[jira] [Commented] (MNG-7353) Add support for "mvn pluginPrefix:version:goal"
[
https://issues.apache.org/jira/browse/MNG-7353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17582775#comment-17582775
]
Hudson commented on MNG-7353:
-
Build succeeded in Jenkins: Maven » Maven TLP » maven » master #78
See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/master/78/
> Add support for "mvn pluginPrefix:version:goal"
> ---
>
> Key: MNG-7353
> URL: https://issues.apache.org/jira/browse/MNG-7353
> Project: Maven
> Issue Type: New Feature
> Components: Command Line
>Affects Versions: 3.8.4
>Reporter: Herve Boutemy
>Assignee: Herve Boutemy
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
> currently, we can run a simplified 2 parts form {noformat}mvn
> wrapper:wrapper{noformat}
> but if we want to specify a version, we need to switch to full 4 prts form:
> {noformat}mvn
> org.apache.maven.plugins:maven-wrapper-plugin:3.1.0-SNAPSHOT:wrapper{noformat}
> it would be nice to be able to write 3 parts simplified {noformat}mvn
> wrapper:3.1.0-SNAPSHOT:wrapper{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-release] kwin commented on pull request #145: Simplify PerformReleaseMojo
kwin commented on PR #145: URL: https://github.com/apache/maven-release/pull/145#issuecomment-1221943545 I agree with @nielsbasjes that a lot more parameters are now exposed for goal `perform` which are not useful. Maybe the AbstractScmReleaseMojo would need a split up between `AbstractScmReadReleaseMojo` and `AbstractScmWriteReleaseMojo` (inheriting from the former). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-release] kwin commented on a diff in pull request #145: Simplify PerformReleaseMojo
kwin commented on code in PR #145:
URL: https://github.com/apache/maven-release/pull/145#discussion_r951087985
##
maven-release-plugin/src/main/java/org/apache/maven/plugins/release/PerformReleaseMojo.java:
##
@@ -179,16 +139,6 @@ public void execute()
releaseDescriptor.setScmSourceUrl( connectionUrl );
}
-if ( username != null )
-{
-releaseDescriptor.setScmUsername( username );
-}
-
-if ( password != null )
-{
-releaseDescriptor.setScmPassword( password );
-}
-
Review Comment:
This is IMHO already part of
`AbstractScmReleaseMojo.createReleaseDescriptor()`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (MJAVADOC-726) Maven Java Doc Plug-in v3.4.0 downloads Log4j-1.2.12 dependency transitively
[ https://issues.apache.org/jira/browse/MJAVADOC-726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17582790#comment-17582790 ] Michael Osipov commented on MJAVADOC-726: - No, that is not sufficient. I expect a minimal project which completely reproduces the problem. > Maven Java Doc Plug-in v3.4.0 downloads Log4j-1.2.12 dependency transitively > > > Key: MJAVADOC-726 > URL: https://issues.apache.org/jira/browse/MJAVADOC-726 > Project: Maven Javadoc Plugin > Issue Type: Bug > Components: jar, javadoc >Affects Versions: 3.4.0 > Environment: Windows 10 >Reporter: Yogesh Desai >Priority: Major > Labels: Vulnerability, vulnerability > Attachments: log4j-1.2.12.png > > > I have observed that Maven Javadoc Plug-in v3.4.0 downloads Log4j-1.2.12 > dependency transitively in local maven repository i.e. .m2 folder upon > running maven update in eclipse IDE or from command line. Since Log4j-1.X is > strictly prohibited for use in many organisations, we had no other option > that not using the plugin. Please plan to fix this issue and get rid of the > log4j-1.X dependency. > *Steps to Reproduce-* > 1. Add maven javadoc plugin v3.4.0 in your project POM file > > org.apache.maven.plugins > maven-javadoc-plugin > 3.4.0 > > UTF-8 > -Xdoclint:none > > > > attach-javadocs > > jar > > > > > 2. Observe your local maven repository ie. .m2 folder and see if there are > any log4j-1.2.12 artifacts are present in log4j folder of it. If artifacts > are present already, delete them for now. > 3. Run maven update command for your project (additionally run maven install > command as needed) > 4. Observe your local maven repository ie. .m2 folder and see if there are > any log4j-1.2.12 artifacts are generated with latest timestamp inside log4j > folder. > Attached is the screenshot showing, maven javadoc plugin v3.4.0 used in > POM.xml and log4j-1.2.12 dependency getting downloaded in local maven > repository i.e. .m2 folder. > Let me know if any other information is required. Thanks! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-parent] michael-o merged pull request #75: Konrad added as committer
michael-o merged PR #75: URL: https://github.com/apache/maven-parent/pull/75 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-parent] michael-o commented on pull request #75: Konrad added as committer
michael-o commented on PR #75: URL: https://github.com/apache/maven-parent/pull/75#issuecomment-1221995880 Well deserved -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MJAVADOC-726) Maven Java Doc Plug-in v3.4.0 downloads Log4j-1.2.12 dependency transitively
[ https://issues.apache.org/jira/browse/MJAVADOC-726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17582794#comment-17582794 ] Yogesh Desai commented on MJAVADOC-726: --- Okay [~michael-o] ! Please allow me some time and I'll create a project to showcase you the problem. In the meantime, please can you reopen the ticket for the sake of tracking progress? > Maven Java Doc Plug-in v3.4.0 downloads Log4j-1.2.12 dependency transitively > > > Key: MJAVADOC-726 > URL: https://issues.apache.org/jira/browse/MJAVADOC-726 > Project: Maven Javadoc Plugin > Issue Type: Bug > Components: jar, javadoc >Affects Versions: 3.4.0 > Environment: Windows 10 >Reporter: Yogesh Desai >Priority: Major > Labels: Vulnerability, vulnerability > Attachments: log4j-1.2.12.png > > > I have observed that Maven Javadoc Plug-in v3.4.0 downloads Log4j-1.2.12 > dependency transitively in local maven repository i.e. .m2 folder upon > running maven update in eclipse IDE or from command line. Since Log4j-1.X is > strictly prohibited for use in many organisations, we had no other option > that not using the plugin. Please plan to fix this issue and get rid of the > log4j-1.X dependency. > *Steps to Reproduce-* > 1. Add maven javadoc plugin v3.4.0 in your project POM file > > org.apache.maven.plugins > maven-javadoc-plugin > 3.4.0 > > UTF-8 > -Xdoclint:none > > > > attach-javadocs > > jar > > > > > 2. Observe your local maven repository ie. .m2 folder and see if there are > any log4j-1.2.12 artifacts are present in log4j folder of it. If artifacts > are present already, delete them for now. > 3. Run maven update command for your project (additionally run maven install > command as needed) > 4. Observe your local maven repository ie. .m2 folder and see if there are > any log4j-1.2.12 artifacts are generated with latest timestamp inside log4j > folder. > Attached is the screenshot showing, maven javadoc plugin v3.4.0 used in > POM.xml and log4j-1.2.12 dependency getting downloaded in local maven > repository i.e. .m2 folder. > Let me know if any other information is required. Thanks! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (MJAVADOC-726) Maven Java Doc Plug-in v3.4.0 downloads Log4j-1.2.12 dependency transitively
[ https://issues.apache.org/jira/browse/MJAVADOC-726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17582794#comment-17582794 ] Yogesh Desai edited comment on MJAVADOC-726 at 8/22/22 8:07 AM: Okay [~michael-o] ! If you follow the steps to reproduce (given in description of this ticket) the issue, you should be able to see the issue. In the meantime, please can you reopen the ticket for the sake of tracking progress? was (Author: JIRAUSER294182): Okay [~michael-o] ! Please allow me some time and I'll create a project to showcase you the problem. In the meantime, please can you reopen the ticket for the sake of tracking progress? > Maven Java Doc Plug-in v3.4.0 downloads Log4j-1.2.12 dependency transitively > > > Key: MJAVADOC-726 > URL: https://issues.apache.org/jira/browse/MJAVADOC-726 > Project: Maven Javadoc Plugin > Issue Type: Bug > Components: jar, javadoc >Affects Versions: 3.4.0 > Environment: Windows 10 >Reporter: Yogesh Desai >Priority: Major > Labels: Vulnerability, vulnerability > Attachments: log4j-1.2.12.png > > > I have observed that Maven Javadoc Plug-in v3.4.0 downloads Log4j-1.2.12 > dependency transitively in local maven repository i.e. .m2 folder upon > running maven update in eclipse IDE or from command line. Since Log4j-1.X is > strictly prohibited for use in many organisations, we had no other option > that not using the plugin. Please plan to fix this issue and get rid of the > log4j-1.X dependency. > *Steps to Reproduce-* > 1. Add maven javadoc plugin v3.4.0 in your project POM file > > org.apache.maven.plugins > maven-javadoc-plugin > 3.4.0 > > UTF-8 > -Xdoclint:none > > > > attach-javadocs > > jar > > > > > 2. Observe your local maven repository ie. .m2 folder and see if there are > any log4j-1.2.12 artifacts are present in log4j folder of it. If artifacts > are present already, delete them for now. > 3. Run maven update command for your project (additionally run maven install > command as needed) > 4. Observe your local maven repository ie. .m2 folder and see if there are > any log4j-1.2.12 artifacts are generated with latest timestamp inside log4j > folder. > Attached is the screenshot showing, maven javadoc plugin v3.4.0 used in > POM.xml and log4j-1.2.12 dependency getting downloaded in local maven > repository i.e. .m2 folder. > Let me know if any other information is required. Thanks! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Reopened] (MJAVADOC-726) Maven Java Doc Plug-in v3.4.0 downloads Log4j-1.2.12 dependency transitively
[ https://issues.apache.org/jira/browse/MJAVADOC-726?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov reopened MJAVADOC-726: - Reopening as per request. > Maven Java Doc Plug-in v3.4.0 downloads Log4j-1.2.12 dependency transitively > > > Key: MJAVADOC-726 > URL: https://issues.apache.org/jira/browse/MJAVADOC-726 > Project: Maven Javadoc Plugin > Issue Type: Bug > Components: jar, javadoc >Affects Versions: 3.4.0 > Environment: Windows 10 >Reporter: Yogesh Desai >Priority: Major > Labels: Vulnerability, vulnerability > Attachments: log4j-1.2.12.png > > > I have observed that Maven Javadoc Plug-in v3.4.0 downloads Log4j-1.2.12 > dependency transitively in local maven repository i.e. .m2 folder upon > running maven update in eclipse IDE or from command line. Since Log4j-1.X is > strictly prohibited for use in many organisations, we had no other option > that not using the plugin. Please plan to fix this issue and get rid of the > log4j-1.X dependency. > *Steps to Reproduce-* > 1. Add maven javadoc plugin v3.4.0 in your project POM file > > org.apache.maven.plugins > maven-javadoc-plugin > 3.4.0 > > UTF-8 > -Xdoclint:none > > > > attach-javadocs > > jar > > > > > 2. Observe your local maven repository ie. .m2 folder and see if there are > any log4j-1.2.12 artifacts are present in log4j folder of it. If artifacts > are present already, delete them for now. > 3. Run maven update command for your project (additionally run maven install > command as needed) > 4. Observe your local maven repository ie. .m2 folder and see if there are > any log4j-1.2.12 artifacts are generated with latest timestamp inside log4j > folder. > Attached is the screenshot showing, maven javadoc plugin v3.4.0 used in > POM.xml and log4j-1.2.12 dependency getting downloaded in local maven > repository i.e. .m2 folder. > Let me know if any other information is required. Thanks! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MJAVADOC-726) Maven Java Doc Plug-in v3.4.0 downloads Log4j-1.2.12 dependency transitively
