Suggestion: Replace use of joda-time with plain java time handling? #61
Comments
|
Hi, thanks for the suggestion! Indeed, newly created apps may want to get rid of the 3rd party dependency but I still want to keep backward-compatibility for a while. With that being said, this project will remove (or move the joda-time support to an optional module) when I get the confidence that most developers are happy with it in the future. |
|
I forgot to mention this. This library already supports java.time.* classes by default. You still need to accept the unnecessary joda-time resolution but there is no blocker if you want to use java.time.* APIs instead. |
|
Thanks for a conscious and nice reply! Our code scan analysis gives a warning on the current version having a CVE, which lead me into suggesting replacing it: https://nvd.nist.gov/vuln/detail/CVE-2024-23080 |
It would be nice if this library could come without external dependencies, or at least as close as possible.
I believe that the use of Joda-time here could be replaced with plain Java time handling (using the Date and Time API introduced in Java 8).
The text was updated successfully, but these errors were encountered: