[GitHub] [maven-release] edwardUL99 commented on pull request #145: Simplify PerformReleaseMojo
edwardUL99 commented on PR #145: URL: https://github.com/apache/maven-release/pull/145#issuecomment-1243310807 > I agree with @nielsbasjes that a lot more parameters are now exposed for goal `perform` which are not useful. Maybe the AbstractScmReleaseMojo would need a split up between `AbstractScmReadReleaseMojo` and `AbstractScmWriteReleaseMojo` (inheriting from the former). As part of #149, this change could possibly be introduced? Unless @michael-o wishes to do that -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-release] kwin commented on a diff in pull request #149: [MRELEASE-839]: Unable to supply tag to release for release:perform
kwin commented on code in PR #149: URL: https://github.com/apache/maven-release/pull/149#discussion_r968067852 ## maven-release-plugin/src/main/java/org/apache/maven/plugins/release/PerformReleaseMojo.java: ## @@ -46,7 +46,7 @@ */ @Mojo( name = "perform", aggregator = true, requiresProject = false ) public class PerformReleaseMojo -extends AbstractReleaseMojo +extends AbstractScmReleaseMojo Review Comment: @michael-o Please advise how to continue. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MSHARED-1134) Remove debug mode in Verifier
[
https://issues.apache.org/jira/browse/MSHARED-1134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17602971#comment-17602971
]
Michael Osipov commented on MSHARED-1134:
-
I see. What is the alternative approach? If there is any...
> Remove debug mode in Verifier
> -
>
> Key: MSHARED-1134
> URL: https://issues.apache.org/jira/browse/MSHARED-1134
> Project: Maven Shared Components
> Issue Type: Improvement
> Components: maven-verifier
>Reporter: Slawomir Jaranowski
>Priority: Major
> Fix For: maven-verifier-2.0.0
>
>
> In Verifier we have {{debug}} field and corresponding constructors and
> setters for it
> Behavior for this flags was probably execute Verifier in {{debug}} mode, so
> - *only* in constructor original {{System.out/err}} are saved
> - *only* in {{setDebug}} method {{System.out/err}} are overrided
> - Verifier during executions use {{System.out.println(..)}} as logging purpose
> - in {{displayStreamBuffers}} we can print before recoded logs
> And finally method {{resetStreams}} must be called on {{Verifier}} in order
> to restore original {{System.out/err}} stream.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-release] nielsbasjes commented on pull request #145: Simplify PerformReleaseMojo
nielsbasjes commented on PR #145: URL: https://github.com/apache/maven-release/pull/145#issuecomment-1243336257 I'm wondering what the real downside (if any) is of having some properties available that are not used. Apparently (as shown in #149) some of those are actually missing and should be made available. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MENFORCER-433) Add rule to ban property
Konrad Windszus created MENFORCER-433:
-
Summary: Add rule to ban property
Key: MENFORCER-433
URL: https://issues.apache.org/jira/browse/MENFORCER-433
Project: Maven Enforcer Plugin
Issue Type: New Feature
Components: Standard Rules
Reporter: Konrad Windszus
Similar to {{requireProperty}} there should be a {{banProperty}} which ensures
that a property with a specific name is not set at all.
This is useful in case a property is no longer supported for profile
activation, or to enforce that e.g. the settings.xml does not contain a certain
element.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-integration-testing] michael-o commented on pull request #131: [MNG-7310] Add a test for MNG-7310
michael-o commented on PR #131: URL: https://github.com/apache/maven-integration-testing/pull/131#issuecomment-1243341388 Are you able to merge yourself? If so, please fixup and merge. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-release] kwin commented on pull request #145: Simplify PerformReleaseMojo
kwin commented on PR #145: URL: https://github.com/apache/maven-release/pull/145#issuecomment-1243368619 For me the 2 phase release process is already complicated enough. Exposing unused parameters for the `perform` goal in its documentation (https://maven.apache.org/maven-release/maven-release-plugin/perform-mojo.html) will make it even harder to grasp what is going on. Also I expect a lot of wrong reports due to the unused (but documented) parameters. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] wsq93 opened a new issue, #687: M2E integration
wsq93 opened a new issue, #687: URL: https://github.com/apache/maven-mvnd/issues/687 Ask for help! https://github.com/eclipse-m2e/m2e-core/issues/897 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-shade-plugin] gnodet merged pull request #143: [MSHADE-422] Remove usage of deprecated Plugin#getGoals() method
gnodet merged PR #143: URL: https://github.com/apache/maven-shade-plugin/pull/143 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Assigned] (MSHADE-422) Remove usage of deprecated Plugin#getGoals()
[ https://issues.apache.org/jira/browse/MSHADE-422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Guillaume Nodet reassigned MSHADE-422: -- Assignee: Guillaume Nodet > Remove usage of deprecated Plugin#getGoals() > > > Key: MSHADE-422 > URL: https://issues.apache.org/jira/browse/MSHADE-422 > Project: Maven Shade Plugin > Issue Type: Task >Reporter: Guillaume Nodet >Assignee: Guillaume Nodet >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSHADE-422) Remove usage of deprecated Plugin#getGoals()
[ https://issues.apache.org/jira/browse/MSHADE-422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603021#comment-17603021 ] Hudson commented on MSHADE-422: --- Build succeeded in Jenkins: Maven » Maven TLP » maven-shade-plugin » master #36 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-shade-plugin/job/master/36/ > Remove usage of deprecated Plugin#getGoals() > > > Key: MSHADE-422 > URL: https://issues.apache.org/jira/browse/MSHADE-422 > Project: Maven Shade Plugin > Issue Type: Task >Reporter: Guillaume Nodet >Assignee: Guillaume Nodet >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-integration-testing] gnodet commented on pull request #176: Move ITs to JDK 8 / JUnit 5
gnodet commented on PR #176: URL: https://github.com/apache/maven-integration-testing/pull/176#issuecomment-1243506243 > Old (master): > > ``` > [INFO] Tests run: 864, Failures: 0, Errors: 0, Skipped: 13, Time elapsed: 566.069 s - in org.apache.maven.it.IntegrationTestSuite > ``` > > new: > > ``` > [WARNING] Tests run: 859, Failures: 0, Errors: 0, Skipped: 33 > ``` > > * I wonder why there more more skips now? > * Where does the 5 tests diff come from? > * The overall elapsed time is gone :-( New master is now: ``` [WARNING] Tests run: 882, Failures: 0, Errors: 0, Skipped: 76 ``` Note that with the previous setup, I don't think tests were counted as _skipped_ if the maven version was not matching the range. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gh-actions-shared] olamy commented on pull request #56: Bump release-drafter/release-drafter from 5.20.0 to 5.20.1
olamy commented on PR #56: URL: https://github.com/apache/maven-gh-actions-shared/pull/56#issuecomment-1243521601 @dependabot merge -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gh-actions-shared] dependabot[bot] merged pull request #56: Bump release-drafter/release-drafter from 5.20.0 to 5.20.1
dependabot[bot] merged PR #56: URL: https://github.com/apache/maven-gh-actions-shared/pull/56 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gh-actions-shared] olamy commented on pull request #57: Bump release-drafter/release-drafter from 5.20.0 to 5.20.1
olamy commented on PR #57: URL: https://github.com/apache/maven-gh-actions-shared/pull/57#issuecomment-1243521932 @dependabot merge -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gh-actions-shared] dependabot[bot] merged pull request #57: Bump release-drafter/release-drafter from 5.20.0 to 5.20.1
dependabot[bot] merged PR #57: URL: https://github.com/apache/maven-gh-actions-shared/pull/57 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-integration-testing] michael-o commented on pull request #176: Move ITs to JDK 8 / JUnit 5
michael-o commented on PR #176: URL: https://github.com/apache/maven-integration-testing/pull/176#issuecomment-1243583497 > > Old (master): > > ``` > > [INFO] Tests run: 864, Failures: 0, Errors: 0, Skipped: 13, Time elapsed: 566.069 s - in org.apache.maven.it.IntegrationTestSuite > > ``` > > > > > > > > > > > > > > > > > > > > > > > > new: > > ``` > > [WARNING] Tests run: 859, Failures: 0, Errors: 0, Skipped: 33 > > ``` > > > > > > > > > > > > > > > > > > > > > > > > > > * I wonder why there more more skips now? > > * Where does the 5 tests diff come from? > > * The overall elapsed time is gone :-( > > New master is now: > > ``` > [WARNING] Tests run: 882, Failures: 0, Errors: 0, Skipped: 76 > ``` > > Note that with the previous setup, I don't think tests were counted as _skipped_ if the maven version was not matching the range. I agree with the last statement. I have noticed this too. Will review again. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-integration-testing] gnodet commented on pull request #176: Move ITs to JDK 8 / JUnit 5
