look here? |
|
No, as this repository will become obsolete when all other projects are updated to BC 1.65. I will archive it once this is done. |
|
@ibauersachs: Ok! |
|
Cool 👍 If this repository is becoming obsolete this PR isn't needed anymore. Closing it 😃 |
|
@123Haynes: I think it is not the solution... A lot of other tickets/PRs about Bouncy Castle, all projects are not solved yet... |
This PR updates the dependencies to their latest versions, fixes maven warnings, migrates the tests from Junit 4 to Junit 5 and replaces the deprecated AESFastEngine with AESEngine 😃