[ https://issues.apache.org/jira/browse/MJAVADOC-726?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov updated MJAVADOC-726: Fix Version/s: waiting-for-feedback > Maven Java Doc Plug-in v3.4.0 downloads Log4j-1.2.12 dependency transitively > > > Key: MJAVADOC-726 > URL: https://issues.apache.org/jira/browse/MJAVADOC-726 > Project: Maven Javadoc Plugin > Issue Type: Bug > Components: jar, javadoc >Affects Versions: 3.4.0 > Environment: Windows 10 >Reporter: Yogesh Desai >Priority: Major > Labels: Vulnerability, vulnerability > Fix For: waiting-for-feedback > > Attachments: log4j-1.2.12.png > > > I have observed that Maven Javadoc Plug-in v3.4.0 downloads Log4j-1.2.12 > dependency transitively in local maven repository i.e. .m2 folder upon > running maven update in eclipse IDE or from command line. Since Log4j-1.X is > strictly prohibited for use in many organisations, we had no other option > that not using the plugin. Please plan to fix this issue and get rid of the > log4j-1.X dependency. > *Steps to Reproduce-* > 1. Add maven javadoc plugin v3.4.0 in your project POM file > > org.apache.maven.plugins > maven-javadoc-plugin > 3.4.0 > > UTF-8 > -Xdoclint:none > > > > attach-javadocs > > jar > > > > > 2. Observe your local maven repository ie. .m2 folder and see if there are > any log4j-1.2.12 artifacts are present in log4j folder of it. If artifacts > are present already, delete them for now. > 3. Run maven update command for your project (additionally run maven install > command as needed) > 4. Observe your local maven repository ie. .m2 folder and see if there are > any log4j-1.2.12 artifacts are generated with latest timestamp inside log4j > folder. > Attached is the screenshot showing, maven javadoc plugin v3.4.0 used in > POM.xml and log4j-1.2.12 dependency getting downloaded in local maven > repository i.e. .m2 folder. > Let me know if any other information is required. Thanks! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (MJAVADOC-726) Maven Java Doc Plug-in v3.4.0 downloads Log4j-1.2.12 dependency transitively
[ https://issues.apache.org/jira/browse/MJAVADOC-726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17582812#comment-17582812 ] Michael Osipov edited comment on MJAVADOC-726 at 8/22/22 8:45 AM: -- Reopening as per request. I will not follow any steps unless you provide a sample project. Everything else will always be incomplete. was (Author: michael-o): Reopening as per request. > Maven Java Doc Plug-in v3.4.0 downloads Log4j-1.2.12 dependency transitively > > > Key: MJAVADOC-726 > URL: https://issues.apache.org/jira/browse/MJAVADOC-726 > Project: Maven Javadoc Plugin > Issue Type: Bug > Components: jar, javadoc >Affects Versions: 3.4.0 > Environment: Windows 10 >Reporter: Yogesh Desai >Priority: Major > Labels: Vulnerability, vulnerability > Fix For: waiting-for-feedback > > Attachments: log4j-1.2.12.png > > > I have observed that Maven Javadoc Plug-in v3.4.0 downloads Log4j-1.2.12 > dependency transitively in local maven repository i.e. .m2 folder upon > running maven update in eclipse IDE or from command line. Since Log4j-1.X is > strictly prohibited for use in many organisations, we had no other option > that not using the plugin. Please plan to fix this issue and get rid of the > log4j-1.X dependency. > *Steps to Reproduce-* > 1. Add maven javadoc plugin v3.4.0 in your project POM file > > org.apache.maven.plugins > maven-javadoc-plugin > 3.4.0 > > UTF-8 > -Xdoclint:none > > > > attach-javadocs > > jar > > > > > 2. Observe your local maven repository ie. .m2 folder and see if there are > any log4j-1.2.12 artifacts are present in log4j folder of it. If artifacts > are present already, delete them for now. > 3. Run maven update command for your project (additionally run maven install > command as needed) > 4. Observe your local maven repository ie. .m2 folder and see if there are > any log4j-1.2.12 artifacts are generated with latest timestamp inside log4j > folder. > Attached is the screenshot showing, maven javadoc plugin v3.4.0 used in > POM.xml and log4j-1.2.12 dependency getting downloaded in local maven > repository i.e. .m2 folder. > Let me know if any other information is required. Thanks! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7353) Add support for "mvn pluginPrefix:version:goal"
[
https://issues.apache.org/jira/browse/MNG-7353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17582815#comment-17582815
]
Hudson commented on MNG-7353:
-
Build succeeded in Jenkins: Maven » Maven TLP » maven » maven-3.9.x #60
See
https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/maven-3.9.x/60/
> Add support for "mvn pluginPrefix:version:goal"
> ---
>
> Key: MNG-7353
> URL: https://issues.apache.org/jira/browse/MNG-7353
> Project: Maven
> Issue Type: New Feature
> Components: Command Line
>Affects Versions: 3.8.4
>Reporter: Herve Boutemy
>Assignee: Herve Boutemy
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
> currently, we can run a simplified 2 parts form {noformat}mvn
> wrapper:wrapper{noformat}
> but if we want to specify a version, we need to switch to full 4 prts form:
> {noformat}mvn
> org.apache.maven.plugins:maven-wrapper-plugin:3.1.0-SNAPSHOT:wrapper{noformat}
> it would be nice to be able to write 3 parts simplified {noformat}mvn
> wrapper:3.1.0-SNAPSHOT:wrapper{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-checkstyle-plugin] slawekjaranowski closed pull request #93: Bump aetherVersion from 1.0.0.v20140518 to 1.1.0
slawekjaranowski closed pull request #93: Bump aetherVersion from 1.0.0.v20140518 to 1.1.0 URL: https://github.com/apache/maven-checkstyle-plugin/pull/93 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-checkstyle-plugin] dependabot[bot] commented on pull request #93: Bump aetherVersion from 1.0.0.v20140518 to 1.1.0
dependabot[bot] commented on PR #93: URL: https://github.com/apache/maven-checkstyle-plugin/pull/93#issuecomment-1222101599 OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MJAVADOC-726) Maven Java Doc Plug-in v3.4.0 downloads Log4j-1.2.12 dependency transitively
[ https://issues.apache.org/jira/browse/MJAVADOC-726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17582909#comment-17582909 ] Yogesh Desai commented on MJAVADOC-726: --- Sure Thanks [~michael-o] ! I'll work towards creating the sample project. > Maven Java Doc Plug-in v3.4.0 downloads Log4j-1.2.12 dependency transitively > > > Key: MJAVADOC-726 > URL: https://issues.apache.org/jira/browse/MJAVADOC-726 > Project: Maven Javadoc Plugin > Issue Type: Bug > Components: jar, javadoc >Affects Versions: 3.4.0 > Environment: Windows 10 >Reporter: Yogesh Desai >Priority: Major > Labels: Vulnerability, vulnerability > Fix For: waiting-for-feedback > > Attachments: log4j-1.2.12.png > > > I have observed that Maven Javadoc Plug-in v3.4.0 downloads Log4j-1.2.12 > dependency transitively in local maven repository i.e. .m2 folder upon > running maven update in eclipse IDE or from command line. Since Log4j-1.X is > strictly prohibited for use in many organisations, we had no other option > that not using the plugin. Please plan to fix this issue and get rid of the > log4j-1.X dependency. > *Steps to Reproduce-* > 1. Add maven javadoc plugin v3.4.0 in your project POM file > > org.apache.maven.plugins > maven-javadoc-plugin > 3.4.0 > > UTF-8 > -Xdoclint:none > > > > attach-javadocs > > jar > > > > > 2. Observe your local maven repository ie. .m2 folder and see if there are > any log4j-1.2.12 artifacts are present in log4j folder of it. If artifacts > are present already, delete them for now. > 3. Run maven update command for your project (additionally run maven install > command as needed) > 4. Observe your local maven repository ie. .m2 folder and see if there are > any log4j-1.2.12 artifacts are generated with latest timestamp inside log4j > folder. > Attached is the screenshot showing, maven javadoc plugin v3.4.0 used in > POM.xml and log4j-1.2.12 dependency getting downloaded in local maven > repository i.e. .m2 folder. > Let me know if any other information is required. Thanks! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-enforcer] slawekjaranowski commented on a diff in pull request #179: [MENFORCER-423] Add rule to enforce an explicit dependency scope
slawekjaranowski commented on code in PR #179:
URL: https://github.com/apache/maven-enforcer/pull/179#discussion_r951309604
##
maven-enforcer-plugin/src/it/projects/require-dependency-scope/verify.groovy:
##
@@ -0,0 +1,22 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+File buildLog = new File(basedir, 'build.log')
+assert buildLog.text.contains('Found 1 missing dependency scope. Look at the
warnings emitted above for the details.')
+assert buildLog.text.contains('[WARNING] Dependency
org.apache.jackrabbit.vault:vault-cli:jar @ line 65, column 21 does not have an
explicit scope defined!')
+assert true
Review Comment:
`assert true` is as default - not needed
##
maven-enforcer-plugin/src/it/projects/require-dependency-scope/invoker.properties:
##
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.buildResult = failure
Review Comment:
missing new line 😄
##
enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/RequireExplicitDependencyScope.java:
##
@@ -0,0 +1,87 @@
+package org.apache.maven.plugins.enforcer;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.text.ChoiceFormat;
+import java.util.List;
+
+import org.apache.maven.enforcer.rule.api.EnforcerRule2;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleHelper;
+import org.apache.maven.model.Dependency;
+import org.apache.maven.project.MavenProject;
+import org.apache.maven.shared.utils.logging.MessageBuilder;
+import org.apache.maven.shared.utils.logging.MessageUtils;
+import
org.codehaus.plexus.component.configurator.expression.ExpressionEvaluationException;
+
+/**
+ * Checks that all dependencies have an explicitly declared scope in the
non-effective pom (i.e. without taking
+ * inheritance or dependency management into account).
