date:20240925



dependabot[bot] commented on PR #99:
URL: https://github.com/apache/maven-jar-plugin/pull/99#issuecomment-2375614062

   A newer version of org.junit.jupiter:junit-jupiter-api exists, but since 
this PR has been edited by someone other than Dependabot I haven't updated it. 
You'll get a PR for the updated version as normal once this PR is merged.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump org.junit:junit-bom from 5.11.0 to 5.11.1 [maven-jlink-plugin]



dependabot[bot] opened a new pull request, #216:
URL: https://github.com/apache/maven-jlink-plugin/pull/216

   Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 
5.11.0 to 5.11.1.
   
   Release notes
   Sourced from https://github.com/junit-team/junit5/releases";>org.junit:junit-bom's 
releases.
   
   JUnit 5.11.1 = Platform 1.11.1 + Jupiter 5.11.1 + Vintage 5.11.1
   See http://junit.org/junit5/docs/5.11.1/release-notes/";>Release 
Notes.
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1
   
   
   
   Commits
   
   https://github.com/junit-team/junit5/commit/e4b2c0c1384dd980abbd61c11322c419cf7cd1eb";>e4b2c0c
 Release 5.11.1
   https://github.com/junit-team/junit5/commit/c37b179f74e06ddaa7a86d82ff4ea2a8d04a0ea9";>c37b179
 Finalize 5.11.1 release notes
   https://github.com/junit-team/junit5/commit/a7b1c49702ddf8113a7e74da2cfe6ca9e3e35521";>a7b1c49
 Include 5.10.4 release notes
   https://github.com/junit-team/junit5/commit/3646b7d37e3401d9cda0106290bbf9cb36a735b2";>3646b7d
 Document benefits of messageSupplier in Assertions 
(https://redirect.github.com/junit-team/junit5/issues/3938";>#3938)
   https://github.com/junit-team/junit5/commit/6b9f15d9d53ceef1db1a0fa1fd3e7f38f757e88e";>6b9f15d
 Delete unnecessary (and potentially misleading) comment in User Guide
   https://github.com/junit-team/junit5/commit/98dafd3746dcf141ac8b5906f26e69e9a140ff5d";>98dafd3
 Reduce flakiness
   https://github.com/junit-team/junit5/commit/6529d8d4b14e0ab2b9134a9d9b0d9260ba2f6410";>6529d8d
 Allow for work stealing when only holding read locks (https://redirect.github.com/junit-team/junit5/issues/4012";>#4012)
   https://github.com/junit-team/junit5/commit/0d25a5a0ddab609df3d7382264b050dc61f54d2f";>0d25a5a
 Fix YAML syntax
   https://github.com/junit-team/junit5/commit/28dd375d31995365ed36c40270be619b4d64be99";>28dd375
 Fix step label
   https://github.com/junit-team/junit5/commit/348ef61d6b2f945cb0bf315b97eef80a41686a88";>348ef61
 Switch to Temurin for JDK 23 (https://redirect.github.com/junit-team/junit5/issues/4005";>#4005)
   Additional commits viewable in https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit:junit-bom&package-manager=maven&previous-version=5.11.0&new-version=5.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump org.junit.jupiter:junit-jupiter-api from 5.10.2 to 5.11.0 [maven-install-plugin]



dependabot[bot] commented on PR #82:
URL: 
https://github.com/apache/maven-install-plugin/pull/82#issuecomment-2375876131

   A newer version of org.junit.jupiter:junit-jupiter-api exists, but since 
this PR has been edited by someone other than Dependabot I haven't updated it. 
You'll get a PR for the updated version as normal once this PR is merged.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump org.junit.jupiter:junit-jupiter from 5.11.0 to 5.11.1 [maven-verifier]



dependabot[bot] opened a new pull request, #98:
URL: https://github.com/apache/maven-verifier/pull/98

   Bumps 
[org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 
5.11.0 to 5.11.1.
   
   Release notes
   Sourced from https://github.com/junit-team/junit5/releases";>org.junit.jupiter:junit-jupiter's
 releases.
   