gnodet commented on PR #176: URL: https://github.com/apache/maven-integration-testing/pull/176#issuecomment-1243585440 > > > Old (master): > > > ``` > > > [INFO] Tests run: 864, Failures: 0, Errors: 0, Skipped: 13, Time elapsed: 566.069 s - in org.apache.maven.it.IntegrationTestSuite > > > ``` > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > new: > > > ``` > > > [WARNING] Tests run: 859, Failures: 0, Errors: 0, Skipped: 33 > > > ``` > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > * I wonder why there more more skips now? > > > * Where does the 5 tests diff come from? > > > * The overall elapsed time is gone :-( > > > > > > New master is now: > > ``` > > [WARNING] Tests run: 882, Failures: 0, Errors: 0, Skipped: 76 > > ``` > > > > > > > > > > > > > > > > > > > > > > > > Note that with the previous setup, I don't think tests were counted as _skipped_ if the maven version was not matching the range. > > I agree with the last statement. I have noticed this too. Will review again. As for the overall output (including the wall-time of all tests), this would require a surefire extension in order to rework the output completely as it was before. I'm not sure it's worth it at this point. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-integration-testing] michael-o commented on pull request #176: Move ITs to JDK 8 / JUnit 5
michael-o commented on PR #176: URL: https://github.com/apache/maven-integration-testing/pull/176#issuecomment-1243587165 > > > > Old (master): > > > > ``` > > > > [INFO] Tests run: 864, Failures: 0, Errors: 0, Skipped: 13, Time elapsed: 566.069 s - in org.apache.maven.it.IntegrationTestSuite > > > > ``` > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > new: > > > > ``` > > > > [WARNING] Tests run: 859, Failures: 0, Errors: 0, Skipped: 33 > > > > ``` > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > * I wonder why there more more skips now? > > > > * Where does the 5 tests diff come from? > > > > * The overall elapsed time is gone :-( > > > > > > > > > New master is now: > > > ``` > > > [WARNING] Tests run: 882, Failures: 0, Errors: 0, Skipped: 76 > > > ``` > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Note that with the previous setup, I don't think tests were counted as _skipped_ if the maven version was not matching the range. > > > > > > I agree with the last statement. I have noticed this too. Will review again. > > As for the overall output (including the wall-time of all tests), this would require a surefire extension in order to rework the output completely as it was before. I'm not sure it's worth it at this point. OK, then we can postpone this. Would nice to have at some point in time. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] wsq93 closed issue #687: M2E integration
wsq93 closed issue #687: M2E integration URL: https://github.com/apache/maven-mvnd/issues/687 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
Joseph Angotti created MWAR-456: --- Summary: Latest maven-war-plugin causing vulnerable .jars to be downloaded Key: MWAR-456 URL: https://issues.apache.org/jira/browse/MWAR-456 Project: Maven WAR Plugin Issue Type: Bug Affects Versions: 3.3.2 Environment: Linux, Windows Reporter: Joseph Angotti Attachments: Console Log.JPG We are planning to upgrade our project's parent pom.xml file to use maven-war-plugin 3.3.2, which is the latest version, but somehow it is causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory repository when it shouldn't be. Other versions of the maven-war-plugin seem to result in the same issue. Is there someone available who can assist with this issue as soon as possible? Our development efforts are currently blocked because of this issue. We need to be able to upgrade to the latest version of the maven-war-plugin and prevent vulnerable .jar files from being downloaded as soon as possible before our remediation deadline in a few weeks. Thank you (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603186#comment-17603186 ] Michael Osipov commented on MWAR-456: - Which vulnerabilities? > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Attachments: Console Log.JPG > > Original Estimate: 443h > Remaining Estimate: 443h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-javadoc-plugin] kwin opened a new pull request, #160: fix link to documentation of link option
kwin opened a new pull request, #160: URL: https://github.com/apache/maven-javadoc-plugin/pull/160 Following this checklist to help us incorporate your contribution quickly and easily: - [ ] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/MJAVADOC) filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes. - [ ] Each commit in the pull request should have a meaningful subject line and body. - [ ] Format the pull request title like `[MJAVADOC-XXX] - Fixes bug in ApproximateQuantiles`, where you replace `MJAVADOC-XXX` with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message. - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [ ] Run `mvn clean verify -Prun-its` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically. If your pull request is about ~20 lines of code you don't need to sign an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure please ask on the developers list. To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) you have to acknowledge this by using the following check-box. - [ ] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) - [ ] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joseph Angotti updated MWAR-456: Attachment: (was: Console Log.JPG) > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Original Estimate: 443h > Remaining Estimate: 443h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603207#comment-17603207 ] Joseph Angotti commented on MWAR-456: - Somehow, plexus-utils-2.0.5.jar (CVE-2017-1000487) is being downloaded, as well as maven-shared-utils-3.2.1.jar (CVE-2022-29599). > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Original Estimate: 443h > Remaining Estimate: 443h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joseph Angotti updated MWAR-456: Attachment: Console-Log-Edit.JPG > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Attachments: Console-Log-Edit.JPG > > Original Estimate: 443h > Remaining Estimate: 443h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603207#comment-17603207 ] Joseph Angotti edited comment on MWAR-456 at 9/12/22 5:38 PM: -- Somehow, plexus-utils-2.0.5.jar (CVE-2017-1000487) is being downloaded, as well as maven-shared-utils-3.2.1.jar (CVE-2022-29599). The files are downloaded immediately after the war goal is executed. Is there a way around this to not include these during the war goal somehow? was (Author: JIRAUSER295644): Somehow, plexus-utils-2.0.5.jar (CVE-2017-1000487) is being downloaded, as well as maven-shared-utils-3.2.1.jar (CVE-2022-29599). > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Attachments: Console-Log-Edit.JPG > > Original Estimate: 443h > Remaining Estimate: 443h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MJAVADOC-729) Link to Javadoc references from Java 17
Konrad Windszus created MJAVADOC-729: Summary: Link to Javadoc references from Java 17 Key: MJAVADOC-729 URL: https://issues.apache.org/jira/browse/MJAVADOC-729 Project: Maven Javadoc Plugin Issue Type: Improvement Components: javadoc Affects Versions: 3.4.1 Reporter: Konrad Windszus Currently the external links explaining javadoc features or options from the site at https://github.com/apache/maven-javadoc-plugin still [point to https://docs.oracle.com/javase/7/docs/technotes/tools/windows/javadoc.html|https://github.com/apache/maven-javadoc-plugin/search?q=https%3A%2F%2Fdocs.oracle.com%2Fjavase%2F7%2Fdocs%2Ftechnotes%2Ftools%2Fwindows%2Fjavadoc.html]. Instead one should leverage the new documentation at # https://docs.oracle.com/en/java/javase/17/docs/specs/javadoc/doc-comment-spec.html (for the standard doclet) and # https://docs.oracle.com/en/java/javase/17/javadoc/javadoc.html (for the options of the javadoc tool) The new documentation provides a better overview of javadoc and also describes the additions added since Java 7. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MJAVADOC-729) Link to Javadoc references from JDK 17