+ */
+public class RequireExplicitDependencyScope
+extends AbstractNonCacheableEnforcerRule
+implements EnforcerRule2
+{
+
+@Override
+public void execute( EnforcerRuleHelper helper )
+throws EnforcerRuleException
+{
+try
+{
+int numMissingDependencyScopes = 0;
+MavenProject project = (MavenProject) helper.evaluate(
"${project}" );
+if ( project == null )
+{
+throw new ExpressionEvaluationException( "${project} is null"
);
+}
+List dependencies =
project.getOriginalModel().getDependencies(); // this is the non-effective
+
// model but the original o
[GitHub] [maven-pmd-plugin] dependabot[bot] opened a new pull request, #89: Bump slf4jVersion from 1.7.36 to 2.0.0
dependabot[bot] opened a new pull request, #89: URL: https://github.com/apache/maven-pmd-plugin/pull/89 Bumps `slf4jVersion` from 1.7.36 to 2.0.0. Updates `slf4j-api` from 1.7.36 to 2.0.0 Commits https://github.com/qos-ch/slf4j/commit/0614d467d7bca81724f45e228f4f871161222b51";>0614d46 prepare release 2.0.0 https://github.com/qos-ch/slf4j/commit/b1afcd01b1092f0dfda12b4502aa202124e24a8e";>b1afcd0 javadoc edits https://github.com/qos-ch/slf4j/commit/20cd3ad0abd25d1837f5b9354c6729cb4a978d69";>20cd3ad start work on 2.0.0-SNAPSHOT https://github.com/qos-ch/slf4j/commit/aeebb6199d412a3883af2d0c414a69fde26b5971";>aeebb61 prepare release 2.0.0-beta1 https://github.com/qos-ch/slf4j/commit/1068cd0eb9fb2460d368e3ba6112517ef3fedd2a";>1068cd0 javadoc changes https://github.com/qos-ch/slf4j/commit/4e4e56a2df730cdb6877449b6341279208f20a78";>4e4e56a add CheckReturnValue annotation in org.slf4j.helpers https://github.com/qos-ch/slf4j/commit/0dcfa19040fb2d7f45dfe00823d15bdff0434d6a";>0dcfa19 check for return value in some oggingEventBuilder methods https://github.com/qos-ch/slf4j/commit/e7ca8d17c8db1fc956019404153cc7b90b8f0c61";>e7ca8d1 start work on 2.0.0-beta1-SNAPSHOPT https://github.com/qos-ch/slf4j/commit/2314de9dd9f9abbef360f5c6240487c0ac7e5fc3";>2314de9 add setMessage and log method to the fluent API https://github.com/qos-ch/slf4j/commit/508a796552640c83d6d814374a9b50a424e88cfa";>508a796 set version to 2.0.0-beta0 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.0";>compare view Updates `jul-to-slf4j` from 1.7.36 to 2.0.0 Commits https://github.com/qos-ch/slf4j/commit/0614d467d7bca81724f45e228f4f871161222b51";>0614d46 prepare release 2.0.0 https://github.com/qos-ch/slf4j/commit/b1afcd01b1092f0dfda12b4502aa202124e24a8e";>b1afcd0 javadoc edits https://github.com/qos-ch/slf4j/commit/20cd3ad0abd25d1837f5b9354c6729cb4a978d69";>20cd3ad start work on 2.0.0-SNAPSHOT https://github.com/qos-ch/slf4j/commit/aeebb6199d412a3883af2d0c414a69fde26b5971";>aeebb61 prepare release 2.0.0-beta1 https://github.com/qos-ch/slf4j/commit/1068cd0eb9fb2460d368e3ba6112517ef3fedd2a";>1068cd0 javadoc changes https://github.com/qos-ch/slf4j/commit/4e4e56a2df730cdb6877449b6341279208f20a78";>4e4e56a add CheckReturnValue annotation in org.slf4j.helpers https://github.com/qos-ch/slf4j/commit/0dcfa19040fb2d7f45dfe00823d15bdff0434d6a";>0dcfa19 check for return value in some oggingEventBuilder methods https://github.com/qos-ch/slf4j/commit/e7ca8d17c8db1fc956019404153cc7b90b8f0c61";>e7ca8d1 start work on 2.0.0-beta1-SNAPSHOPT https://github.com/qos-ch/slf4j/commit/2314de9dd9f9abbef360f5c6240487c0ac7e5fc3";>2314de9 add setMessage and log method to the fluent API https://github.com/qos-ch/slf4j/commit/508a796552640c83d6d814374a9b50a424e88cfa";>508a796 set version to 2.0.0-beta0 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.0";>compare view Updates `slf4j-simple` from 1.7.36 to 2.0.0 Commits https://github.com/qos-ch/slf4j/commit/0614d467d7bca81724f45e228f4f871161222b51";>0614d46 prepare release 2.0.0 https://github.com/qos-ch/slf4j/commit/b1afcd01b1092f0dfda12b4502aa202124e24a8e";>b1afcd0 javadoc edits https://github.com/qos-ch/slf4j/commit/20cd3ad0abd25d1837f5b9354c6729cb4a978d69";>20cd3ad start work on 2.0.0-SNAPSHOT https://github.com/qos-ch/slf4j/commit/aeebb6199d412a3883af2d0c414a69fde26b5971";>aeebb61 prepare release 2.0.0-beta1 https://github.com/qos-ch/slf4j/commit/1068cd0eb9fb2460d368e3ba6112517ef3fedd2a";>1068cd0 javadoc changes https://github.com/qos-ch/slf4j/commit/4e4e56a2df730cdb6877449b6341279208f20a78";>4e4e56a add CheckReturnValue annotation in org.slf4j.helpers https://github.com/qos-ch/slf4j/commit/0dcfa19040fb2d7f45dfe00823d15bdff0434d6a";>0dcfa19 check for return value in some oggingEventBuilder methods https://github.com/qos-ch/slf4j/commit/e7ca8d17c8db1fc956019404153cc7b90b8f0c61";>e7ca8d1 start work on 2.0.0-beta1-SNAPSHOPT https://github.com/qos-ch/slf4j/commit/2314de9dd9f9abbef360f5c6240487c0ac7e5fc3";>2314de9 add setMessage and log method to the fluent API https://github.com/qos-ch/slf4j/commit/508a796552640c83d6d814374a9b50a424e88cfa";>508a796 set version to 2.0.0-beta0 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.0";>compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will r
[GitHub] [maven-checkstyle-plugin] slawekjaranowski closed pull request #94: Bump slf4j-simple from 1.7.36 to 2.0.0
slawekjaranowski closed pull request #94: Bump slf4j-simple from 1.7.36 to 2.0.0 URL: https://github.com/apache/maven-checkstyle-plugin/pull/94 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-checkstyle-plugin] dependabot[bot] commented on pull request #94: Bump slf4j-simple from 1.7.36 to 2.0.0
dependabot[bot] commented on PR #94: URL: https://github.com/apache/maven-checkstyle-plugin/pull/94#issuecomment-127506 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia] dependabot[bot] opened a new pull request, #117: Bump slf4jVersion from 1.7.36 to 2.0.0
dependabot[bot] opened a new pull request, #117: URL: https://github.com/apache/maven-doxia/pull/117 Bumps `slf4jVersion` from 1.7.36 to 2.0.0. Updates `slf4j-api` from 1.7.36 to 2.0.0 Commits https://github.com/qos-ch/slf4j/commit/0614d467d7bca81724f45e228f4f871161222b51";>0614d46 prepare release 2.0.0 https://github.com/qos-ch/slf4j/commit/b1afcd01b1092f0dfda12b4502aa202124e24a8e";>b1afcd0 javadoc edits https://github.com/qos-ch/slf4j/commit/20cd3ad0abd25d1837f5b9354c6729cb4a978d69";>20cd3ad start work on 2.0.0-SNAPSHOT https://github.com/qos-ch/slf4j/commit/aeebb6199d412a3883af2d0c414a69fde26b5971";>aeebb61 prepare release 2.0.0-beta1 https://github.com/qos-ch/slf4j/commit/1068cd0eb9fb2460d368e3ba6112517ef3fedd2a";>1068cd0 javadoc changes https://github.com/qos-ch/slf4j/commit/4e4e56a2df730cdb6877449b6341279208f20a78";>4e4e56a add CheckReturnValue annotation in org.slf4j.helpers https://github.com/qos-ch/slf4j/commit/0dcfa19040fb2d7f45dfe00823d15bdff0434d6a";>0dcfa19 check for return value in some oggingEventBuilder methods https://github.com/qos-ch/slf4j/commit/e7ca8d17c8db1fc956019404153cc7b90b8f0c61";>e7ca8d1 start work on 2.0.0-beta1-SNAPSHOPT https://github.com/qos-ch/slf4j/commit/2314de9dd9f9abbef360f5c6240487c0ac7e5fc3";>2314de9 add setMessage and log method to the fluent API https://github.com/qos-ch/slf4j/commit/508a796552640c83d6d814374a9b50a424e88cfa";>508a796 set version to 2.0.0-beta0 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.0";>compare view Updates `slf4j-simple` from 1.7.36 to 2.0.0 Commits https://github.com/qos-ch/slf4j/commit/0614d467d7bca81724f45e228f4f871161222b51";>0614d46 prepare release 2.0.0 https://github.com/qos-ch/slf4j/commit/b1afcd01b1092f0dfda12b4502aa202124e24a8e";>b1afcd0 javadoc edits https://github.com/qos-ch/slf4j/commit/20cd3ad0abd25d1837f5b9354c6729cb4a978d69";>20cd3ad start work on 2.0.0-SNAPSHOT https://github.com/qos-ch/slf4j/commit/aeebb6199d412a3883af2d0c414a69fde26b5971";>aeebb61 prepare release 2.0.0-beta1 https://github.com/qos-ch/slf4j/commit/1068cd0eb9fb2460d368e3ba6112517ef3fedd2a";>1068cd0 javadoc changes https://github.com/qos-ch/slf4j/commit/4e4e56a2df730cdb6877449b6341279208f20a78";>4e4e56a add CheckReturnValue annotation in org.slf4j.helpers https://github.com/qos-ch/slf4j/commit/0dcfa19040fb2d7f45dfe00823d15bdff0434d6a";>0dcfa19 check for return value in some oggingEventBuilder methods https://github.com/qos-ch/slf4j/commit/e7ca8d17c8db1fc956019404153cc7b90b8f0c61";>e7ca8d1 start work on 2.0.0-beta1-SNAPSHOPT https://github.com/qos-ch/slf4j/commit/2314de9dd9f9abbef360f5c6240487c0ac7e5fc3";>2314de9 add setMessage and log method to the fluent API https://github.com/qos-ch/slf4j/commit/508a796552640c83d6d814374a9b50a424e88cfa";>508a796 set version to 2.0.0-beta0 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.0";>compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia] michael-o commented on pull request #117: Bump slf4jVersion from 1.7.36 to 2.0.0
michael-o commented on PR #117: URL: https://github.com/apache/maven-doxia/pull/117#issuecomment-160667 What a joke. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia] michael-o closed pull request #117: Bump slf4jVersion from 1.7.36 to 2.0.0
michael-o closed pull request #117: Bump slf4jVersion from 1.7.36 to 2.0.0 URL: https://github.com/apache/maven-doxia/pull/117 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia] dependabot[bot] commented on pull request #117: Bump slf4jVersion from 1.7.36 to 2.0.0
dependabot[bot] commented on PR #117: URL: https://github.com/apache/maven-doxia/pull/117#issuecomment-160723 OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-artifact-transfer] dependabot[bot] opened a new pull request, #70: Bump maven-common-artifact-filters from 3.1.0 to 3.3.1