   JUnit 5.11.1 = Platform 1.11.1 + Jupiter 5.11.1 + Vintage 5.11.1
   See http://junit.org/junit5/docs/5.11.1/release-notes/";>Release 
Notes.
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1
   
   
   
   Commits
   
   https://github.com/junit-team/junit5/commit/e4b2c0c1384dd980abbd61c11322c419cf7cd1eb";>e4b2c0c
 Release 5.11.1
   https://github.com/junit-team/junit5/commit/c37b179f74e06ddaa7a86d82ff4ea2a8d04a0ea9";>c37b179
 Finalize 5.11.1 release notes
   https://github.com/junit-team/junit5/commit/a7b1c49702ddf8113a7e74da2cfe6ca9e3e35521";>a7b1c49
 Include 5.10.4 release notes
   https://github.com/junit-team/junit5/commit/3646b7d37e3401d9cda0106290bbf9cb36a735b2";>3646b7d
 Document benefits of messageSupplier in Assertions 
(https://redirect.github.com/junit-team/junit5/issues/3938";>#3938)
   https://github.com/junit-team/junit5/commit/6b9f15d9d53ceef1db1a0fa1fd3e7f38f757e88e";>6b9f15d
 Delete unnecessary (and potentially misleading) comment in User Guide
   https://github.com/junit-team/junit5/commit/98dafd3746dcf141ac8b5906f26e69e9a140ff5d";>98dafd3
 Reduce flakiness
   https://github.com/junit-team/junit5/commit/6529d8d4b14e0ab2b9134a9d9b0d9260ba2f6410";>6529d8d
 Allow for work stealing when only holding read locks (https://redirect.github.com/junit-team/junit5/issues/4012";>#4012)
   https://github.com/junit-team/junit5/commit/0d25a5a0ddab609df3d7382264b050dc61f54d2f";>0d25a5a
 Fix YAML syntax
   https://github.com/junit-team/junit5/commit/28dd375d31995365ed36c40270be619b4d64be99";>28dd375
 Fix step label
   https://github.com/junit-team/junit5/commit/348ef61d6b2f945cb0bf315b97eef80a41686a88";>348ef61
 Switch to Temurin for JDK 23 (https://redirect.github.com/junit-team/junit5/issues/4005";>#4005)
   Additional commits viewable in https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit.jupiter:junit-jupiter&package-manager=maven&previous-version=5.11.0&new-version=5.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump org.junit.jupiter:junit-jupiter-api from 5.10.3 to 5.11.1 [maven-jdeprscan-plugin]



dependabot[bot] opened a new pull request, #26:
URL: https://github.com/apache/maven-jdeprscan-plugin/pull/26

   Bumps 
[org.junit.jupiter:junit-jupiter-api](https://github.com/junit-team/junit5) 
from 5.10.3 to 5.11.1.
   
   Release notes
   Sourced from https://github.com/junit-team/junit5/releases";>org.junit.jupiter:junit-jupiter-api's
 releases.
   
   JUnit 5.11.1 = Platform 1.11.1 + Jupiter 5.11.1 + Vintage 5.11.1
   See http://junit.org/junit5/docs/5.11.1/release-notes/";>Release 
Notes.
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1
   JUnit 5.11.0 = Platform 1.11.0 + Jupiter 5.11.0 + Vintage 5.11.0
   See http://junit.org/junit5/docs/5.11.0/release-notes/";>Release 
Notes.
   New Contributors
   
