Not bumping commons-io from 2.6 to 2.7

commons-io 2.7 would require java8. The risk for https://github.com/advisories/GHSA-gwrp-pvrq-jmwv (CVE-2021-29425) is tolerable here. FilenameUtils.normalize is only used in tests or while generating the ruledoc in module pmd-doc.
2021-04-29 10:14:49 +02:00 · 2021-04-29 10:14:49 +02:00 · 4250130e94
commit 4250130e94
parent f62f97f832
1 changed files with 1 additions and 1 deletions
--- a/pom.xml
+++ b/pom.xml
@ -701,7 +701,7 @@
            <dependency>
                <groupId>commons-io</groupId>
                <artifactId>commons-io</artifactId>
-                <version>2.6</version>
+                <version>2.6</version> <!-- note: this is the last version compatible with java7 -->
            </dependency>
            <dependency>
                <groupId>org.apache.commons</groupId>