dependabot[bot] opened a new pull request, #70: URL: https://github.com/apache/maven-artifact-transfer/pull/70 Bumps [maven-common-artifact-filters](https://github.com/apache/maven-common-artifact-filters) from 3.1.0 to 3.3.1. Commits https://github.com/apache/maven-common-artifact-filters/commit/b244fd9e0e7e84ee0e2e3ba3402f5ba654b5becd";>b244fd9 [maven-release-plugin] prepare release maven-common-artifact-filters-3.3.1 https://github.com/apache/maven-common-artifact-filters/commit/611baf61bc8ff8a26bf4af48dcf8ecb53e5c74dc";>611baf6 [MSHARED-1104] Four element pattern may be GATV or GATC (https://github-redirect.dependabot.com/apache/maven-common-artifact-filters/issues/29";>#29) https://github.com/apache/maven-common-artifact-filters/commit/0985a227dcc4de82759797b40b939c4ebb5f6ff5";>0985a22 Fix jenkins url https://github.com/apache/maven-common-artifact-filters/commit/94088c760d6e9b80cf166a5028b2a87b5af43cfa";>94088c7 [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven-common-artifact-filters/commit/ae01a994907a39e7391e2f431bca3c5314890bdd";>ae01a99 [maven-release-plugin] prepare release maven-common-artifact-filters-3.3.0 https://github.com/apache/maven-common-artifact-filters/commit/0c6674fae7cf110c4a12d0f0f80e93d61f0be391";>0c6674f [MSHARED-1077] Bugfix for classifier in pattern (https://github-redirect.dependabot.com/apache/maven-common-artifact-filters/issues/26";>#26) https://github.com/apache/maven-common-artifact-filters/commit/72981e4288c4c314e7d78061bd6220141ef1d9ba";>72981e4 [MSHARED-1078] Update parent POM and drop maven-shared-utils (https://github-redirect.dependabot.com/apache/maven-common-artifact-filters/issues/27";>#27) https://github.com/apache/maven-common-artifact-filters/commit/6ba230d1de6b05b4827db9bdcb4113f5d6832277";>6ba230d Shared GitHub actions v2 https://github.com/apache/maven-common-artifact-filters/commit/26796743072eaba1e7e928f3b158cb8b1bbdb000";>2679674 [MSHARED-1017] null passed to DependencyFilter in EclipseAetherFilterTransfor... https://github.com/apache/maven-common-artifact-filters/commit/6236b1b42647b674a5e97f44b35fc2964c132262";>6236b1b (doc) use shared worflow for gha Additional commits viewable in https://github.com/apache/maven-common-artifact-filters/compare/maven-common-artifact-filters-3.1.0...maven-common-artifact-filters-3.3.1";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-artifact-transfer] dependabot[bot] opened a new pull request, #71: Bump slf4j-simple from 1.7.32 to 2.0.0
dependabot[bot] opened a new pull request, #71: URL: https://github.com/apache/maven-artifact-transfer/pull/71 Bumps [slf4j-simple](https://github.com/qos-ch/slf4j) from 1.7.32 to 2.0.0. Commits https://github.com/qos-ch/slf4j/commit/0614d467d7bca81724f45e228f4f871161222b51";>0614d46 prepare release 2.0.0 https://github.com/qos-ch/slf4j/commit/b1afcd01b1092f0dfda12b4502aa202124e24a8e";>b1afcd0 javadoc edits https://github.com/qos-ch/slf4j/commit/20cd3ad0abd25d1837f5b9354c6729cb4a978d69";>20cd3ad start work on 2.0.0-SNAPSHOT https://github.com/qos-ch/slf4j/commit/aeebb6199d412a3883af2d0c414a69fde26b5971";>aeebb61 prepare release 2.0.0-beta1 https://github.com/qos-ch/slf4j/commit/1068cd0eb9fb2460d368e3ba6112517ef3fedd2a";>1068cd0 javadoc changes https://github.com/qos-ch/slf4j/commit/4e4e56a2df730cdb6877449b6341279208f20a78";>4e4e56a add CheckReturnValue annotation in org.slf4j.helpers https://github.com/qos-ch/slf4j/commit/0dcfa19040fb2d7f45dfe00823d15bdff0434d6a";>0dcfa19 check for return value in some oggingEventBuilder methods https://github.com/qos-ch/slf4j/commit/e7ca8d17c8db1fc956019404153cc7b90b8f0c61";>e7ca8d1 start work on 2.0.0-beta1-SNAPSHOPT https://github.com/qos-ch/slf4j/commit/2314de9dd9f9abbef360f5c6240487c0ac7e5fc3";>2314de9 add setMessage and log method to the fluent API https://github.com/qos-ch/slf4j/commit/508a796552640c83d6d814374a9b50a424e88cfa";>508a796 set version to 2.0.0-beta0 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.32...v_2.0.0";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-artifact-transfer] dependabot[bot] opened a new pull request, #72: Bump apiMaven.version from 3.0 to 3.8.6
dependabot[bot] opened a new pull request, #72: URL: https://github.com/apache/maven-artifact-transfer/pull/72 Bumps `apiMaven.version` from 3.0 to 3.8.6. Updates `maven-core` from 3.0 to 3.8.6 Release notes Sourced from https://github.com/apache/maven/releases";>maven-core's releases. 3.8.6 What's Changed [MNG-7441] 3.8.x Update version of logback by https://github.com/cstamas";>@cstamas in https://github-redirect.dependabot.com/apache/maven/pull/708";>apache/maven#708 [MNG-7432] Resolver session contains non-MavenWorkspaceReader by https://github.com/laeubi";>@laeubi in https://github-redirect.dependabot.com/apache/maven/pull/695";>apache/maven#695 [MNG-7459] Revert "[3.8.x][MNG-7347] SessionScoped beans should be singletons for a given session" by https://github.com/gnodet";>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/715";>apache/maven#715 [3.8.x] [MNG-7476] Display a warning when an aggregator mojo locks other mojos executions by https://github.com/gnodet";>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/736";>apache/maven#736 Full Changelog: https://github.com/apache/maven/compare/maven-3.8.5...maven-3.8.6";>https://github.com/apache/maven/compare/maven-3.8.5...maven-3.8.6 3.8.5 What's Changed [3.8.x][MNG-7156][MNG-7285] Add locking in MojoExecutor by https://github.com/gnodet";>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/628";>apache/maven#628 [MNG-6326] Make the build fail if core extensions can not be loaded by https://github.com/gnodet";>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/648";>apache/maven#648 [3.8.x][MNG-7347] SessionScoped beans should be singletons for a given session by https://github.com/gnodet";>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/653";>apache/maven#653 [3.8.x][MNG-7386] Make sure the ModelMerger$MergingList can be serialized by https://github.com/gnodet";>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/656";>apache/maven#656 [3.8.x][MNG-7349] Limit relocation warning message to direct dependencies only by https://github.com/gnodet";>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/657";>apache/maven#657 [3.8.x][MNG-6727] Changed expression check to project.version and project.parent.version by https://github.com/gnodet";>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/670";>apache/maven#670 [3.8.x][MNG-7395] - Support system-properties in extension.xml by https://github.com/laeubi";>@laeubi in https://github-redirect.dependabot.com/apache/maven/pull/673";>apache/maven#673 New Contributors https://github.com/laeubi";>@laeubi made their first contribution in https://github-redirect.dependabot.com/apache/maven/pull/673";>apache/maven#673 Full Changelog: https://github.com/apache/maven/compare/maven-3.8.4...maven-3.8.5";>https://github.com/apache/maven/compare/maven-3.8.4...maven-3.8.5 3.8.4 What's Changed [MNG-6302] logging the module count by https://github.com/rmannibucau";>@rmannibucau in https://github-redirect.dependabot.com/apache/maven/pull/136";>apache/maven#136 [MNG-6424] - Upgrade plexus-interpolation to 1.25 by https://github.com/shemic87";>@shemic87 in https://github-redirect.dependabot.com/apache/maven/pull/172";>apache/maven#172 Update Jenkins build to use Maven 3.5.4 by https://github.com/slachiewicz";>@slachiewicz in https://github-redirect.dependabot.com/apache/maven/pull/179";>apache/maven#179 [MNG-6473] Update Mockito to 2.21.0 by https://github.com/slachiewicz";>@slachiewicz in https://github-redirect.dependabot.com/apache/maven/pull/181";>apache/maven#181 MNG-6414 Add more Apache license headers to skip downloading license … by https://github.com/slachiewicz";>@slachiewicz in https://github-redirect.dependabot.com/apache/maven/pull/167";>apache/maven#167 [MNG-6479] Upgrade XMLUnit to 2.2.1 by https://github.com/slachiewicz";>@slachiewicz in https://github-redirect.dependabot.com/apache/maven/pull/183";>apache/maven#183 Fixed typo in exception logging by https://github.com/slachiewicz";>@slachiewicz in https://github-redirect.dependabot.com/apache/maven/pull/170";>apache/maven#170 [MNG-6490] Maven fails reporting circular dependency when the depende… by https://github.com/slachiewicz";>@slachiewicz in https://github-redirect.dependabot.com/apache/maven/pull/188";>apache/maven#188 [MNG-6261] - using java File api to compare by https://github.com/fabcipriano";>@fabcipriano in https://github-redirect.dependabot.com/apache/maven/pull/192";>apache/maven#192 MNG-6529 - ProjectBuild.build(projectsList, ...) ignores request.isResolveDependencies() by https://github.com/mickaelistria";>@mickaelistria in https://github-redirect.dependabot.com/apache/maven/pull/193";>apache/maven#193 [MNG-6559] Fix mailing list UR
[GitHub] [maven-artifact-transfer] michael-o commented on pull request #71: Bump slf4j-simple from 1.7.32 to 2.0.0
michael-o commented on PR #71: URL: https://github.com/apache/maven-artifact-transfer/pull/71#issuecomment-179920 What a joke. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-artifact-transfer] michael-o closed pull request #71: Bump slf4j-simple from 1.7.32 to 2.0.0
michael-o closed pull request #71: Bump slf4j-simple from 1.7.32 to 2.0.0 URL: https://github.com/apache/maven-artifact-transfer/pull/71 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-artifact-transfer] dependabot[bot] commented on pull request #71: Bump slf4j-simple from 1.7.32 to 2.0.0
dependabot[bot] commented on PR #71: URL: https://github.com/apache/maven-artifact-transfer/pull/71#issuecomment-179962 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-jxr] dependabot[bot] opened a new pull request, #73: Bump slf4j-api from 1.7.36 to 2.0.0
dependabot[bot] opened a new pull request, #73: URL: https://github.com/apache/maven-jxr/pull/73 Bumps [slf4j-api](https://github.com/qos-ch/slf4j) from 1.7.36 to 2.0.0. Commits https://github.com/qos-ch/slf4j/commit/0614d467d7bca81724f45e228f4f871161222b51";>0614d46 prepare release 2.0.0 https://github.com/qos-ch/slf4j/commit/b1afcd01b1092f0dfda12b4502aa202124e24a8e";>b1afcd0 javadoc edits https://github.com/qos-ch/slf4j/commit/20cd3ad0abd25d1837f5b9354c6729cb4a978d69";>20cd3ad start work on 2.0.0-SNAPSHOT https://github.com/qos-ch/slf4j/commit/aeebb6199d412a3883af2d0c414a69fde26b5971";>aeebb61 prepare release 2.0.0-beta1 https://github.com/qos-ch/slf4j/commit/1068cd0eb9fb2460d368e3ba6112517ef3fedd2a";>1068cd0 javadoc changes https://github.com/qos-ch/slf4j/commit/4e4e56a2df730cdb6877449b6341279208f20a78";>4e4e56a add CheckReturnValue annotation in org.slf4j.helpers https://github.com/qos-ch/slf4j/commit/0dcfa19040fb2d7f45dfe00823d15bdff0434d6a";>0dcfa19 check for return value in some oggingEventBuilder methods https://github.com/qos-ch/slf4j/commit/e7ca8d17c8db1fc956019404153cc7b90b8f0c61";>e7ca8d1 start work on 2.0.0-beta1-SNAPSHOPT https://github.com/qos-ch/slf4j/commit/2314de9dd9f9abbef360f5c6240487c0ac7e5fc3";>2314de9 add setMessage and log method to the fluent API https://github.com/qos-ch/slf4j/commit/508a796552640c83d6d814374a9b50a424e88cfa";>508a796 set version to 2.0.0-beta0 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.0";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-jxr] dependabot[bot] opened a new pull request, #72: Bump slf4j-simple from 1.7.36 to 2.0.0