   https://github.com/pshevche";>@pshevche made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3427";>junit-team/junit5#3427
   https://github.com/rybak";>@rybak made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3416";>junit-team/junit5#3416
   https://github.com/pixeebot";>@pixeebot made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3491";>junit-team/junit5#3491
   https://github.com/shartte";>@shartte made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3562";>junit-team/junit5#3562
   https://github.com/eliasnogueira";>@eliasnogueira made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3674";>junit-team/junit5#3674
   https://github.com/bigdaz";>@bigdaz made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3668";>junit-team/junit5#3668
   https://github.com/gilday";>@gilday made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3667";>junit-team/junit5#3667
   https://github.com/bjmi";>@bjmi made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3806";>junit-team/junit5#3806
   https://github.com/madalingiurca";>@madalingiurca made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3787";>junit-team/junit5#3787
   https://github.com/dmlloyd";>@dmlloyd made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3820";>junit-team/junit5#3820
   https://github.com/compf";>@compf made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3867";>junit-team/junit5#3867
   https://github.com/SveinKare";>@SveinKare made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3840";>junit-team/junit5#3840
   https://github.com/mobounya";>@mobounya made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3720";>junit-team/junit5#3720
   https://github.com/robinjhector";>@robinjhector made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3345";>junit-team/junit5#3345
   https://github.com/jabhatfield";>@jabhatfield 
made their first contribution in https://redirect.github.com/junit-team/junit5/pull/3829";>junit-team/junit5#3829
   https://github.com/rfscholte";>@rfscholte made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3909";>junit-team/junit5#3909
   
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.10.3...r5.11.0";>https://github.com/junit-team/junit5/compare/r5.10.3...r5.11.0
   JUnit 5.11.0-RC1 = Platform 1.11.0-RC1 + Jupiter 5.11.0-RC1 + Vintage 
5.11.0-RC1
   See http://junit.org/junit5/docs/5.11.0-RC1/release-notes/";>Release 
Notes.
   New Contributors
   
   https://github.com/compf";>@compf made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3867";>junit-team/junit5#3867
   https://github.com/SveinKare";>@SveinKare made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3840";>junit-team/junit5#3840
   https://github.com/mobounya";>@mobounya made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3720";>junit-team/junit5#3720
   https://github.com/robinjhector";>@robinjhector made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3345";>junit-team/junit5#3345
   https://github.com/jabhatfield";>@jabhatfield 
made their first contribution in https://redirect.github.com/junit-team/junit5/pull/3829";>junit-team/junit5#3829
   
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0-M2...r5.11.0-RC1";>https://github.com/junit-team/junit5/compare/r5.11.0-M2...r5.11.0-RC1
   JUnit 5.11.0-M2 = Platform 1.11.0-M2 + Jupiter 5.11.0-M2 + Vintage 
5.11.0-M2
   See http://junit.org/junit5/docs/5.11.0-M2/release-notes/";>Release 
Notes.
   New Contributors
   
   https://github.com/bjmi";>@bjmi made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3806";>junit-t

Re: [PR] Bump org.junit.jupiter:junit-jupiter-api from 5.10.3 to 5.11.0 [maven-jdeprscan-plugin]



dependabot[bot] commented on PR #24:
URL: 
https://github.com/apache/maven-jdeprscan-plugin/pull/24#issuecomment-2375560593

   Superseded by #26.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump org.junit.jupiter:junit-jupiter-api from 5.10.3 to 5.11.0 [maven-jdeprscan-plugin]



dependabot[bot] closed pull request #24: Bump 
org.junit.jupiter:junit-jupiter-api from 5.10.3 to 5.11.0
URL: https://github.com/apache/maven-jdeprscan-plugin/pull/24


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (DOXIA-740) Rendering Markdown silently truncates files that skip a heading level

2024-09-25 Thread John Dimeo (Jira)



[ 
https://issues.apache.org/jira/browse/DOXIA-740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884838#comment-17884838
 ] 

John Dimeo commented on DOXIA-740:
--

Thank you so much for the work on this!

