Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate Apache HttpClient Library to v5.x+ #1800

Open
lqiu96 opened this issue Jan 6, 2023 · 3 comments
Open

Migrate Apache HttpClient Library to v5.x+ #1800

lqiu96 opened this issue Jan 6, 2023 · 3 comments
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@lqiu96
Copy link
Contributor

lqiu96 commented Jan 6, 2023

Is your feature request related to a problem? Please describe.
Apache HttpClient v4.x+ is no longer being maintained. Outside of security vulnerabilities, new features and fixes are going into v5.x+.

Past Issue:
#1791

Describe the solution you'd like
Migrate to Apache HttpClient v5.x+.
@lqiu96 lqiu96 added type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. priority: p3 Desirable enhancement or fix. May not be included in next release. labels Jan 6, 2023
@Edwardiv1
Copy link

Better yet, replace it entirely with Java 11's HttpClient and eliminate another dependency.

gcf-owl-bot bot added a commit that referenced this issue Jun 22, 2023
@gcf-owl-bot
chore: Java 8 unit test to build code in Java 17 and run tests on Jav…
e59c21a 
…a 8 (#1800)

* Our Java projects are configured to produce Java 8-compatible bytecode via https://github.com/googleapis/java-shared-config/blob/main/pom.xml#L848. This unit test change ensures this config is applied correctly.

* This change also switches the JDK distribution of GitHub Actions to temurin from zulu.

* For the repositories that mark "dependencies (8)" and "dependencies (11)" as required, they should point to only "dependencies (17)" via `.github/sync-repo-settings.yaml` and repo's Settings tab.
Source-Link: googleapis/synthtool@cbe0100
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-java:latest@sha256:32851debfefed2b66038e0141f1b5c2103bb59ba80b7475adbc10ef7abab3de7
@jamesdh
Copy link

jamesdh commented Jul 5, 2023

Duplicate of #1205

@bc-bartvb
Copy link

As mentioned in the duplicate issue (I don't know which one is considered active) there is now a dependency on an Apache library that is EOL. This poses a security risk for all that use this google library. Is there any chance of this getting fixed soon? I don't have my hopes up given the low priority, but one can ask. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jamesdh @Edwardiv1 @lqiu96 @bc-bartvb