[ https://issues.apache.org/jira/browse/MJAVADOC-729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konrad Windszus updated MJAVADOC-729: - Summary: Link to Javadoc references from JDK 17 (was: Link to Javadoc references from Java 17) > Link to Javadoc references from JDK 17 > -- > > Key: MJAVADOC-729 > URL: https://issues.apache.org/jira/browse/MJAVADOC-729 > Project: Maven Javadoc Plugin > Issue Type: Improvement > Components: javadoc >Affects Versions: 3.4.1 >Reporter: Konrad Windszus >Priority: Major > > Currently the external links explaining javadoc features or options from the > site at https://github.com/apache/maven-javadoc-plugin still [point to > https://docs.oracle.com/javase/7/docs/technotes/tools/windows/javadoc.html|https://github.com/apache/maven-javadoc-plugin/search?q=https%3A%2F%2Fdocs.oracle.com%2Fjavase%2F7%2Fdocs%2Ftechnotes%2Ftools%2Fwindows%2Fjavadoc.html]. > Instead one should leverage the new documentation at > # > https://docs.oracle.com/en/java/javase/17/docs/specs/javadoc/doc-comment-spec.html > (for the standard doclet) and > # https://docs.oracle.com/en/java/javase/17/javadoc/javadoc.html (for the > options of the javadoc tool) > The new documentation provides a better overview of javadoc and also > describes the additions added since Java 7. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603216#comment-17603216 ] Michael Osipov commented on MWAR-456: - Please provide a miminal sample project which depicts the issue. > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Attachments: Console-Log-Edit.JPG > > Original Estimate: 443h > Remaining Estimate: 443h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov updated MWAR-456: Fix Version/s: waiting-for-feedback > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Fix For: waiting-for-feedback > > Attachments: Console-Log-Edit.JPG > > Original Estimate: 443h > Remaining Estimate: 443h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MWAR-444) Update plugin (requires Maven 3.2.5+)
[ https://issues.apache.org/jira/browse/MWAR-444?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov closed MWAR-444. --- > Update plugin (requires Maven 3.2.5+) > - > > Key: MWAR-444 > URL: https://issues.apache.org/jira/browse/MWAR-444 > Project: Maven WAR Plugin > Issue Type: Task >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > Fix For: 3.4.0 > > > Update plugin > * require Maven 3.2.5+ > * set maven bits to provided scope > * get rid of old baggage, update dependencies -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MWAR-450) ISO8859-1 properties files get changed into UTF-8 when filtered
[
https://issues.apache.org/jira/browse/MWAR-450?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov closed MWAR-450.
---
> ISO8859-1 properties files get changed into UTF-8 when filtered
> ---
>
> Key: MWAR-450
> URL: https://issues.apache.org/jira/browse/MWAR-450
> Project: Maven WAR Plugin
> Issue Type: Improvement
> Components: filtering
>Affects Versions: 3.3.2
>Reporter: Dennis Lundberg
>Assignee: Dennis Lundberg
>Priority: Major
> Fix For: 3.4.0
>
>
> This issue is similar to
> https://issues.apache.org/jira/browse/MRESOURCES-171, but for filtering web
> resources in maven-war-plugin.
> We add properties files that have ISO-8859-1 encoding, as per the Java 8
> requirements, as web resources in a war project. When these resources are
> filtered they get converted to the encoding specified by the
> project.build.sourceEncoding. There is a parameter resourceEncoding that can
> be used to change the encoding for web reources, but it applies to all web
> resource files which is not always what you want.
> Here is the configuration used:
> {code:xml}
>
>
>
> org.apache.maven.plugins
> maven-war-plugin
> 3.3.2
>
>
>
> WEB-INF/classes
> true
> src/main/webapp/WEB-INF/classes
>
>
>
>
>
>
> {code}
> We propose to add a new parameter propertiesEncoding to the AbstractWarMojo.
> If the value of this parameter is set and filtering is enabled and a web
> resource file is a properties file, then the value of the parameter is used
> as encoding when filtering the file.
> If the parameter is not specified it defaults to
> project.build.sourceEncoding, thus keeping the current behavior of the plugin
> unchanged.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603218#comment-17603218 ] Slawomir Jaranowski commented on MWAR-456: -- Thanks for investigation and finding such vulnerable, I hope that your security team can help other to be more safe and provide fix for plugin. Especially that this task can take 443 hours it is about 55 working days it is more that a few weeks, so help will be needed. > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Fix For: waiting-for-feedback > > Attachments: Console-Log-Edit.JPG > > Original Estimate: 443h > Remaining Estimate: 443h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joseph Angotti updated MWAR-456: Remaining Estimate: 60h (was: 443h) Original Estimate: 60h (was: 443h) > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Fix For: waiting-for-feedback > > Attachments: Console-Log-Edit.JPG > > Original Estimate: 60h > Remaining Estimate: 60h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603219#comment-17603219 ] Joseph Angotti commented on MWAR-456: - I've updated the estimate to 60 hours and will provide a sample maven project. > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Fix For: waiting-for-feedback > > Attachments: Console-Log-Edit.JPG > > Original Estimate: 60h > Remaining Estimate: 60h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-javadoc-plugin] kwin commented on pull request #160: fix link to documentation of link option
kwin commented on PR #160: URL: https://github.com/apache/maven-javadoc-plugin/pull/160#issuecomment-1244133563 @slawekjaranowski Just wanted to confirm that such a change is fine without a JIRA reference. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-javadoc-plugin] kwin merged pull request #160: fix link to documentation of link option
kwin merged PR #160: URL: https://github.com/apache/maven-javadoc-plugin/pull/160 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-javadoc-plugin] slawekjaranowski commented on pull request #160: fix link to documentation of link option
slawekjaranowski commented on PR #160: URL: https://github.com/apache/maven-javadoc-plugin/pull/160#issuecomment-1244143046 @kwin by the way you can look at build result without worry simple change in docs -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MSHARED-1022) Documents of patterns used for filtering
[
https://issues.apache.org/jira/browse/MSHARED-1022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Slawomir Jaranowski updated MSHARED-1022:
-
Labels: up-for-grabs (was: )
> Documents of patterns used for filtering
>
>
> Key: MSHARED-1022
> URL: https://issues.apache.org/jira/browse/MSHARED-1022
> Project: Maven Shared Components
> Issue Type: Improvement
> Components: maven-common-artifact-filters
>Reporter: Slawomir Jaranowski
>Priority: Major
> Labels: up-for-grabs
>
> For class:
> - {{org.apache.maven.shared.artifact.filter.PatternIncludesArtifactFilter}}
> - {{org.apache.maven.shared.artifact.filter.PatternExcludesArtifactFilter}}
>
> we can use patterns for filtering artifact, but pattern string is not
> documented.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-common-artifact-filters] slawekjaranowski merged pull request #32: [MSHARED-1131] Upgrade Parent to 37 and cleanup
slawekjaranowski merged PR #32: URL: https://github.com/apache/maven-common-artifact-filters/pull/32 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MSHARED-1131) Upgrade Parent to 37 and cleanup
[ https://issues.apache.org/jira/browse/MSHARED-1131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603227#comment-17603227 ] Hudson commented on MSHARED-1131: - Build succeeded in Jenkins: Maven » Maven TLP » maven-common-artifact-filters » master #23 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-common-artifact-filters/job/master/23/ > Upgrade Parent to 37 and cleanup > > > Key: MSHARED-1131 > URL: https://issues.apache.org/jira/browse/MSHARED-1131 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-common-artifact-filters >Reporter: Slawomir Jaranowski >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: maven-common-artifact-filters-3.3.2 > > > - use surefire version from parent > - commons-io in test scope > - remove unused maven-plugin-api > - bump mockito-core to 4.8.0 > - use fluido skin verson from parent -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MSHARED-1131) Upgrade Parent to 37 and cleanup
[ https://issues.apache.org/jira/browse/MSHARED-1131?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski closed MSHARED-1131. Resolution: Fixed > Upgrade Parent to 37 and cleanup > > > Key: MSHARED-1131 > URL: https://issues.apache.org/jira/browse/MSHARED-1131 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-common-artifact-filters >Reporter: Slawomir Jaranowski >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: maven-common-artifact-filters-3.3.2 > > > - use surefire version from parent > - commons-io in test scope > - remove unused maven-plugin-api > - bump mockito-core to 4.8.0 > - use fluido skin verson from parent -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-dependency-plugin] slawekjaranowski commented on pull request #223: Bump plexus-archiver from 4.2.2 to 4.4.0
slawekjaranowski commented on PR #223: URL: https://github.com/apache/maven-dependency-plugin/pull/223#issuecomment-1244242446 @jorsol - can you look? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dependency-plugin] slawekjaranowski merged pull request #243: Bump jsoup from 1.14.2 to 1.15.3 in /src/it/projects/analyze-testDependencyWithNonTestScope
slawekjaranowski merged PR #243: URL: https://github.com/apache/maven-dependency-plugin/pull/243 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dependency-plugin] slawekjaranowski merged pull request #244: Bump mockito-core from 4.7.0 to 4.8.0
slawekjaranowski merged PR #244: URL: https://github.com/apache/maven-dependency-plugin/pull/244 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MDEP-825) Bump mockito-core from 4.7.0 to 4.8.0
Slawomir Jaranowski created MDEP-825: Summary: Bump mockito-core from 4.7.0 to 4.8.0 Key: MDEP-825 URL: https://issues.apache.org/jira/browse/MDEP-825 Project: Maven Dependency Plugin Issue Type: Dependency upgrade Reporter: Slawomir Jaranowski Assignee: Slawomir Jaranowski Fix For: 3.4.0 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MDEP-825) Bump mockito-core from 4.7.0 to 4.8.0
[ https://issues.apache.org/jira/browse/MDEP-825?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski closed MDEP-825. Resolution: Fixed > Bump mockito-core from 4.7.0 to 4.8.0 > - > > Key: MDEP-825 > URL: https://issues.apache.org/jira/browse/MDEP-825 > Project: Maven Dependency Plugin > Issue Type: Dependency upgrade >Reporter: Slawomir Jaranowski >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: 3.4.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven] slawekjaranowski opened a new pull request, #801: [MNG-7463] Improve documentation about deprecation in Mojo
slawekjaranowski opened a new pull request, #801: URL: https://github.com/apache/maven/pull/801 Following this checklist to help us incorporate your contribution quickly and easily: - [x] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/MNG) filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes. - [x] Each commit in the pull request should have a meaningful subject line and body. - [x] Format the pull request title like `[MNG-XXX] SUMMARY`, where you replace `MNG-XXX` and `SUMMARY` with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message. - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [ ] Run `mvn clean verify` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically. - [ ] You have run the [Core IT][core-its] successfully. If your pull request is about ~20 lines of code you don't need to sign an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure please ask on the developers list. To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) you have to acknowledge this by using the following check-box. - [x] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) - [x] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf). [core-its]: https://maven.apache.org/core-its/core-it-suite/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-7463) Improve documentation about deprecation in Mojo
[
https://issues.apache.org/jira/browse/MNG-7463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603246#comment-17603246
]
ASF GitHub Bot commented on MNG-7463:
-
slawekjaranowski opened a new pull request, #801:
URL: https://github.com/apache/maven/pull/801
Following this checklist to help us incorporate your
contribution quickly and easily:
- [x] Make sure there is a [JIRA
issue](https://issues.apache.org/jira/browse/MNG) filed
for the change (usually before you start working on it). Trivial
changes like typos do not
require a JIRA issue. Your pull request should address just this
issue, without
pulling in other changes.
- [x] Each commit in the pull request should have a meaningful subject line
and body.
- [x] Format the pull request title like `[MNG-XXX] SUMMARY`, where you
replace `MNG-XXX`
and `SUMMARY` with the appropriate JIRA issue. Best practice is to
use the JIRA issue
title in the pull request title and in the first line of the commit
message.
- [ ] Write a pull request description that is detailed enough to
understand what the pull request does, how, and why.
- [ ] Run `mvn clean verify` to make sure basic checks pass. A more
thorough check will
be performed on your pull request automatically.
- [ ] You have run the [Core IT][core-its] successfully.
If your pull request is about ~20 lines of code you don't need to sign an
[Individual Contributor License
Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure
please ask on the developers list.
To make clear that you license your contribution under
the [Apache License Version 2.0, January
2004](http://www.apache.org/licenses/LICENSE-2.0)
you have to acknowledge this by using the following check-box.
- [x] I hereby declare this contribution to be licenced under the [Apache
License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
- [x] In any other case, please file an [Apache Individual Contributor
License Agreement](https://www.apache.org/licenses/icla.pdf).
[core-its]: https://maven.apache.org/core-its/core-it-suite/
> Improve documentation about deprecation in Mojo
> ---
>
> Key: MNG-7463
> URL: https://issues.apache.org/jira/browse/MNG-7463
> Project: Maven
> Issue Type: Improvement
> Components: Documentation: General, Plugin API
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.9.0-candidate
>
>
> fix, improve:
> - java docs of {{org.apache.maven.plugin.descriptor.MojoDescriptor}}
> -- {{deprecated}} filed and set/get methods.
> - maven-plugin-api/src/main/mdo/plugin.mdo
> -- descriptions of mojo, parameters deprecated field
> - https://maven.apache.org/developers/mojo-api-specification.html
> -- descriptions of mojo, parameters deprecated
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-dependency-plugin] dependabot[bot] commented on pull request #242: Bump maven-reporting-impl from 3.1.0 to 3.2.0
dependabot[bot] commented on PR #242: URL: https://github.com/apache/maven-dependency-plugin/pull/242#issuecomment-1244546019 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dependency-plugin] slawekjaranowski closed pull request #242: Bump maven-reporting-impl from 3.1.0 to 3.2.0
slawekjaranowski closed pull request #242: Bump maven-reporting-impl from 3.1.0 to 3.2.0 URL: https://github.com/apache/maven-dependency-plugin/pull/242 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-verifier] slawekjaranowski merged pull request #43: [MSHARED-1128] Introduce execute method and deprecate executeGoal(s)
slawekjaranowski merged PR #43: URL: https://github.com/apache/maven-verifier/pull/43 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MSHARED-1128) Deprecate all executeGoal(s) methods
[
https://issues.apache.org/jira/browse/MSHARED-1128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Slawomir Jaranowski closed MSHARED-1128.
Resolution: Fixed
> Deprecate all executeGoal(s) methods
>
>
> Key: MSHARED-1128
> URL: https://issues.apache.org/jira/browse/MSHARED-1128
> Project: Maven Shared Components
> Issue Type: Improvement
> Components: maven-verifier
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: maven-verifier-2.0.0
>
>
> Methods {{executeGoal(s)}} take as argument Maven goal for executing test.
> From command line executing perspective all of goals are next cli arguments.
> So instead of:
> {code}
> verifier.executeGoal( "package" );
> {code}
> we can use:
> {code}
> verifier.addCliOption( "package" );
> verifier.execute();
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MSHARED-1128) Deprecate all executeGoal(s) methods
[
https://issues.apache.org/jira/browse/MSHARED-1128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603262#comment-17603262
]
Hudson commented on MSHARED-1128:
-
Build succeeded in Jenkins: Maven » Maven TLP » maven-verifier » master #37
See
https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-verifier/job/master/37/
> Deprecate all executeGoal(s) methods
>
>
> Key: MSHARED-1128
> URL: https://issues.apache.org/jira/browse/MSHARED-1128
> Project: Maven Shared Components
> Issue Type: Improvement
> Components: maven-verifier
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: maven-verifier-2.0.0
>
>
> Methods {{executeGoal(s)}} take as argument Maven goal for executing test.
> From command line executing perspective all of goals are next cli arguments.
> So instead of:
> {code}
> verifier.executeGoal( "package" );
> {code}
> we can use:
> {code}
> verifier.addCliOption( "package" );
> verifier.execute();
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MSHARED-1134) Remove debug mode in Verifier
[
https://issues.apache.org/jira/browse/MSHARED-1134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603264#comment-17603264
]
Slawomir Jaranowski commented on MSHARED-1134:
--
No alternative ... I don't see any benefit of printing 3 line of logs ...
> Remove debug mode in Verifier
> -
>
> Key: MSHARED-1134
> URL: https://issues.apache.org/jira/browse/MSHARED-1134
> Project: Maven Shared Components
> Issue Type: Improvement
> Components: maven-verifier
>Reporter: Slawomir Jaranowski
>Priority: Major
> Fix For: maven-verifier-2.0.0
>
>
> In Verifier we have {{debug}} field and corresponding constructors and
> setters for it
> Behavior for this flags was probably execute Verifier in {{debug}} mode, so
> - *only* in constructor original {{System.out/err}} are saved
> - *only* in {{setDebug}} method {{System.out/err}} are overrided
> - Verifier during executions use {{System.out.println(..)}} as logging purpose
> - in {{displayStreamBuffers}} we can print before recoded logs
> And finally method {{resetStreams}} must be called on {{Verifier}} in order
> to restore original {{System.out/err}} stream.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (MSHARED-1134) Remove debug mode in Verifier
[
https://issues.apache.org/jira/browse/MSHARED-1134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603264#comment-17603264
]
Slawomir Jaranowski edited comment on MSHARED-1134 at 9/12/22 9:55 PM:
---
No alternative ... I don't see any benefit of printing 3 lines of logs ...
was (Author: slawekjaranowski):
No alternative ... I don't see any benefit of printing 3 line of logs ...
> Remove debug mode in Verifier
> -
>
> Key: MSHARED-1134
> URL: https://issues.apache.org/jira/browse/MSHARED-1134
> Project: Maven Shared Components
> Issue Type: Improvement
> Components: maven-verifier
>Reporter: Slawomir Jaranowski
>Priority: Major
> Fix For: maven-verifier-2.0.0
>
>
> In Verifier we have {{debug}} field and corresponding constructors and
> setters for it
> Behavior for this flags was probably execute Verifier in {{debug}} mode, so
> - *only* in constructor original {{System.out/err}} are saved
> - *only* in {{setDebug}} method {{System.out/err}} are overrided
> - Verifier during executions use {{System.out.println(..)}} as logging purpose
> - in {{displayStreamBuffers}} we can print before recoded logs
> And finally method {{resetStreams}} must be called on {{Verifier}} in order
> to restore original {{System.out/err}} stream.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-verifier] slawekjaranowski commented on a diff in pull request #42: [MSHARED-1129] Prepare for replace CLI options with CLI args
slawekjaranowski commented on code in PR #42:
URL: https://github.com/apache/maven-verifier/pull/42#discussion_r968973626
##
src/main/java/org/apache/maven/shared/verifier/Verifier.java:
##
@@ -1566,38 +1567,77 @@ public void reset()
}
}
+/**
+ * @deprecated will be removed without replacement,
+ * for arguments adding please use {@link #addCliArgument(String)}, {@link
#addCliArguments(String...)}
+ */
+@Deprecated
public List getCliOptions()
{
-return cliOptions;
+return cliArguments;
}
+/**
+ * @deprecated will be removed
+ */
+@Deprecated
public void setCliOptions( List cliOptions )
{
-this.cliOptions = cliOptions;
+this.cliArguments = cliOptions;
}
/**
* Add a command line argument, each argument must be set separately one
by one.
*
* ${basedir} in argument will be replaced by value of {@link
#getBasedir()} during execution.
* @param option an argument to add
+ * @deprecated please use {@link #addCliArgument(String)}
*/
+@Deprecated
public void addCliOption( String option )
{
-cliOptions.add( option );
+addCliArgument( option );
+}
+
+/**
+ * Add a command line argument, each argument must be set separately one
by one.
+ *
+ * ${basedir} in argument will be replaced by value of {@link
#getBasedir()} during execution.
+ *
+ * @param cliArgument an argument to add
+ */
+public void addCliArgument( String cliArgument )
+{
+cliArguments.add( cliArgument );
}
/**
* Add a command line arguments, each argument must be set separately one
by one.
*
* ${basedir} in argument will be replaced by value of {@link
#getBasedir()} during execution.
+ *
* @param options an arguments list to add
+ * @deprecated
*/
+@Deprecated
Review Comment:
Done in:
https://github.com/apache/maven-verifier/commit/76b0ffe3228dbccdccbc0bdccb618059e6bee4b7
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [maven-dependency-plugin] jorsol commented on pull request #223: Bump plexus-archiver from 4.2.2 to 4.4.0
jorsol commented on PR #223: URL: https://github.com/apache/maven-dependency-plugin/pull/223#issuecomment-1244671764 > @jorsol - can you look? There are a couple of issues, the first one is that `plexus-archiver` was updated to drop legacy plexus API https://github.com/codehaus-plexus/plexus-archiver/pull/220 in 4.4.0, the easy fix is to just update the test to do the lookup to the class instead of "ROLE" (which no longer exists). The second issue is that `maven-plugin-testing-harness` is using reflection to hack the logger and set a silent log, but from the previous PR the logger was changed to SLF4J instead of plexus logging so this fails: https://github.com/apache/maven-plugin-testing/blob/7d6518b0d32d820efa15f7b4d022b8524a9b1d1b/maven-plugin-testing-harness/src/main/java/org/apache/maven/plugin/testing/ArtifactStubFactory.java#L305-L313 This is throwing an IllegalArgumentException which is not in the catch (to be ignored), so the fix needs to be done in the testing harness. The third issue is that the unpack is not overwriting the file when it has to, for this, I need more time to check as I wasn't able to find out why right now. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia-sitetools] dependabot[bot] opened a new pull request, #61: Bump slf4jVersion from 1.7.36 to 2.0.0
dependabot[bot] opened a new pull request, #61: URL: https://github.com/apache/maven-doxia-sitetools/pull/61 Bumps `slf4jVersion` from 1.7.36 to 2.0.0. Updates `slf4j-api` from 1.7.36 to 2.0.0 Commits https://github.com/qos-ch/slf4j/commit/0614d467d7bca81724f45e228f4f871161222b51";>0614d46 prepare release 2.0.0 https://github.com/qos-ch/slf4j/commit/b1afcd01b1092f0dfda12b4502aa202124e24a8e";>b1afcd0 javadoc edits https://github.com/qos-ch/slf4j/commit/20cd3ad0abd25d1837f5b9354c6729cb4a978d69";>20cd3ad start work on 2.0.0-SNAPSHOT https://github.com/qos-ch/slf4j/commit/aeebb6199d412a3883af2d0c414a69fde26b5971";>aeebb61 prepare release 2.0.0-beta1 https://github.com/qos-ch/slf4j/commit/1068cd0eb9fb2460d368e3ba6112517ef3fedd2a";>1068cd0 javadoc changes https://github.com/qos-ch/slf4j/commit/4e4e56a2df730cdb6877449b6341279208f20a78";>4e4e56a add CheckReturnValue annotation in org.slf4j.helpers https://github.com/qos-ch/slf4j/commit/0dcfa19040fb2d7f45dfe00823d15bdff0434d6a";>0dcfa19 check for return value in some oggingEventBuilder methods https://github.com/qos-ch/slf4j/commit/e7ca8d17c8db1fc956019404153cc7b90b8f0c61";>e7ca8d1 start work on 2.0.0-beta1-SNAPSHOPT https://github.com/qos-ch/slf4j/commit/2314de9dd9f9abbef360f5c6240487c0ac7e5fc3";>2314de9 add setMessage and log method to the fluent API https://github.com/qos-ch/slf4j/commit/508a796552640c83d6d814374a9b50a424e88cfa";>508a796 set version to 2.0.0-beta0 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.0";>compare view Updates `slf4j-simple` from 1.7.36 to 2.0.0 Commits https://github.com/qos-ch/slf4j/commit/0614d467d7bca81724f45e228f4f871161222b51";>0614d46 prepare release 2.0.0 https://github.com/qos-ch/slf4j/commit/b1afcd01b1092f0dfda12b4502aa202124e24a8e";>b1afcd0 javadoc edits https://github.com/qos-ch/slf4j/commit/20cd3ad0abd25d1837f5b9354c6729cb4a978d69";>20cd3ad start work on 2.0.0-SNAPSHOT https://github.com/qos-ch/slf4j/commit/aeebb6199d412a3883af2d0c414a69fde26b5971";>aeebb61 prepare release 2.0.0-beta1 https://github.com/qos-ch/slf4j/commit/1068cd0eb9fb2460d368e3ba6112517ef3fedd2a";>1068cd0 javadoc changes https://github.com/qos-ch/slf4j/commit/4e4e56a2df730cdb6877449b6341279208f20a78";>4e4e56a add CheckReturnValue annotation in org.slf4j.helpers https://github.com/qos-ch/slf4j/commit/0dcfa19040fb2d7f45dfe00823d15bdff0434d6a";>0dcfa19 check for return value in some oggingEventBuilder methods https://github.com/qos-ch/slf4j/commit/e7ca8d17c8db1fc956019404153cc7b90b8f0c61";>e7ca8d1 start work on 2.0.0-beta1-SNAPSHOPT https://github.com/qos-ch/slf4j/commit/2314de9dd9f9abbef360f5c6240487c0ac7e5fc3";>2314de9 add setMessage and log method to the fluent API https://github.com/qos-ch/slf4j/commit/508a796552640c83d6d814374a9b50a424e88cfa";>508a796 set version to 2.0.0-beta0 Additional commits viewable in https://github.com/qos-ch/slf4j/compare/v_1.7.36...v_2.0.0";>compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia-sitetools] dependabot[bot] opened a new pull request, #62: Bump maven-parent from 36 to 37
dependabot[bot] opened a new pull request, #62: URL: https://github.com/apache/maven-doxia-sitetools/pull/62 Bumps [maven-parent](https://github.com/apache/maven-parent) from 36 to 37. Release notes Sourced from https://github.com/apache/maven-parent/releases";>maven-parent's releases. 37 What's Changed [MPOM-317] Upgrade fluido skin to 1.11.0 by https://github.com/slawekjaranowski";>@slawekjaranowski in https://github-redirect.dependabot.com/apache/maven-parent/pull/66";>apache/maven-parent#66 Bump maven-pmd-plugin from 3.16.0 to 3.17.0 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/64";>apache/maven-parent#64 [MPOM-322] Add ASF Data Privacy by https://github.com/slawekjaranowski";>@slawekjaranowski in https://github-redirect.dependabot.com/apache/maven-parent/pull/65";>apache/maven-parent#65 [MPOM-324] Drop Social Media Plug-ins from documentation by https://github.com/slawekjaranowski";>@slawekjaranowski in https://github-redirect.dependabot.com/apache/maven-parent/pull/67";>apache/maven-parent#67 [MPOM-331] Upgrade Surefire to 3.0.0-M7 by https://github.com/slachiewicz";>@slachiewicz in https://github-redirect.dependabot.com/apache/maven-parent/pull/68";>apache/maven-parent#68 [MPOM-334] Upgrade fluido skin to 1.11.1 by https://github.com/slawekjaranowski";>@slawekjaranowski in https://github-redirect.dependabot.com/apache/maven-parent/pull/70";>apache/maven-parent#70 Bump maven-toolchains-plugin from 3.0.0 to 3.1.0 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/69";>apache/maven-parent#69 Bump extra-enforcer-rules from 1.5.1 to 1.6.0 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/71";>apache/maven-parent#71 Bump apache from 26 to 27 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/72";>apache/maven-parent#72 Full Changelog: https://github.com/apache/maven-parent/compare/maven-parent-36...maven-parent-37";>https://github.com/apache/maven-parent/compare/maven-parent-36...maven-parent-37 Commits See full diff in https://github.com/apache/maven-parent/commits";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia-sitetools] dependabot[bot] opened a new pull request, #63: Bump junitVersion from 5.8.2 to 5.9.0
dependabot[bot] opened a new pull request, #63: URL: https://github.com/apache/maven-doxia-sitetools/pull/63 Bumps `junitVersion` from 5.8.2 to 5.9.0. Updates `junit-jupiter-api` from 5.8.2 to 5.9.0 Release notes Sourced from https://github.com/junit-team/junit5/releases";>junit-jupiter-api's releases. JUnit 5.9.0 = Platform 1.9.0 + Jupiter 5.9.0 + Vintage 5.9.0 See http://junit.org/junit5/docs/5.9.0/release-notes/";>Release Notes. JUnit 5.9.0-RC1 = Platform 1.9.0-RC1 + Jupiter 5.9.0-RC1 + Vintage 5.9.0-RC1 See http://junit.org/junit5/docs/5.9.0-RC1/release-notes/";>Release Notes. JUnit 5.9.0-M1 = Platform 1.9.0-M1 + Jupiter 5.9.0-M1 + Vintage 5.9.0-M1 See http://junit.org/junit5/docs/5.9.0-M1/release-notes/";>Release Notes. Commits https://github.com/junit-team/junit5/commit/3ed71dff121ff4cfe6355195f274244c7acea0bd";>3ed71df Release 5.9 https://github.com/junit-team/junit5/commit/d3f8e4ad9e43b12741c3614451daba496bc35323";>d3f8e4a Prepare 5.9 release notes https://github.com/junit-team/junit5/commit/2aaf24c35d0ec3cb6c84ed6bb53469347de09605";>2aaf24c Improve debug mode detection in JUnit Jupiter (https://github-redirect.dependabot.com/junit-team/junit5/issues/2973";>#2973) https://github.com/junit-team/junit5/commit/be5566839aa593101c3ffe10bd529d062ef068c7";>be55668 Use suite events for more accurate reporting (https://github-redirect.dependabot.com/junit-team/junit5/issues/2985";>#2985) https://github.com/junit-team/junit5/commit/5fdb138924f59703a6a4fcd0cdcde6d1a224a950";>5fdb138 Fix https://github.com/ArgumentsSource";>@ArgumentsSource annotation name in user guide (https://github-redirect.dependabot.com/junit-team/junit5/issues/2980";>#2980) https://github.com/junit-team/junit5/commit/5407208ba97865eeabc0fa53593e98a95620ec36";>5407208 Bump com.gradle.enterprise from 3.10.2 to 3.10.3 (https://github-redirect.dependabot.com/junit-team/junit5/issues/2981";>#2981) https://github.com/junit-team/junit5/commit/e91e5dc26b86d0fc0a92f747f0b5dcdc9e5fbec2";>e91e5dc Introduce AssertionFailureBuilder (https://github-redirect.dependabot.com/junit-team/junit5/issues/2972";>#2972) https://github.com/junit-team/junit5/commit/08b102c905b187d058f942c9bd27df27cb4e86a3";>08b102c Upgradle to 7.5 https://github.com/junit-team/junit5/commit/49ca772ba6c6bf6ef7ea146ceda8dd54f287026e";>49ca772 Polish Javadoc for https://github.com/EnabledIf";>@EnabledIf and https://github.com/DisabledIf";>@DisabledIf https://github.com/junit-team/junit5/commit/dafaabf27350d7b49a32bcbf9e9df76854824d3e";>dafaabf Stabilize test on Windows Additional commits viewable in https://github.com/junit-team/junit5/compare/r5.8.2...r5.9.0";>compare view Updates `junit-jupiter-engine` from 5.8.2 to 5.9.0 Release notes Sourced from https://github.com/junit-team/junit5/releases";>junit-jupiter-engine's releases. JUnit 5.9.0 = Platform 1.9.0 + Jupiter 5.9.0 + Vintage 5.9.0 See http://junit.org/junit5/docs/5.9.0/release-notes/";>Release Notes. JUnit 5.9.0-RC1 = Platform 1.9.0-RC1 + Jupiter 5.9.0-RC1 + Vintage 5.9.0-RC1 See http://junit.org/junit5/docs/5.9.0-RC1/release-notes/";>Release Notes. JUnit 5.9.0-M1 = Platform 1.9.0-M1 + Jupiter 5.9.0-M1 + Vintage 5.9.0-M1 See http://junit.org/junit5/docs/5.9.0-M1/release-notes/";>Release Notes. Commits https://github.com/junit-team/junit5/commit/3ed71dff121ff4cfe6355195f274244c7acea0bd";>3ed71df Release 5.9 https://github.com/junit-team/junit5/commit/d3f8e4ad9e43b12741c3614451daba496bc35323";>d3f8e4a Prepare 5.9 release notes https://github.com/junit-team/junit5/commit/2aaf24c35d0ec3cb6c84ed6bb53469347de09605";>2aaf24c Improve debug mode detection in JUnit Jupiter (https://github-redirect.dependabot.com/junit-team/junit5/issues/2973";>#2973) https://github.com/junit-team/junit5/commit/be5566839aa593101c3ffe10bd529d062ef068c7";>be55668 Use suite events for more accurate reporting (https://github-redirect.dependabot.com/junit-team/junit5/issues/2985";>#2985) https://github.com/junit-team/junit5/commit/5fdb138924f59703a6a4fcd0cdcde6d1a224a950";>5fdb138 Fix https://github.com/ArgumentsSource";>@ArgumentsSource annotation name in user guide (https://github-redirect.dependabot.com/junit-team/junit5/issues/2980";>#2980) https://github.com/junit-team/junit5/commit/5407208ba97865eeabc0fa53593e98a95620ec36";>5407208 Bump com.gradle.enterprise from 3.10.2 to 3.10.3 (https://github-redirect.dependabot.com/junit-team/junit5/issues/2981";>#2981) https://github.com/junit-team/junit5/commit/e91e5dc26b86d0fc0a92f747f0b5dcdc9e5fbec2";>e91e5dc Introduce AssertionFailureBuilder (https://github-redirect.dependabot.com/junit-team/junit5/issues/2972";>#2972) https://github.com/junit-team/junit5/commit/08b102c905b187d058f942c9bd27df27cb4e86a3";>08b102c Upgradle to 7.5 https://github.com/junit-team/junit5/commit/49ca772ba6c6b