> Rendering Markdown silently truncates files that skip a heading level
> -
>
> Key: DOXIA-740
> URL: https://issues.apache.org/jira/browse/DOXIA-740
> Project: Maven Doxia
>  Issue Type: Bug
>  Components: Module - Markdown
>Affects Versions: 2.0.0-M9
>Reporter: John Dimeo
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: 2.0.0
>
>
> I am using a fork of the latest Doxia site tools because I am testing my 
> performance fix, so it's possible this is related to my fork, but I don't 
> _think_ so...
> If your Markdown skips a heading level i.e.
> {noformat}
> # Heading 1
> Text
> ### Heading 3
> Text 2{noformat}
> Then the rendered HTML only contains Heading 1 and Text. This is a major 
> regression compared to past versions, so I must be missing something. Thank 
> you.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[PR] Bump org.cyclonedx:cyclonedx-maven-plugin from 2.8.0 to 2.8.2 [maven-parent]



dependabot[bot] opened a new pull request, #204:
URL: https://github.com/apache/maven-parent/pull/204

   Bumps 
[org.cyclonedx:cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin)
 from 2.8.0 to 2.8.2.
   
   Release notes
   Sourced from https://github.com/CycloneDX/cyclonedx-maven-plugin/releases";>org.cyclonedx:cyclonedx-maven-plugin's
 releases.
   
   2.8.2
   
   🐛 Bug Fixes
   
   display configured classifier from https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/issues/506";>#506
 (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/550";>#550)
 https://github.com/hboutemy";>@hboutemy
   
   📦 Dependency updates
   
   Bump plugin-tools.version from 3.13.1 to 3.15.0 (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/551";>#551)
 https://github.com/dependabot";>@dependabot
   Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 
3.6.1 to 3.7.0 (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/552";>#552)
 https://github.com/dependabot";>@dependabot
   Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0 (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/546";>#546)
 https://github.com/dependabot";>@dependabot
   Bump commons-codec:commons-codec from 1.17.0 to 1.17.1 (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/537";>#537)
 https://github.com/dependabot";>@dependabot
   
   2.8.1
   
   🚀 New features and improvements
   
   replace CDX 1.5 deprecated tool (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/517";>#517)
 https://github.com/hboutemy";>@hboutemy
   make classifier used to attach the sbom configurable (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/506";>#506)
 https://github.com/hboutemy";>@hboutemy
   
   📦 Dependency updates
   
   upgrade cyclonedx-maven-plugin from 2.7.9 to 2.8.0 (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/536";>#536)
 https://github.com/hboutemy";>@hboutemy
   Bump net.javacrumbs.json-unit:json-unit-assertj from 2.38.0 to 2.40.1 
(https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/532";>#532)
 https://github.com/dependabot";>@dependabot
   Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.1 
(https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/535";>#535)
 https://github.com/dependabot";>@dependabot
   Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.7.0 to 3.8.0 
(https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/533";>#533)
 https://github.com/dependabot";>@dependabot
   Bump org.junit:junit-bom from 5.10.2 to 5.10.3 (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/527";>#527)
 https://github.com/dependabot";>@dependabot
   Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/528";>#528)
 https://github.com/dependabot";>@dependabot
   Bump plugin-tools.version from 3.13.0 to 3.13.1 (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/519";>#519)
 https://github.com/dependabot";>@dependabot
   Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 
3.5.0 to 3.6.1 (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/525";>#525)
 https://github.com/dependabot";>@dependabot
   Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 
(https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/511";>#511)
 https://github.com/dependabot";>@dependabot
   Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.1 to 3.7.0 
(https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/512";>#512)
 https://github.com/dependabot";>@dependabot
   Bump actions/checkout from 4.1.6 to 4.1.7 (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/515";>#515)
 https://github.com/dependabot";>@dependabot
   Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0 
(https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/509";>#509)
 https://github.com/dependabot";>@dependabot
   Bump org.apache.maven.shared:maven-dependency-tree from 3.2.1 to 3.3.0 
(https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/508";>#508)
 https://github.com/dependabot";>@dependabot
   Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 
(https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/507";>#507)
 https://github.com/dependabot";>@dependabot
   Bump org.apache.maven.shared:maven-dependency-analyzer from 1.13.2 to 
1.14.1 (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/503";>#503)
 https://github.com/dependabot";>@dependabot
   Bump commons-codec:commons-codec from 1.16.1 to 1.17.0 (https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/501";>#501)
 https://github.com/dependabot";>@dependabot
   Bump plugin-tools.version from 3.12.0

[PR] Bump org.junit:junit-bom from 5.10.3 to 5.11.1 [maven-parent]



dependabot[bot] opened a new pull request, #203:
URL: https://github.com/apache/maven-parent/pull/203

   Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 
5.10.3 to 5.11.1.
   