dependabot[bot] opened a new pull request, #72: URL: https://github.com/apache/maven-jxr/pull/72 Bumps [slf4j-simple](https://github.com/qos-ch/slf4j) from 1.7.36 to 2.0.0. Commits https://github.com/qos-ch/slf4j/commit/0614d467d7bca81724f45e228f4f871161222b51";>0614d46 prepare release 2.0.0 https://github.com/qos-ch/slf4j/commit/b1afcd01b1092f0dfda12b4502aa202124e24a8e";>b1afcd0 javadoc edits https://github.com/qos-ch/slf4j/commit/20cd3ad0abd25d1837f5b9354c6729cb4a978d69";>20cd3ad start work on 2.0.0-SNAPSHOT https://github.com/qos-ch/slf4j/commit/aeebb6199d412a3883af2d0c414a69fde26b5971";>aeebb61 prepare release 2.0.0-beta1 https://github.com/qos-ch/slf4j/commit/1068cd0eb9fb2460d368e3ba6112517ef3fedd2a";>1068cd0 javadoc changes https://github.com/qos-ch/slf4j/commit/4e4e56a2df730cdb6877449b6341279208f20a78";>4e4e56a add CheckReturnValue annotation in org.slf4j.helpers https://github.com/qos-ch/slf4j/commit/0dcfa19040fb2d7f45dfe00823d15bdff0434d6a";>0dcfa19 check for return value in some oggingEventBuilder methods https://github.com/qos-ch/slf4j/commit/e7ca8d17c8db1fc956019404153cc7b90b8f0c61";>e7ca8d1 start work on 2.0.0-beta1-SNAPSHOPT https://github.com/qos-ch/slf4j/commit/2314de9dd9f9abbef360f5c6240487c0ac7e5fc3";>2314de9 add setMessage and log method to the fluent API https://github.com/qos-ch/slf4j/commit/508a796552640c83d6d814374a9b50a424e88cfa";>508a796 set version to 2.0.0-beta0 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.0";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-artifact-transfer] slachiewicz closed pull request #72: Bump apiMaven.version from 3.0 to 3.8.6
slachiewicz closed pull request #72: Bump apiMaven.version from 3.0 to 3.8.6 URL: https://github.com/apache/maven-artifact-transfer/pull/72 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-artifact-transfer] dependabot[bot] commented on pull request #72: Bump apiMaven.version from 3.0 to 3.8.6
dependabot[bot] commented on PR #72: URL: https://github.com/apache/maven-artifact-transfer/pull/72#issuecomment-188836 OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-plugin-tools] dependabot[bot] opened a new pull request, #140: Bump junit-bom from 5.8.2 to 5.9.0
dependabot[bot] opened a new pull request, #140: URL: https://github.com/apache/maven-plugin-tools/pull/140 Bumps [junit-bom](https://github.com/junit-team/junit5) from 5.8.2 to 5.9.0. Release notes Sourced from https://github.com/junit-team/junit5/releases";>junit-bom's releases. JUnit 5.9.0 = Platform 1.9.0 + Jupiter 5.9.0 + Vintage 5.9.0 See http://junit.org/junit5/docs/5.9.0/release-notes/";>Release Notes. JUnit 5.9.0-RC1 = Platform 1.9.0-RC1 + Jupiter 5.9.0-RC1 + Vintage 5.9.0-RC1 See http://junit.org/junit5/docs/5.9.0-RC1/release-notes/";>Release Notes. JUnit 5.9.0-M1 = Platform 1.9.0-M1 + Jupiter 5.9.0-M1 + Vintage 5.9.0-M1 See http://junit.org/junit5/docs/5.9.0-M1/release-notes/";>Release Notes. Commits https://github.com/junit-team/junit5/commit/3ed71dff121ff4cfe6355195f274244c7acea0bd";>3ed71df Release 5.9 https://github.com/junit-team/junit5/commit/d3f8e4ad9e43b12741c3614451daba496bc35323";>d3f8e4a Prepare 5.9 release notes https://github.com/junit-team/junit5/commit/2aaf24c35d0ec3cb6c84ed6bb53469347de09605";>2aaf24c Improve debug mode detection in JUnit Jupiter (https://github-redirect.dependabot.com/junit-team/junit5/issues/2973";>#2973) https://github.com/junit-team/junit5/commit/be5566839aa593101c3ffe10bd529d062ef068c7";>be55668 Use suite events for more accurate reporting (https://github-redirect.dependabot.com/junit-team/junit5/issues/2985";>#2985) https://github.com/junit-team/junit5/commit/5fdb138924f59703a6a4fcd0cdcde6d1a224a950";>5fdb138 Fix https://github.com/ArgumentsSource";>@ArgumentsSource annotation name in user guide (https://github-redirect.dependabot.com/junit-team/junit5/issues/2980";>#2980) https://github.com/junit-team/junit5/commit/5407208ba97865eeabc0fa53593e98a95620ec36";>5407208 Bump com.gradle.enterprise from 3.10.2 to 3.10.3 (https://github-redirect.dependabot.com/junit-team/junit5/issues/2981";>#2981) https://github.com/junit-team/junit5/commit/e91e5dc26b86d0fc0a92f747f0b5dcdc9e5fbec2";>e91e5dc Introduce AssertionFailureBuilder (https://github-redirect.dependabot.com/junit-team/junit5/issues/2972";>#2972) https://github.com/junit-team/junit5/commit/08b102c905b187d058f942c9bd27df27cb4e86a3";>08b102c Upgradle to 7.5 https://github.com/junit-team/junit5/commit/49ca772ba6c6bf6ef7ea146ceda8dd54f287026e";>49ca772 Polish Javadoc for https://github.com/EnabledIf";>@EnabledIf and https://github.com/DisabledIf";>@DisabledIf https://github.com/junit-team/junit5/commit/dafaabf27350d7b49a32bcbf9e9df76854824d3e";>dafaabf Stabilize test on Windows Additional commits viewable in https://github.com/junit-team/junit5/compare/r5.8.2...r5.9.0";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-enforcer] kwin commented on a diff in pull request #179: [MENFORCER-423] Add rule to enforce an explicit dependency scope
kwin commented on code in PR #179:
URL: https://github.com/apache/maven-enforcer/pull/179#discussion_r951458541
##
maven-enforcer-plugin/src/it/projects/require-dependency-scope/verify.groovy:
##
@@ -0,0 +1,22 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+File buildLog = new File(basedir, 'build.log')
+assert buildLog.text.contains('Found 1 missing dependency scope. Look at the
warnings emitted above for the details.')
+assert buildLog.text.contains('[WARNING] Dependency
org.apache.jackrabbit.vault:vault-cli:jar @ line 65, column 21 does not have an
explicit scope defined!')
+assert true
Review Comment:
indeed, some copy&paste mistake, fixed in
https://github.com/apache/maven-enforcer/pull/179/commits/d21ae7d9f3a462c5570af4c51b11c257a7bf3bbe.
##
maven-enforcer-plugin/src/it/projects/require-dependency-scope/invoker.properties:
##
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.buildResult = failure
Review Comment:
fixed in
https://github.com/apache/maven-enforcer/pull/179/commits/d21ae7d9f3a462c5570af4c51b11c257a7bf3bbe.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [maven-enforcer] kwin commented on a diff in pull request #179: [MENFORCER-423] Add rule to enforce an explicit dependency scope
kwin commented on code in PR #179:
URL: https://github.com/apache/maven-enforcer/pull/179#discussion_r951459330
##
enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/RequireExplicitDependencyScope.java:
##
@@ -0,0 +1,87 @@
+package org.apache.maven.plugins.enforcer;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.text.ChoiceFormat;
+import java.util.List;
+
+import org.apache.maven.enforcer.rule.api.EnforcerRule2;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleHelper;
+import org.apache.maven.model.Dependency;
+import org.apache.maven.project.MavenProject;
+import org.apache.maven.shared.utils.logging.MessageBuilder;
+import org.apache.maven.shared.utils.logging.MessageUtils;
+import
org.codehaus.plexus.component.configurator.expression.ExpressionEvaluationException;
+
+/**
+ * Checks that all dependencies have an explicitly declared scope in the
non-effective pom (i.e. without taking
+ * inheritance or dependency management into account).
+ */
+public class RequireExplicitDependencyScope
+extends AbstractNonCacheableEnforcerRule
+implements EnforcerRule2
+{
+
+@Override
+public void execute( EnforcerRuleHelper helper )
+throws EnforcerRuleException
+{
+try
+{
+int numMissingDependencyScopes = 0;
+MavenProject project = (MavenProject) helper.evaluate(
"${project}" );
+if ( project == null )
+{
+throw new ExpressionEvaluationException( "${project} is null"
);
+}
+List dependencies =
project.getOriginalModel().getDependencies(); // this is the non-effective
+
// model but the original one
+
// without inheritance and
+
// interpolation resolved
+// check scope without considering inheritance
+for ( Dependency dependency : dependencies )
+{
+helper.getLog().debug( "Found dependency " + dependency );
+if ( dependency.getScope() == null )
+{
+MessageBuilder msgBuilder = MessageUtils.buffer();
+helper.getLog().warn( msgBuilder
Review Comment:
I fixed this in
https://github.com/apache/maven-enforcer/pull/179/commits/d21ae7d9f3a462c5570af4c51b11c257a7bf3bbe.
I don't want to rely on aggregate messages in the exception as that prevent
using coloured output from the message builder.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Updated] (MPLUGIN-417) report and descriptor goal need to evaluate Javadoc comments differently
[
https://issues.apache.org/jira/browse/MPLUGIN-417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus updated MPLUGIN-417:
Description:
Currently it is not explicitly specified in
[https://maven.apache.org/ref/3.8.4/maven-plugin-api/plugin.html] which format
the {{description}} field on plugin, mojo and parameter level should have.
It partially contains HTML tags (also from converted inline javadoc taglets)
which is problematic for
[https://maven.apache.org/plugins/maven-help-plugin/describe-mojo.html] (which
expects plain text).
On the other hand, the same plugin descriptor is currently leveraged for goal
{{report}} which should include all those HTML details from the source comment.
Therefore both goals need to extract metadata from source files differently and
{{report{{ can no longer rely on the previously generated plugin descriptor
file.
In addition even the plain text descriptor should contain as many details as
possible, i.e. it should be converted javadoc taglets -> html -> plain text to
no loose any detail.
Currently the plugin descriptor is written with
{{{}GeneratorUtils.toText(){}}}at
[https://github.com/apache/maven-plugin-tools/blob/706b1d0b6730d028350f18d8459eee8b123e2f67/maven-plugin-tools-generators/src/main/java/org/apache/maven/tools/plugin/generator/PluginDescriptorGenerator.java#L186]
which has the following flaws
# Still emits {{https://maven.apache.org/ref/3.8.4/maven-plugin-api/plugin.html which format
the {{description}} field on plugin, mojo and parameter level should have.
It partially contains HTML tags (also from converted inline javadoc taglets)
which is problematic for
https://maven.apache.org/plugins/maven-help-plugin/describe-mojo.html (which
expects plain text).