[GitHub] [maven-mvnd] tisonkun opened a new issue, #688: Fail to install mvnd from SDKMAN! on Apple M1 machine
tisonkun opened a new issue, #688: URL: https://github.com/apache/maven-mvnd/issues/688 ``` $ sdk install mvnd Stop! mvnd 0.8.0 is not available. Possible causes: * 0.8.0 is an invalid version * mvnd binaries are incompatible with your platform * mvnd has not been released yet Tip: see all available versions for your platform: $ sdk list mvnd ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] tisonkun commented on issue #688: Fail to install mvnd from SDKMAN! on Apple M1 machine
tisonkun commented on issue #688: URL: https://github.com/apache/maven-mvnd/issues/688#issuecomment-1244729092 ``` $ sdk list mvnd | cat - Available Mvnd Versions + - local version * - installed > - currently in use ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] gnodet commented on issue #688: Fail to install mvnd from SDKMAN! on Apple M1 machine
gnodet commented on issue #688: URL: https://github.com/apache/maven-mvnd/issues/688#issuecomment-1244740053 Looks related to https://github.com/apache/maven-mvnd/issues/337 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] tisonkun closed issue #688: Fail to install mvnd from SDKMAN! on Apple M1 machine
tisonkun closed issue #688: Fail to install mvnd from SDKMAN! on Apple M1 machine URL: https://github.com/apache/maven-mvnd/issues/688 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] tisonkun commented on issue #688: Fail to install mvnd from SDKMAN! on Apple M1 machine
tisonkun commented on issue #688: URL: https://github.com/apache/maven-mvnd/issues/688#issuecomment-1244744919 @gnodet Thanks! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joseph Angotti updated MWAR-456: Attachment: Test APCS Project Pom.xml > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Fix For: waiting-for-feedback > > Attachments: Console-Log-Edit.JPG, Test APCS Project Pom.xml > > Original Estimate: 60h > Remaining Estimate: 60h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603299#comment-17603299 ] Joseph Angotti commented on MWAR-456: - I've created and attached a sample test project ([^Test APCS Project Pom.xml] and verified they're not being downloaded. It must be something related to our main project's pom elsewhere, and they're being pulled in somehow a different way. > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Fix For: waiting-for-feedback > > Attachments: Console-Log-Edit.JPG, Test APCS Project Pom.xml > > Original Estimate: 60h > Remaining Estimate: 60h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603299#comment-17603299 ] Joseph Angotti edited comment on MWAR-456 at 9/13/22 2:22 AM: -- I've created and attached above a sample test project and verified they're not being downloaded. It must be something related to our main project's pom elsewhere, and they're being pulled in somehow a different way. was (Author: JIRAUSER295644): I've created and attached a sample test project ([^Test APCS Project Pom.xml] and verified they're not being downloaded. It must be something related to our main project's pom elsewhere, and they're being pulled in somehow a different way. > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Fix For: waiting-for-feedback > > Attachments: Console-Log-Edit.JPG, Test APCS Project Pom.xml > > Original Estimate: 60h > Remaining Estimate: 60h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joseph Angotti updated MWAR-456: Attachment: Test APCS Project Pom.xml > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Fix For: waiting-for-feedback > > Attachments: Console-Log-Edit.JPG, Test APCS Project Pom.xml > > Original Estimate: 60h > Remaining Estimate: 60h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joseph Angotti updated MWAR-456: Attachment: Test APCS Project Pom-1.xml > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Fix For: waiting-for-feedback > > Attachments: Console-Log-Edit.JPG, Test APCS Project Pom.xml > > Original Estimate: 60h > Remaining Estimate: 60h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joseph Angotti updated MWAR-456: Attachment: (was: Test APCS Project Pom.xml) > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Fix For: waiting-for-feedback > > Attachments: Console-Log-Edit.JPG, Test APCS Project Pom.xml > > Original Estimate: 60h > Remaining Estimate: 60h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joseph Angotti updated MWAR-456: Attachment: (was: Test APCS Project Pom-1.xml) > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Fix For: waiting-for-feedback > > Attachments: Console-Log-Edit.JPG, Test APCS Project Pom.xml > > Original Estimate: 60h > Remaining Estimate: 60h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (MWAR-456) Latest maven-war-plugin causing vulnerable .jars to be downloaded
[ https://issues.apache.org/jira/browse/MWAR-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603299#comment-17603299 ] Joseph Angotti edited comment on MWAR-456 at 9/13/22 2:23 AM: -- I've created and attached above a sample test project pom file and verified the vulnerable .jar files are not being downloaded. It must be something related to our main project's pom elsewhere, and they're being pulled in somehow a different way. was (Author: JIRAUSER295644): I've created and attached above a sample test project and verified they're not being downloaded. It must be something related to our main project's pom elsewhere, and they're being pulled in somehow a different way. > Latest maven-war-plugin causing vulnerable .jars to be downloaded > - > > Key: MWAR-456 > URL: https://issues.apache.org/jira/browse/MWAR-456 > Project: Maven WAR Plugin > Issue Type: Bug >Affects Versions: 3.3.2 > Environment: Linux, Windows >Reporter: Joseph Angotti >Priority: Blocker > Fix For: waiting-for-feedback > > Attachments: Console-Log-Edit.JPG, Test APCS Project Pom.xml > > Original Estimate: 60h > Remaining Estimate: 60h > > We are planning to upgrade our project's parent pom.xml file to use > maven-war-plugin 3.3.2, which is the latest version, but somehow it is > causing 2 vulnerable .jar files, plexus-utils-2.0.5.jar, and > maven-shared-utils-3.2.1.jar, to download from our JFrog Artifactory > repository when it shouldn't be. Other versions of the maven-war-plugin seem > to result in the same issue. > Is there someone available who can assist with this issue as soon as > possible? Our development efforts are currently blocked because of this > issue. We need to be able to upgrade to the latest version of the > maven-war-plugin and prevent vulnerable .jar files from being downloaded as > soon as possible before our remediation deadline in a few weeks. Thank you > (see the maven console logs attached for more details). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-dependency-plugin] slawekjaranowski commented on pull request #223: Bump plexus-archiver from 4.2.2 to 4.4.0
slawekjaranowski commented on PR #223: URL: https://github.com/apache/maven-dependency-plugin/pull/223#issuecomment-1244896451 Ups maven-plugin-testing-harness to fix and release ... 😄 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-shared-utils] slawekjaranowski closed pull request #115: Bump slf4j-api from 1.7.36 to 2.0.0
slawekjaranowski closed pull request #115: Bump slf4j-api from 1.7.36 to 2.0.0 URL: https://github.com/apache/maven-shared-utils/pull/115 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-shared-utils] dependabot[bot] commented on pull request #115: Bump slf4j-api from 1.7.36 to 2.0.0
dependabot[bot] commented on PR #115: URL: https://github.com/apache/maven-shared-utils/pull/115#issuecomment-1244911431 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MSHARED-1122) FileUtils: avoid getCanonicalPath()
[
https://issues.apache.org/jira/browse/MSHARED-1122?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603338#comment-17603338
]
Slawomir Jaranowski commented on MSHARED-1122:
--
By the way {{FileUtils#copyFile}} is deprecated ...