   Release notes
   Sourced from https://github.com/junit-team/junit5/releases";>org.junit:junit-bom's 
releases.
   
   JUnit 5.11.1 = Platform 1.11.1 + Jupiter 5.11.1 + Vintage 5.11.1
   See http://junit.org/junit5/docs/5.11.1/release-notes/";>Release 
Notes.
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1
   JUnit 5.11.0 = Platform 1.11.0 + Jupiter 5.11.0 + Vintage 5.11.0
   See http://junit.org/junit5/docs/5.11.0/release-notes/";>Release 
Notes.
   New Contributors
   
   https://github.com/pshevche";>@pshevche made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3427";>junit-team/junit5#3427
   https://github.com/rybak";>@rybak made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3416";>junit-team/junit5#3416
   https://github.com/pixeebot";>@pixeebot made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3491";>junit-team/junit5#3491
   https://github.com/shartte";>@shartte made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3562";>junit-team/junit5#3562
   https://github.com/eliasnogueira";>@eliasnogueira made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3674";>junit-team/junit5#3674
   https://github.com/bigdaz";>@bigdaz made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3668";>junit-team/junit5#3668
   https://github.com/gilday";>@gilday made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3667";>junit-team/junit5#3667
   https://github.com/bjmi";>@bjmi made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3806";>junit-team/junit5#3806
   https://github.com/madalingiurca";>@madalingiurca made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3787";>junit-team/junit5#3787
   https://github.com/dmlloyd";>@dmlloyd made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3820";>junit-team/junit5#3820
   https://github.com/compf";>@compf made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3867";>junit-team/junit5#3867
   https://github.com/SveinKare";>@SveinKare made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3840";>junit-team/junit5#3840
   https://github.com/mobounya";>@mobounya made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3720";>junit-team/junit5#3720
   https://github.com/robinjhector";>@robinjhector made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3345";>junit-team/junit5#3345
   https://github.com/jabhatfield";>@jabhatfield 
made their first contribution in https://redirect.github.com/junit-team/junit5/pull/3829";>junit-team/junit5#3829
   https://github.com/rfscholte";>@rfscholte made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3909";>junit-team/junit5#3909
   
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.10.3...r5.11.0";>https://github.com/junit-team/junit5/compare/r5.10.3...r5.11.0
   JUnit 5.11.0-RC1 = Platform 1.11.0-RC1 + Jupiter 5.11.0-RC1 + Vintage 
5.11.0-RC1
   See http://junit.org/junit5/docs/5.11.0-RC1/release-notes/";>Release 
Notes.
   New Contributors
   
   https://github.com/compf";>@compf made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3867";>junit-team/junit5#3867
   https://github.com/SveinKare";>@SveinKare made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3840";>junit-team/junit5#3840
   https://github.com/mobounya";>@mobounya made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3720";>junit-team/junit5#3720
   https://github.com/robinjhector";>@robinjhector made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3345";>junit-team/junit5#3345
   https://github.com/jabhatfield";>@jabhatfield 
made their first contribution in https://redirect.github.com/junit-team/junit5/pull/3829";>junit-team/junit5#3829
   
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0-M2...r5.11.0-RC1";>https://github.com/junit-team/junit5/compare/r5.11.0-M2...r5.11.0-RC1
   JUnit 5.11.0-M2 = Platform 1.11.0-M2 + Jupiter 5.11.0-M2 + Vintage 
5.11.0-M2
   See http://junit.org/junit5/docs/5.11.0-M2/release-notes/";>Release 
Notes.
   New Contributors
   
   https://github.com/bjmi";>@bjmi made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3806";>junit-team/junit5#3806
   https://github.com/mad