On the other hand, the same plugin descriptor is currently leveraged for goal
`report` which should include all those HTML details from the source comment.
Therefore both goals need to extract metadata from source files differently and
`report` can no longer rely on the previously generated plugin descriptor file.
In addition even the plain text descriptor should contain as many details as
possible, i.e. it should be converted javadoc taglets -> html -> plain text to
no loose any detail.
> report and descriptor goal need to evaluate Javadoc comments differently
>
>
> Key: MPLUGIN-417
> URL: https://issues.apache.org/jira/browse/MPLUGIN-417
> Project: Maven Plugin Tools
> Issue Type: Improvement
> Components: Plugin Plugin
>Reporter: Konrad Windszus
>Priority: Major
>
> Currently it is not explicitly specified in
> [https://maven.apache.org/ref/3.8.4/maven-plugin-api/plugin.html] which
> format the {{description}} field on plugin, mojo and parameter level should
> have.
> It partially contains HTML tags (also from converted inline javadoc taglets)
> which is problematic for
> [https://maven.apache.org/plugins/maven-help-plugin/describe-mojo.html]
> (which expects plain text).
> On the other hand, the same plugin descriptor is currently leveraged for goal
> {{report}} which should include all those HTML details from the source
> comment.
> Therefore both goals need to extract metadata from source files differently
> and {{report{{ can no longer rely on the previously generated plugin
> descriptor file.
> In addition even the plain text descriptor should contain as many details as
> possible, i.e. it should be converted javadoc taglets -> html -> plain text
> to no loose any detail.
> Currently the plugin descriptor is written with
> {{{}GeneratorUtils.toText(){}}}at
> [https://github.com/apache/maven-plugin-tools/blob/706b1d0b6730d028350f18d8459eee8b123e2f67/maven-plugin-tools-generators/src/main/java/org/apache/maven/tools/plugin/generator/PluginDescriptorGenerator.java#L186]
> which has the following flaws
> # Still emits {{ # Does not resolve all javadoc tags
> # Does never emit a proper link for link javadoc taglets
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (MASFRES-56) Request For Maven Central Index with populated CLASSNAME fields
Claudiu-Vlad Ursache created MASFRES-56: --- Summary: Request For Maven Central Index with populated CLASSNAME fields Key: MASFRES-56 URL: https://issues.apache.org/jira/browse/MASFRES-56 Project: Apache Maven Resource Bundles Issue Type: Wish Reporter: Claudiu-Vlad Ursache Hello everyone! I'm a security researcher for a private company looking for a Maven Central mirror in the format of a Lucene Index with populated values for CLASSNAME fields (which are missing by default in the public version of the index). Is there any chance I could receive a copy of it? That would save me a ton of time trying to populate the field manually by downloading each jar once and running an index update operation. Best, Claudiu-Vlad Ursache -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-enforcer] slawekjaranowski commented on pull request #179: [MENFORCER-423] Add rule to enforce an explicit dependency scope
slawekjaranowski commented on PR #179: URL: https://github.com/apache/maven-enforcer/pull/179#issuecomment-1222440176 Pleas squash to one final commit and go 😄 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-enforcer] kwin merged pull request #179: [MENFORCER-423] Add rule to enforce an explicit dependency scope
kwin merged PR #179: URL: https://github.com/apache/maven-enforcer/pull/179 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (MENFORCER-423) Maven enforcer rule which checks that all dependencies have an explicit scope set
[
https://issues.apache.org/jira/browse/MENFORCER-423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus resolved MENFORCER-423.
---
Fix Version/s: next-release
Assignee: Konrad Windszus (was: Slawomir Jaranowski)
Resolution: Fixed
Fixed in
https://github.com/apache/maven-enforcer/commit/4eee3680246000244984a08b90dd16e2e6538928.
> Maven enforcer rule which checks that all dependencies have an explicit scope
> set
> -
>
> Key: MENFORCER-423
> URL: https://issues.apache.org/jira/browse/MENFORCER-423
> Project: Maven Enforcer Plugin
> Issue Type: New Feature
> Components: Standard Rules
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: next-release
>
>
> Useful in case when the scope is no longer part of the dependencyManagement
> or in general to force making developers a distinct decision for every local
> dependency (prevents the default scope compile from being used for test
> dependencies).
> I propose the name {{requireDependencyScope}} for the new rule.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-release] nielsbasjes commented on a diff in pull request #145: Simplify PerformReleaseMojo
nielsbasjes commented on code in PR #145:
URL: https://github.com/apache/maven-release/pull/145#discussion_r951514243
##
maven-release-plugin/src/main/java/org/apache/maven/plugins/release/PerformReleaseMojo.java:
##
@@ -179,16 +139,6 @@ public void execute()
releaseDescriptor.setScmSourceUrl( connectionUrl );
}
-if ( username != null )
-{
-releaseDescriptor.setScmUsername( username );
-}
-
-if ( password != null )
-{
-releaseDescriptor.setScmPassword( password );
-}
-
Review Comment:
@kwin You are right.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (MENFORCER-423) Maven enforcer rule which checks that all dependencies have an explicit scope set
[
https://issues.apache.org/jira/browse/MENFORCER-423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583006#comment-17583006
]
Hudson commented on MENFORCER-423:
--
Build succeeded in Jenkins: Maven » Maven TLP » maven-enforcer » master #67
See
https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-enforcer/job/master/67/
> Maven enforcer rule which checks that all dependencies have an explicit scope
> set
> -
>
> Key: MENFORCER-423
> URL: https://issues.apache.org/jira/browse/MENFORCER-423
> Project: Maven Enforcer Plugin
> Issue Type: New Feature
> Components: Standard Rules
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: next-release
>
>
> Useful in case when the scope is no longer part of the dependencyManagement
> or in general to force making developers a distinct decision for every local
> dependency (prevents the default scope compile from being used for test
> dependencies).
> I propose the name {{requireDependencyScope}} for the new rule.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-clean-plugin] jvoccia commented on pull request #10: [MCLEAN-93] Support junctions on NTFS
jvoccia commented on PR #10:
URL:
https://github.com/apache/maven-clean-plugin/pull/10#issuecomment-1222579199
> When can this happen? I mean, can we create a junction in Java without
using native code?
Not sure if you are asking about this regarding "tests" or regarding what
"real world" use case this could occur in, but if asking in the second case:
NPM does this on Windows. So if you link a NPM component with a
package.json like:
```json
{
...
"dependencies": {
"someTestServer": "file:src/test/node_server/someTestServer"
}
}
```
You will get a node_modules directory like:
node_modules/someTestServer <- Junction Point pointing to:
src/test/node_server/someTestServer
If you configure mvn clean to delete node_modules (or a directory above
node_modules) - it will walk the junction point and delete your src files.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Created] (MSHARED-1122) FileUtils: avoid getCanonicalPath()
Jörg Kubitz created MSHARED-1122: Summary: FileUtils: avoid getCanonicalPath() Key: MSHARED-1122 URL: https://issues.apache.org/jira/browse/MSHARED-1122 Project: Maven Shared Components Issue Type: Improvement Components: maven-shared-utils Environment: Windows Reporter: Jörg Kubitz Attachments: image-2022-08-22-18-18-52-811.png On JDK 11 the result has been cached with in JVM. Since JDK 12 the result is not cached anymore by default (See [https://bugs.openjdk.java.net/browse/JDK-8207005]) and now very slow on windows. For org.apache.maven.shared.utils.io.FileUtils.copyFile(File, File) please use java.nio.file.Files.isSameFile(Path, Path) instead. note: it's needed to call file.exists() before using Files.isSameFile() or catch NoSuchFileException @see [https://git.eclipse.org/r/c/platform/eclipse.platform.resources/+/180308/10/bundles/org.eclipse.core.filesystem/src/org/eclipse/core/internal/filesystem/local/LocalFile.java] for a similar fix. Here is a screenshot of sampling eclipse showing getCanonicalPath() as a hotspot: !image-2022-08-22-18-18-52-811.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-shared-utils] jukzi opened a new pull request, #114: [MSHARED-1122] FileUtils: avoid getCanonicalPath()
jukzi opened a new pull request, #114: URL: https://github.com/apache/maven-shared-utils/pull/114 Use java.nio.Files.isSameFile() to compare path. Since JDK 12 getCanonicalPath() is not cached anymore and very slow on windows. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MSHARED-1122) FileUtils: avoid getCanonicalPath()
[ https://issues.apache.org/jira/browse/MSHARED-1122?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583070#comment-17583070 ] Jörg Kubitz commented on MSHARED-1122: -- proposed fix tested with org.apache.maven.shared.utils.io.FileUtilsTest.copyFileWithNoFiltersAndLastModifiedDateOfZeroAndNoDestination() > FileUtils: avoid getCanonicalPath() > --- > > Key: MSHARED-1122 > URL: https://issues.apache.org/jira/browse/MSHARED-1122 > Project: Maven Shared Components > Issue Type: Improvement > Components: maven-shared-utils > Environment: Windows >Reporter: Jörg Kubitz >Priority: Minor > Attachments: image-2022-08-22-18-18-52-811.png > > > On JDK 11 the result has been cached with in JVM. > Since JDK 12 the result is not cached anymore by default (See > [https://bugs.openjdk.java.net/browse/JDK-8207005]) and now very slow on > windows. > For org.apache.maven.shared.utils.io.FileUtils.copyFile(File, File) > please use java.nio.file.Files.isSameFile(Path, Path) instead. > note: it's needed to call file.exists() before using Files.isSameFile() or > catch NoSuchFileException > @see > [https://git.eclipse.org/r/c/platform/eclipse.platform.resources/+/180308/10/bundles/org.eclipse.core.filesystem/src/org/eclipse/core/internal/filesystem/local/LocalFile.java] > for a similar fix. > Here is a screenshot of sampling eclipse showing getCanonicalPath() as a > hotspot: > !image-2022-08-22-18-18-52-811.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-shared-utils] jukzi commented on pull request #114: [MSHARED-1122] FileUtils: avoid getCanonicalPath()
jukzi commented on PR #114: URL: https://github.com/apache/maven-shared-utils/pull/114#issuecomment-1222597138 see https://issues.apache.org/jira/browse/MSHARED-1122 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-integration-testing] hgschmie opened a new pull request, #190: test alternate fix for MNG-7353
hgschmie opened a new pull request, #190: URL: https://github.com/apache/maven-integration-testing/pull/190 Add the missing deps to the integration test suite. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-integration-testing] hgschmie commented on pull request #190: test alternate fix for MNG-7353
hgschmie commented on PR #190: URL: https://github.com/apache/maven-integration-testing/pull/190#issuecomment-1222651015 @hboutemy @slawekjaranowski This is an alternate PR to fix the 7353 problem by adding the missing deps to the bootstrap. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven] hgschmie commented on pull request #788: run clean before building maven and integration tests
hgschmie commented on PR #788: URL: https://github.com/apache/maven/pull/788#issuecomment-1222652676 https://github.com/apache/maven-integration-testing/pull/190 is a more likely fix. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven] hgschmie closed pull request #788: run clean before building maven and integration tests
hgschmie closed pull request #788: run clean before building maven and integration tests URL: https://github.com/apache/maven/pull/788 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-filtering] dependabot[bot] opened a new pull request, #45: Bump slf4jVersion from 1.7.36 to 2.0.0
