CHANGE @W-18308576@ Updated dependencies #296
Conversation
jfeingold35
requested review from
stephen-carter-at-sf and
randi274
and removed request for
stephen-carter-at-sf
| "ErrorProne", | ||
| "Apex" | ||
| ], | ||
| "description": "This rule finds Apex classes, enums, and interfaces that have the same name as a class, enum, or interface in the `System` or `Schema` namespace. Shadowing these namespaces in this way can lead to confusion and unexpected behavior. Code that intends to reference a `System` or `Schema` class, enum, or interface may inadvertently reference the locally defined type instead. This can... Learn more: https://docs.pmd-code.org/pmd-doc-7.13.0/pmd_rules_apex_errorprone.html#typeshadowsbuiltinnamespace", |
There was a problem hiding this comment.
In the learn more... you should update 7.13.0 with {{PMD_VERSION}} as well.
There was a problem hiding this comment.
Good catch; copy-pasted that one.
| @@ -35,6 +35,7 @@ dependencies { | |||
| } | |||
| implementation(libs.reflections) | |||
| implementation(libs.asm) | |||
| implementation(libs.netty.all) | |||
There was a problem hiding this comment.
What's this for?
There was a problem hiding this comment.
We got flagged for our dependency on an insecure version of netty-handler, which is part of netty-all, so I updated the transitive dependency on netty-all to keep the related modules in lockstep instead of just updating netty-handler.
There was a problem hiding this comment.
To not make it look like a direct dependency, should you instead just use a constraints section? If that doesn't make sense - then at least just put in a comment saying that this dependency is to lock in an indirect dependency to a later version because the other one is vulnerable or something.
There was a problem hiding this comment.
That might be groovy syntax Kotlin syntax might be:
There was a problem hiding this comment.
Fair enough. Stand by for that.
No description provided.