Update sbt-mima-plugin to 0.9.1

[scala-steward]

Updates com.typesafe:sbt-mima-plugin from 0.8.1 to 0.9.1.
GitHub Release Notes - Version Diff

I'll automatically update this PR to resolve conflicts as long as you don't change it yourself.

If you'd like to skip this version, you can just close this PR. If you have any feedback, just mention me in the comments below.

Configure Scala Steward for your repository with a .scala-steward.conf file.

Have a fantastic day writing Scala!

Ignore future updates

Add this to your .scala-steward.conf file to ignore future updates of this dependency:

updates.ignore = [ { groupId = "com.typesafe", artifactId = "sbt-mima-plugin" } ]

labels: sbt-plugin-update, semver-minor

[raboof]

Failure is java.security.NoSuchAlgorithmException: unrecognized algorithm name: PBEWithSHA1AndDESede (AlgorithmId.java:448), seems like a JDK version thing.

[mkurz]

Looks like this error occured because the build job was using latest openjdk (https://travis-ci.com/github/lightbend/ssl-config/jobs/505187762#L255): openjdk version "1.8.0_292"
The latest (=current) master branch build that ran 2 month ago was using openjdk version "1.8.0_275" (https://travis-ci.com/github/lightbend/ssl-config/jobs/505187762#L255) and was successful.
Looking at the Java changelog it seems there was a change regarding algorithms:
https://www.oracle.com/java/technologies/javase/8u291-relnotes.html#JDK-8202343

TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3).
These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the jdk.tls.disabledAlgorithms security property in the java.security configuration file.

@wsargent ?

[wsargent]

That's an OpenJDK bug in the provider -- I've seen it before in earlier 1.8 version. Does it happen reliably?

[mkurz]

It occured with all three pull requests opened within the last week:

• https://travis-ci.com/github/lightbend/ssl-config/builds/225907697
• https://travis-ci.com/github/lightbend/ssl-config/builds/225849075
• https://travis-ci.com/github/lightbend/ssl-config/builds/226117513

[wsargent]

I think it might be time to retire ssl-config, at least the parameter / algorithm bits

[wsargent]

the underlying issues are long since fixed as per the errors...

[mkurz]

I think it might be time to retire ssl-config

Actually, I am working on Java 17 support for Play. After fixing a couple of small things, the only thing which is not working out of the box now is that we need to add --add-exports=java.base/sun.security.x509=ALL-UNNAMED because of errors like

[info] [error]  java.lang.IllegalAccessError: class com.typesafe.sslconfig.ssl.FakeKeyStore$ (in unnamed module @0x3e6d8c1c) cannot access class sun.security.x509.X509CertInfo (in module java.base) because module java.base does not export sun.security.x509 to unnamed module @0x3e6d8c1c (FakeKeyStore.scala:89)

It seems there is no replacement planned for sun.security.x509.X509CertInfo:

• https://openjdk.java.net/projects/jigsaw/talks/prepare-for-jdk9-j1-2016.pdf (page 14)
• https://bugs.openjdk.java.net/browse/JDK-8058778
• https://bugs.openjdk.java.net/browse/JDK-8062515

@wsargent Since you know much more about that topic than I do - how would you fix that so we don't need to add that --add-exports flags when building/running Play with Java 17?
If we would retire ssl-config, how would you replace its functionality in Play?

[wsargent]

The bit of ssl-config that's important is the HOCON -> trustmanager / keymanager / sslcontext bit. The algorithms bit we should be able to drop. I'll submit a PR.

[mkurz]

I'll submit a PR.

Great, thanks!

[wsargent]

#302

[wsargent]

Was right the first time, it is a race condition bcgit/bc-java#941 (comment)

[wsargent]

https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8266261

Might be a mitigation with

systemProperty "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithHmacSHA256AndAES_256"`

[scala-steward]

Superseded by #303.