dependabot[bot] opened a new pull request, #45: URL: https://github.com/apache/maven-filtering/pull/45 Bumps `slf4jVersion` from 1.7.36 to 2.0.0. Updates `slf4j-api` from 1.7.36 to 2.0.0 Commits https://github.com/qos-ch/slf4j/commit/0614d467d7bca81724f45e228f4f871161222b51";>0614d46 prepare release 2.0.0 https://github.com/qos-ch/slf4j/commit/b1afcd01b1092f0dfda12b4502aa202124e24a8e";>b1afcd0 javadoc edits https://github.com/qos-ch/slf4j/commit/20cd3ad0abd25d1837f5b9354c6729cb4a978d69";>20cd3ad start work on 2.0.0-SNAPSHOT https://github.com/qos-ch/slf4j/commit/aeebb6199d412a3883af2d0c414a69fde26b5971";>aeebb61 prepare release 2.0.0-beta1 https://github.com/qos-ch/slf4j/commit/1068cd0eb9fb2460d368e3ba6112517ef3fedd2a";>1068cd0 javadoc changes https://github.com/qos-ch/slf4j/commit/4e4e56a2df730cdb6877449b6341279208f20a78";>4e4e56a add CheckReturnValue annotation in org.slf4j.helpers https://github.com/qos-ch/slf4j/commit/0dcfa19040fb2d7f45dfe00823d15bdff0434d6a";>0dcfa19 check for return value in some oggingEventBuilder methods https://github.com/qos-ch/slf4j/commit/e7ca8d17c8db1fc956019404153cc7b90b8f0c61";>e7ca8d1 start work on 2.0.0-beta1-SNAPSHOPT https://github.com/qos-ch/slf4j/commit/2314de9dd9f9abbef360f5c6240487c0ac7e5fc3";>2314de9 add setMessage and log method to the fluent API https://github.com/qos-ch/slf4j/commit/508a796552640c83d6d814374a9b50a424e88cfa";>508a796 set version to 2.0.0-beta0 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.0";>compare view Updates `slf4j-simple` from 1.7.36 to 2.0.0 Commits https://github.com/qos-ch/slf4j/commit/0614d467d7bca81724f45e228f4f871161222b51";>0614d46 prepare release 2.0.0 https://github.com/qos-ch/slf4j/commit/b1afcd01b1092f0dfda12b4502aa202124e24a8e";>b1afcd0 javadoc edits https://github.com/qos-ch/slf4j/commit/20cd3ad0abd25d1837f5b9354c6729cb4a978d69";>20cd3ad start work on 2.0.0-SNAPSHOT https://github.com/qos-ch/slf4j/commit/aeebb6199d412a3883af2d0c414a69fde26b5971";>aeebb61 prepare release 2.0.0-beta1 https://github.com/qos-ch/slf4j/commit/1068cd0eb9fb2460d368e3ba6112517ef3fedd2a";>1068cd0 javadoc changes https://github.com/qos-ch/slf4j/commit/4e4e56a2df730cdb6877449b6341279208f20a78";>4e4e56a add CheckReturnValue annotation in org.slf4j.helpers https://github.com/qos-ch/slf4j/commit/0dcfa19040fb2d7f45dfe00823d15bdff0434d6a";>0dcfa19 check for return value in some oggingEventBuilder methods https://github.com/qos-ch/slf4j/commit/e7ca8d17c8db1fc956019404153cc7b90b8f0c61";>e7ca8d1 start work on 2.0.0-beta1-SNAPSHOPT https://github.com/qos-ch/slf4j/commit/2314de9dd9f9abbef360f5c6240487c0ac7e5fc3";>2314de9 add setMessage and log method to the fluent API https://github.com/qos-ch/slf4j/commit/508a796552640c83d6d814374a9b50a424e88cfa";>508a796 set version to 2.0.0-beta0 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.0";>compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-integration-testing] hgschmie commented on pull request #190: test alternate fix for MNG-7353
hgschmie commented on PR #190: URL: https://github.com/apache/maven-integration-testing/pull/190#issuecomment-1222715158 The currently breaking tests refer to those two versions explicitly. So bootstrapping them into the local repo should do the trick. Not sure how a new release will break this. I leave the decision to make changes to the actual tests to @hboutemy. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven] hgschmie opened a new pull request, #789: [MNG-7529] Maven resolver makes bad repository choices
hgschmie opened a new pull request, #789: URL: https://github.com/apache/maven/pull/789 Testing integration tests -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-7529) Maven resolver makes bad repository choices when resolving version ranges
[ https://issues.apache.org/jira/browse/MNG-7529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583125#comment-17583125 ] ASF GitHub Bot commented on MNG-7529: - hgschmie opened a new pull request, #789: URL: https://github.com/apache/maven/pull/789 Testing integration tests > Maven resolver makes bad repository choices when resolving version ranges > - > > Key: MNG-7529 > URL: https://issues.apache.org/jira/browse/MNG-7529 > Project: Maven > Issue Type: Bug > Components: Artifacts and Repositories >Affects Versions: 3.8.6 >Reporter: Henning Schmiedehausen >Priority: Major > Fix For: 3.8.x-candidate > > > This is the same problem as MRESOLVER-270. The problem is actually in the > maven core, not in the resolver. See the description there. > > This bug is a placeholder for the fix PR. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-integration-testing] slawekjaranowski commented on pull request #190: test alternate fix for MNG-7353
slawekjaranowski commented on PR #190: URL: https://github.com/apache/maven-integration-testing/pull/190#issuecomment-1222727739 IMHO `dependency:list` will be resolved to the latest available version, which will not present in bootstrap -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MSHARED-1123) Require Maven 3.2.5+
Sylwester Lachiewicz created MSHARED-1123: - Summary: Require Maven 3.2.5+ Key: MSHARED-1123 URL: https://issues.apache.org/jira/browse/MSHARED-1123 Project: Maven Shared Components Issue Type: Task Components: maven-shared-incremental Reporter: Sylwester Lachiewicz -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-integration-testing] hgschmie commented on pull request #190: test alternate fix for MNG-7353
hgschmie commented on PR #190: URL: https://github.com/apache/maven-integration-testing/pull/190#issuecomment-1222781752 My understanding is that the failing test is trying to run the plugin with explicit versions (that is what is in the test code) and those are 3.1.1 and 3.3.0 I did the trick that @mthmulders explained for the integration test (create a branch with the same name as the PR branch in maven) and with this patch applied, it passes the integration tests: https://github.com/apache/maven/runs/7958258759 (well the MacOS tests failed but for a different reason), but the Linux and windows pass and they never did before. So that seems to work. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-integration-testing] hgschmie commented on pull request #190: test alternate fix for MNG-7353
hgschmie commented on PR #190: URL: https://github.com/apache/maven-integration-testing/pull/190#issuecomment-1222786057 https://github.com/apache/maven-integration-testing/blob/2181675286bf085c49198858d6bd0f65178d17b2/core-it-suite/src/test/java/org/apache/maven/it/MavenITmng7353CliGoalInvocationTest.java contains explicit versions for goal invocation (I think that is the point of the test). The execution *may* yield different versions in its output but I don't think that this is relevant. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MSHARED-1123) Require Maven 3.2.5+
[ https://issues.apache.org/jira/browse/MSHARED-1123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MSHARED-1123. - Resolution: Not A Problem > Require Maven 3.2.5+ > > > Key: MSHARED-1123 > URL: https://issues.apache.org/jira/browse/MSHARED-1123 > Project: Maven Shared Components > Issue Type: Task > Components: maven-shared-incremental >Reporter: Sylwester Lachiewicz >Priority: Minor > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MEJB-133) Upgrade to Java 8
[ https://issues.apache.org/jira/browse/MEJB-133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583166#comment-17583166 ] Hudson commented on MEJB-133: - Build failed in Jenkins: Maven » Maven TLP » maven-ejb-plugin » master #15 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-ejb-plugin/job/master/15/ > Upgrade to Java 8 > - > > Key: MEJB-133 > URL: https://issues.apache.org/jira/browse/MEJB-133 > Project: Maven EJB Plugin > Issue Type: Task >Reporter: Michael Osipov >Assignee: Michael Osipov >Priority: Major > Fix For: 3.2.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MEJB-131) Upgrade Maven to 3.2.5
[ https://issues.apache.org/jira/browse/MEJB-131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583165#comment-17583165 ] Hudson commented on MEJB-131: - Build failed in Jenkins: Maven » Maven TLP » maven-ejb-plugin » master #15 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-ejb-plugin/job/master/15/ > Upgrade Maven to 3.2.5 > -- > > Key: MEJB-131 > URL: https://issues.apache.org/jira/browse/MEJB-131 > Project: Maven EJB Plugin > Issue Type: Task >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > Fix For: 3.2.1 > > > Update plugin changes: > * set required Maven version to 3.2.5 > * make maven bits provided scope > * update dependencies -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MPLUGIN-418) Require prerequisites to be set for maven-plugin
Slawomir Jaranowski created MPLUGIN-418:
---
Summary: Require prerequisites to be set for maven-plugin
Key: MPLUGIN-418
URL: https://issues.apache.org/jira/browse/MPLUGIN-418
Project: Maven Plugin Tools
Issue Type: Improvement
Reporter: Slawomir Jaranowski
Assignee: Slawomir Jaranowski
{{project/prerequisites/maven}} should be set in maven-plugin to proper Maven
version
h1. Scenarios
1. no prerequisites
- *build fail*
2. prerequisites present, no maven-plugin-api on classpath
- build ok
3. prerequisites present, maven-plugin-api on classpath
- prerequisites >= maven-plugin-api - build ok
- prerequisites < maven-plugin-api - *build fail*
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-shared-utils] dependabot[bot] opened a new pull request, #115: Bump slf4j-api from 1.7.36 to 2.0.0
dependabot[bot] opened a new pull request, #115: URL: https://github.com/apache/maven-shared-utils/pull/115 Bumps [slf4j-api](https://github.com/qos-ch/slf4j) from 1.7.36 to 2.0.0. Commits https://github.com/qos-ch/slf4j/commit/0614d467d7bca81724f45e228f4f871161222b51";>0614d46 prepare release 2.0.0 https://github.com/qos-ch/slf4j/commit/b1afcd01b1092f0dfda12b4502aa202124e24a8e";>b1afcd0 javadoc edits https://github.com/qos-ch/slf4j/commit/20cd3ad0abd25d1837f5b9354c6729cb4a978d69";>20cd3ad start work on 2.0.0-SNAPSHOT https://github.com/qos-ch/slf4j/commit/aeebb6199d412a3883af2d0c414a69fde26b5971";>aeebb61 prepare release 2.0.0-beta1 https://github.com/qos-ch/slf4j/commit/1068cd0eb9fb2460d368e3ba6112517ef3fedd2a";>1068cd0 javadoc changes https://github.com/qos-ch/slf4j/commit/4e4e56a2df730cdb6877449b6341279208f20a78";>4e4e56a add CheckReturnValue annotation in org.slf4j.helpers https://github.com/qos-ch/slf4j/commit/0dcfa19040fb2d7f45dfe00823d15bdff0434d6a";>0dcfa19 check for return value in some oggingEventBuilder methods https://github.com/qos-ch/slf4j/commit/e7ca8d17c8db1fc956019404153cc7b90b8f0c61";>e7ca8d1 start work on 2.0.0-beta1-SNAPSHOPT https://github.com/qos-ch/slf4j/commit/2314de9dd9f9abbef360f5c6240487c0ac7e5fc3";>2314de9 add setMessage and log method to the fluent API https://github.com/qos-ch/slf4j/commit/508a796552640c83d6d814374a9b50a424e88cfa";>508a796 set version to 2.0.0-beta0 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.0";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MASFRES-56) Request For Maven Central Index with populated CLASSNAME fields
[ https://issues.apache.org/jira/browse/MASFRES-56?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov closed MASFRES-56. - Resolution: Invalid That's the wrong forum. We so not maintain Maven Central. Sonatype does. Reach out to [~brianf] > Request For Maven Central Index with populated CLASSNAME fields > --- > > Key: MASFRES-56 > URL: https://issues.apache.org/jira/browse/MASFRES-56 > Project: Apache Maven Resource Bundles > Issue Type: Wish >Reporter: Claudiu-Vlad Ursache >Priority: Minor > > Hello everyone! > I'm a security researcher for a private company looking for a Maven Central > mirror in the format of a Lucene Index with populated values for CLASSNAME > fields (which are missing by default in the public version of the index). Is > there any chance I could receive a copy of it? That would save me a ton of > time trying to populate the field manually by downloading each jar once and > running an index update operation. > Best, > Claudiu-Vlad Ursache -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MPLUGIN-418) Require prerequisites to be set for maven-plugin
[
https://issues.apache.org/jira/browse/MPLUGIN-418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583215#comment-17583215
]
Michael Osipov commented on MPLUGIN-418:
Second one will autodeduce the required version?
