-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update commons-lang3 to 3.17.0 #42740
Conversation
Thanks for taking an early stab at this. AFAICS, this will have to wait (also) for Liquibase 4.29.2 to land in Quarkus: liquibase/liquibase#6179 Furthermore, there is still the potential issue of other libs not using the new singleton instances / factory methods yet. |
Yeah, so just to be clear: this won't be for either 3.14 or 3.15. But we can merge in |
At least in 3.17, using |
@manofthepeace so they also restored all the old >= 3.14.0 methods to not use the "strong" approach? |
8fc52d1
to
8b0d72f
Compare
8b0d72f
to
d37edb6
Compare
I think we can get this in |
Status for workflow
|
Draft until 3.17.0 actually exists.
Fixes: #42686
Looks like the dust settled on this and 3.17 will be OK
When compared to 3.14, 3 new singleton instances are available;
Random*Utils.secure()
that usesSecureRandom()
Random*Utils.secureStrong()
that usesSecureRandom.getInstanceStrong()
Random*Utils.insecure()
that usesThreadLocalRandom
as 3.14 was usingThis PR uses insecure() to have the same behaviour as 3.14.
I personally do not think it is worthwhile to get rid of RandomStringUtils because a mistake happened in the lib, these things happen.