> FileUtils: avoid getCanonicalPath()
> ---
>
> Key: MSHARED-1122
> URL: https://issues.apache.org/jira/browse/MSHARED-1122
> Project: Maven Shared Components
> Issue Type: Improvement
> Components: maven-shared-utils
> Environment: Windows
>Reporter: Jörg Kubitz
>Priority: Minor
> Attachments: image-2022-08-22-18-18-52-811.png
>
>
> On JDK 11 the result has been cached with in JVM.
> Since JDK 12 the result is not cached anymore by default (See
> [https://bugs.openjdk.java.net/browse/JDK-8207005]) and now very slow on
> windows.
> For org.apache.maven.shared.utils.io.FileUtils.copyFile(File, File)
> please use java.nio.file.Files.isSameFile(Path, Path) instead.
> note: it's needed to call file.exists() before using Files.isSameFile() or
> catch NoSuchFileException
> @see
> [https://git.eclipse.org/r/c/platform/eclipse.platform.resources/+/180308/10/bundles/org.eclipse.core.filesystem/src/org/eclipse/core/internal/filesystem/local/LocalFile.java]
> for a similar fix.
> Here is a screenshot of sampling eclipse showing getCanonicalPath() as a
> hotspot:
> !image-2022-08-22-18-18-52-811.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-shared-utils] slawekjaranowski merged pull request #114: [MSHARED-1122] FileUtils: avoid getCanonicalPath()
slawekjaranowski merged PR #114: URL: https://github.com/apache/maven-shared-utils/pull/114 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MSHARED-1122) FileUtils: avoid getCanonicalPath()
[ https://issues.apache.org/jira/browse/MSHARED-1122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski closed MSHARED-1122. Fix Version/s: maven-shared-utils-4.0.0 Assignee: Slawomir Jaranowski Resolution: Fixed > FileUtils: avoid getCanonicalPath() > --- > > Key: MSHARED-1122 > URL: https://issues.apache.org/jira/browse/MSHARED-1122 > Project: Maven Shared Components > Issue Type: Improvement > Components: maven-shared-utils > Environment: Windows >Reporter: Jörg Kubitz >Assignee: Slawomir Jaranowski >Priority: Minor > Fix For: maven-shared-utils-4.0.0 > > Attachments: image-2022-08-22-18-18-52-811.png > > > On JDK 11 the result has been cached with in JVM. > Since JDK 12 the result is not cached anymore by default (See > [https://bugs.openjdk.java.net/browse/JDK-8207005]) and now very slow on > windows. > For org.apache.maven.shared.utils.io.FileUtils.copyFile(File, File) > please use java.nio.file.Files.isSameFile(Path, Path) instead. > note: it's needed to call file.exists() before using Files.isSameFile() or > catch NoSuchFileException > @see > [https://git.eclipse.org/r/c/platform/eclipse.platform.resources/+/180308/10/bundles/org.eclipse.core.filesystem/src/org/eclipse/core/internal/filesystem/local/LocalFile.java] > for a similar fix. > Here is a screenshot of sampling eclipse showing getCanonicalPath() as a > hotspot: > !image-2022-08-22-18-18-52-811.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSHARED-1122) FileUtils: avoid getCanonicalPath()
[ https://issues.apache.org/jira/browse/MSHARED-1122?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603340#comment-17603340 ] Hudson commented on MSHARED-1122: - Build succeeded in Jenkins: Maven » Maven TLP » maven-shared-utils » master #25 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-shared-utils/job/master/25/ > FileUtils: avoid getCanonicalPath() > --- > > Key: MSHARED-1122 > URL: https://issues.apache.org/jira/browse/MSHARED-1122 > Project: Maven Shared Components > Issue Type: Improvement > Components: maven-shared-utils > Environment: Windows >Reporter: Jörg Kubitz >Assignee: Slawomir Jaranowski >Priority: Minor > Fix For: maven-shared-utils-4.0.0 > > Attachments: image-2022-08-22-18-18-52-811.png > > > On JDK 11 the result has been cached with in JVM. > Since JDK 12 the result is not cached anymore by default (See > [https://bugs.openjdk.java.net/browse/JDK-8207005]) and now very slow on > windows. > For org.apache.maven.shared.utils.io.FileUtils.copyFile(File, File) > please use java.nio.file.Files.isSameFile(Path, Path) instead. > note: it's needed to call file.exists() before using Files.isSameFile() or > catch NoSuchFileException > @see > [https://git.eclipse.org/r/c/platform/eclipse.platform.resources/+/180308/10/bundles/org.eclipse.core.filesystem/src/org/eclipse/core/internal/filesystem/local/LocalFile.java] > for a similar fix. > Here is a screenshot of sampling eclipse showing getCanonicalPath() as a > hotspot: > !image-2022-08-22-18-18-52-811.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-plugin-testing] slawekjaranowski commented on a diff in pull request #26: [MPLUGINTESTING-74] Using generics to return the matched type for lookup and getVariableValue methods
slawekjaranowski commented on code in PR #26:
URL:
https://github.com/apache/maven-plugin-testing/pull/26#discussion_r969188537
##
maven-plugin-testing-harness/src/test/java/org/apache/maven/plugin/testing/MojoRuleTest.java:
##
@@ -165,4 +168,23 @@ public void testWithRuleWrapper()
{
assertTrue( "before executed because WithMojo annotation was not
added", beforeWasCalled );
}
+
+/**
+ * @throws Exception if any
+ */
+
+/**
+ * @throws Exception if any
+ */
Review Comment:
duplicate comments
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [maven-mvnd] gnodet commented on issue #688: Fail to install mvnd from SDKMAN! on Apple M1 machine
gnodet commented on issue #688: URL: https://github.com/apache/maven-mvnd/issues/688#issuecomment-1244967299 Note that you can still install mvnd manually and use the shell script (`mvnd.sh`) instead of the native client. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] tisonkun commented on issue #688: Fail to install mvnd from SDKMAN! on Apple M1 machine
tisonkun commented on issue #688: URL: https://github.com/apache/maven-mvnd/issues/688#issuecomment-1244970158 @gnodet Thank you. I'll check whether it's a clean solution. That is, no global installation or hidden folders. I'd prefer a package manager to avoid manually cleaning up when I'd like to uninstall the artifact. I may never uninstall, but it's a prerequisite :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