> Require prerequisites to be set for maven-plugin
>
>
> Key: MPLUGIN-418
> URL: https://issues.apache.org/jira/browse/MPLUGIN-418
> Project: Maven Plugin Tools
> Issue Type: Improvement
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
>
> {{project/prerequisites/maven}} should be set in maven-plugin to proper Maven
> version
> h1. Scenarios
> 1. no prerequisites
> - *build fail*
> 2. prerequisites present, no maven-plugin-api on classpath
> - build ok
> 3. prerequisites present, maven-plugin-api on classpath
> - prerequisites >= maven-plugin-api - build ok
> - prerequisites < maven-plugin-api - *build fail*
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (MNG-7463) Improve documentation about deprecation in Mojo
[
https://issues.apache.org/jira/browse/MNG-7463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Slawomir Jaranowski reassigned MNG-7463:
Assignee: Slawomir Jaranowski
> Improve documentation about deprecation in Mojo
> ---
>
> Key: MNG-7463
> URL: https://issues.apache.org/jira/browse/MNG-7463
> Project: Maven
> Issue Type: Improvement
> Components: Documentation: General, Plugin API
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
>
> fix, improve:
> - java docs of {{org.apache.maven.plugin.descriptor.MojoDescriptor}}
> -- {{deprecated}} filed and set/get methods.
> - maven-plugin-api/src/main/mdo/plugin.mdo
> -- descriptions of mojo, parameters deprecated field
> - https://maven.apache.org/developers/mojo-api-specification.html
> -- descriptions of mojo, parameters deprecated
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-dependency-tree] dependabot[bot] opened a new pull request, #24: Bump slf4j-api from 1.7.36 to 2.0.0
dependabot[bot] opened a new pull request, #24: URL: https://github.com/apache/maven-dependency-tree/pull/24 Bumps [slf4j-api](https://github.com/qos-ch/slf4j) from 1.7.36 to 2.0.0. Commits https://github.com/qos-ch/slf4j/commit/0614d467d7bca81724f45e228f4f871161222b51";>0614d46 prepare release 2.0.0 https://github.com/qos-ch/slf4j/commit/b1afcd01b1092f0dfda12b4502aa202124e24a8e";>b1afcd0 javadoc edits https://github.com/qos-ch/slf4j/commit/20cd3ad0abd25d1837f5b9354c6729cb4a978d69";>20cd3ad start work on 2.0.0-SNAPSHOT https://github.com/qos-ch/slf4j/commit/aeebb6199d412a3883af2d0c414a69fde26b5971";>aeebb61 prepare release 2.0.0-beta1 https://github.com/qos-ch/slf4j/commit/1068cd0eb9fb2460d368e3ba6112517ef3fedd2a";>1068cd0 javadoc changes https://github.com/qos-ch/slf4j/commit/4e4e56a2df730cdb6877449b6341279208f20a78";>4e4e56a add CheckReturnValue annotation in org.slf4j.helpers https://github.com/qos-ch/slf4j/commit/0dcfa19040fb2d7f45dfe00823d15bdff0434d6a";>0dcfa19 check for return value in some oggingEventBuilder methods https://github.com/qos-ch/slf4j/commit/e7ca8d17c8db1fc956019404153cc7b90b8f0c61";>e7ca8d1 start work on 2.0.0-beta1-SNAPSHOPT https://github.com/qos-ch/slf4j/commit/2314de9dd9f9abbef360f5c6240487c0ac7e5fc3";>2314de9 add setMessage and log method to the fluent API https://github.com/qos-ch/slf4j/commit/508a796552640c83d6d814374a9b50a424e88cfa";>508a796 set version to 2.0.0-beta0 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.0";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MPLUGIN-418) Require prerequisites to be set for maven-plugin
[
https://issues.apache.org/jira/browse/MPLUGIN-418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583230#comment-17583230
]
Slawomir Jaranowski commented on MPLUGIN-418:
-
{{prerequisites}} must be in plugin pom.
> Require prerequisites to be set for maven-plugin
>
>
> Key: MPLUGIN-418
> URL: https://issues.apache.org/jira/browse/MPLUGIN-418
> Project: Maven Plugin Tools
> Issue Type: Improvement
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
>
> {{project/prerequisites/maven}} should be set in maven-plugin to proper Maven
> version
> h1. Scenarios
> 1. no prerequisites
> - *build fail*
> 2. prerequisites present, no maven-plugin-api on classpath
> - build ok
> 3. prerequisites present, maven-plugin-api on classpath
> - prerequisites >= maven-plugin-api - build ok
> - prerequisites < maven-plugin-api - *build fail*
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven] hgschmie closed pull request #789: [MNG-7529] Maven resolver makes bad repository choices
hgschmie closed pull request #789: [MNG-7529] Maven resolver makes bad repository choices URL: https://github.com/apache/maven/pull/789 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven] hgschmie commented on pull request #789: [MNG-7529] Maven resolver makes bad repository choices
hgschmie commented on PR #789: URL: https://github.com/apache/maven/pull/789#issuecomment-1223248526 got the integration tests to work. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-7529) Maven resolver makes bad repository choices when resolving version ranges
[ https://issues.apache.org/jira/browse/MNG-7529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583231#comment-17583231 ] ASF GitHub Bot commented on MNG-7529: - hgschmie commented on PR #789: URL: https://github.com/apache/maven/pull/789#issuecomment-1223248526 got the integration tests to work. > Maven resolver makes bad repository choices when resolving version ranges > - > > Key: MNG-7529 > URL: https://issues.apache.org/jira/browse/MNG-7529 > Project: Maven > Issue Type: Bug > Components: Artifacts and Repositories >Affects Versions: 3.8.6 >Reporter: Henning Schmiedehausen >Priority: Major > Fix For: 3.8.x-candidate > > > This is the same problem as MRESOLVER-270. The problem is actually in the > maven core, not in the resolver. See the description there. > > This bug is a placeholder for the fix PR. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7529) Maven resolver makes bad repository choices when resolving version ranges
[ https://issues.apache.org/jira/browse/MNG-7529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583232#comment-17583232 ] ASF GitHub Bot commented on MNG-7529: - hgschmie closed pull request #789: [MNG-7529] Maven resolver makes bad repository choices URL: https://github.com/apache/maven/pull/789 > Maven resolver makes bad repository choices when resolving version ranges > - > > Key: MNG-7529 > URL: https://issues.apache.org/jira/browse/MNG-7529 > Project: Maven > Issue Type: Bug > Components: Artifacts and Repositories >Affects Versions: 3.8.6 >Reporter: Henning Schmiedehausen >Priority: Major > Fix For: 3.8.x-candidate > > > This is the same problem as MRESOLVER-270. The problem is actually in the > maven core, not in the resolver. See the description there. > > This bug is a placeholder for the fix PR. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MASFRES-56) Request For Maven Central Index with populated CLASSNAME fields
[ https://issues.apache.org/jira/browse/MASFRES-56?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583369#comment-17583369 ] Claudiu-Vlad Ursache commented on MASFRES-56: - Thanks for the info [~michael-o]! > Request For Maven Central Index with populated CLASSNAME fields > --- > > Key: MASFRES-56 > URL: https://issues.apache.org/jira/browse/MASFRES-56 > Project: Apache Maven Resource Bundles > Issue Type: Wish >Reporter: Claudiu-Vlad Ursache >Priority: Minor > > Hello everyone! > I'm a security researcher for a private company looking for a Maven Central > mirror in the format of a Lucene Index with populated values for CLASSNAME > fields (which are missing by default in the public version of the index). Is > there any chance I could receive a copy of it? That would save me a ton of > time trying to populate the field manually by downloading each jar once and > running an index update operation. > Best, > Claudiu-Vlad Ursache -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MASFRES-56) Request For Maven Central Index with populated CLASSNAME fields
[ https://issues.apache.org/jira/browse/MASFRES-56?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583382#comment-17583382 ] Michael Osipov commented on MASFRES-56: --- Cu placere. > Request For Maven Central Index with populated CLASSNAME fields > --- > > Key: MASFRES-56 > URL: https://issues.apache.org/jira/browse/MASFRES-56 > Project: Apache Maven Resource Bundles > Issue Type: Wish >Reporter: Claudiu-Vlad Ursache >Priority: Minor > > Hello everyone! > I'm a security researcher for a private company looking for a Maven Central > mirror in the format of a Lucene Index with populated values for CLASSNAME > fields (which are missing by default in the public version of the index). Is > there any chance I could receive a copy of it? That would save me a ton of > time trying to populate the field manually by downloading each jar once and > running an index update operation. > Best, > Claudiu-Vlad Ursache -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (MASFRES-56) Request For Maven Central Index with populated CLASSNAME fields
[ https://issues.apache.org/jira/browse/MASFRES-56?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583214#comment-17583214 ] Michael Osipov edited comment on MASFRES-56 at 8/23/22 5:55 AM: That's the wrong forum. We do not maintain Maven Central. Sonatype does. Reach out to [~brianf] was (Author: michael-o): That's the wrong forum. We so not maintain Maven Central. Sonatype does. Reach out to [~brianf] > Request For Maven Central Index with populated CLASSNAME fields > --- > > Key: MASFRES-56 > URL: https://issues.apache.org/jira/browse/MASFRES-56 > Project: Apache Maven Resource Bundles > Issue Type: Wish >Reporter: Claudiu-Vlad Ursache >Priority: Minor > > Hello everyone! > I'm a security researcher for a private company looking for a Maven Central > mirror in the format of a Lucene Index with populated values for CLASSNAME > fields (which are missing by default in the public version of the index). Is > there any chance I could receive a copy of it? That would save me a ton of > time trying to populate the field manually by downloading each jar once and > running an index update operation. > Best, > Claudiu-Vlad Ursache -- This message was sent by Atlassian Jira (v8.20.10#820010)
