REAndroid
upgrade gradle to 8.10.2; fix deprecation warnings and errors
I was trying to package APKEditor on nixpkgs, but it just happens to have deleted the Gradle 6 package yesterday (NixOS/nixpkgs#352490). The reason is that Gradle 6 has not been updated since Feb 2023, and there are several severe vulnerabilities:
- CVE-2021-29429, affecting confidentiality
- CVE-2021-29427, affecting confidentiality and can lead to dependency poisoning
- CVE-2021-29428, a privilege escalation involving the temp dir
- CVE-2021-32751, arbitrary code execution
Therefore, I think it is a good thing to make the upstream use an newer version of Gradle. This pull request fixes everything that I can think of to make it work with Gradle 8. Currently, ./gradlew fatJar and ./gradlew test run successfully (with openjdk 17.0.7).
Thank you for contributing.
- We need java 8 for android os and old linux distros, there are only few cases that are pushing us to consider 11 but I am not seeing any reason to jump to 17.
- Gradle is hand twisting and nagging to update for its devious aims. We can build everything with native
javaccommand and drop gradle completely.
OK. I can change to Java 11. There is a deprecation warning if I use Java 8, but it builds fine, so I can change it back to Java 8 if you don't mind the warning.
I think dropping Gradle is good, but it can come in handy when managing dependencies (though it seems that you are not using Gradle to manage dependency anyway).
Either way, we should stop using Gradle 6 due to the security reasons.
Reason for Java 17:
Executing Gradle on JVM versions 16 and lower has been deprecated. This will fail with an error in Gradle 9.0. Use JVM 17 or greater to execute Gradle. Projects can continue to use older JVM versions via toolchains. Consult the upgrading guide for further information: https://docs.gradle.org/8.10.2/userguide/upgrading_version_8.html#minimum_daemon_jvm_version