Update flexmark-all to latest 0.64.8

[mrdziuban]

This would eliminate a number of CVEs from the transitive org.apache.pdfbox:pdfbox dependency. It's currently v2.0.16, but by upgrading flexmark-all it would become v2.0.24, which has patched all of these vulnerabilities

• https://nvd.nist.gov/vuln/detail/CVE-2021-27807
• https://nvd.nist.gov/vuln/detail/CVE-2021-27906
• https://nvd.nist.gov/vuln/detail/CVE-2021-31811
• https://nvd.nist.gov/vuln/detail/CVE-2021-31812

[mrdziuban]

Ah I see now that this would mean dropping java 8, as flexmark 0.64.0 made java 11 the minimum required version. Not sure if mdoc is ready to do that yet, but I'll leave this open for now until someone says "no" 🙂

[tgodzik]

I think we might start dropping support for Java 8. If anyone needs it to work on Java 8 they can always use an older version of the library. If they care about bugfixes and CVE they should start working on JDK 11.

We mdoc in Metals, but I plan to migrate to use Java 17 by default.

Could you remove the CI jobs for JDK 8?

[mrdziuban]

Could you remove the CI jobs for JDK 8?

Absolutely, done!

[mrdziuban]

I also updated build.sbt to use 11 as the argument to -release and -target instead of 1.8

[mrdziuban]

@tgodzik it looks like dropping java 8 might also necessitate dropping scala 2.12...

-target is deprecated: Scala 2.12 cannot emit valid class files for targets newer than 8

What do you think about that?

[mrdziuban]

CI failure looks like an intermittent HTTP error

download error: Caught java.io.IOException (Server returned HTTP response code: 502 for URL: https://oss.sonatype.org/content/repositories/snapshots/org/scalameta/metals_2.13/0.11.10+1-4aa438b0-SNAPSHOT/metals_2.13-0.11.10+1-4aa438b0-SNAPSHOT.pom) while downloading https://oss.sonatype.org/content/repositories/snapshots/org/scalameta/metals_2.13/0.11.10+1-4aa438b0-SNAPSHOT/metals_2.13-0.11.10+1-4aa438b0-SNAPSHOT.pom