Re: [PR] Bump org.junit:junit-bom from 5.10.3 to 5.11.0 [maven-parent]



dependabot[bot] closed pull request #198: Bump org.junit:junit-bom from 5.10.3 
to 5.11.0
URL: https://github.com/apache/maven-parent/pull/198


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump org.junit:junit-bom from 5.10.3 to 5.11.0 [maven-parent]



dependabot[bot] commented on PR #198:
URL: https://github.com/apache/maven-parent/pull/198#issuecomment-2375828930

   Superseded by #203.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump org.cyclonedx:cyclonedx-maven-plugin from 2.8.0 to 2.8.1 [maven-parent]



dependabot[bot] commented on PR #197:
URL: https://github.com/apache/maven-parent/pull/197#issuecomment-2375829083

   Superseded by #204.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump org.cyclonedx:cyclonedx-maven-plugin from 2.8.0 to 2.8.1 [maven-parent]



dependabot[bot] closed pull request #197: Bump 
org.cyclonedx:cyclonedx-maven-plugin from 2.8.0 to 2.8.1
URL: https://github.com/apache/maven-parent/pull/197


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump org.junit:junit-bom from 5.11.0 to 5.11.1 [maven-doxia-sitetools]



dependabot[bot] opened a new pull request, #176:
URL: https://github.com/apache/maven-doxia-sitetools/pull/176

   Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 
5.11.0 to 5.11.1.
   
   Release notes
   Sourced from https://github.com/junit-team/junit5/releases";>org.junit:junit-bom's 
releases.
   
   JUnit 5.11.1 = Platform 1.11.1 + Jupiter 5.11.1 + Vintage 5.11.1
   See http://junit.org/junit5/docs/5.11.1/release-notes/";>Release 
Notes.
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1
   
   
   
   Commits
   
   https://github.com/junit-team/junit5/commit/e4b2c0c1384dd980abbd61c11322c419cf7cd1eb";>e4b2c0c
 Release 5.11.1
   https://github.com/junit-team/junit5/commit/c37b179f74e06ddaa7a86d82ff4ea2a8d04a0ea9";>c37b179
 Finalize 5.11.1 release notes
   https://github.com/junit-team/junit5/commit/a7b1c49702ddf8113a7e74da2cfe6ca9e3e35521";>a7b1c49
 Include 5.10.4 release notes
   https://github.com/junit-team/junit5/commit/3646b7d37e3401d9cda0106290bbf9cb36a735b2";>3646b7d
 Document benefits of messageSupplier in Assertions 
(https://redirect.github.com/junit-team/junit5/issues/3938";>#3938)
   https://github.com/junit-team/junit5/commit/6b9f15d9d53ceef1db1a0fa1fd3e7f38f757e88e";>6b9f15d
 Delete unnecessary (and potentially misleading) comment in User Guide
   https://github.com/junit-team/junit5/commit/98dafd3746dcf141ac8b5906f26e69e9a140ff5d";>98dafd3
 Reduce flakiness
   https://github.com/junit-team/junit5/commit/6529d8d4b14e0ab2b9134a9d9b0d9260ba2f6410";>6529d8d
 Allow for work stealing when only holding read locks (https://redirect.github.com/junit-team/junit5/issues/4012";>#4012)
   https://github.com/junit-team/junit5/commit/0d25a5a0ddab609df3d7382264b050dc61f54d2f";>0d25a5a
 Fix YAML syntax
   https://github.com/junit-team/junit5/commit/28dd375d31995365ed36c40270be619b4d64be99";>28dd375
 Fix step label
   https://github.com/junit-team/junit5/commit/348ef61d6b2f945cb0bf315b97eef80a41686a88";>348ef61
 Switch to Temurin for JDK 23 (https://redirect.github.com/junit-team/junit5/issues/4005";>#4005)
   Additional commits viewable in https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit:junit-bom&package-manager=maven&previous-version=5.11.0&new-version=5.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MNG-8258) activate Reproducible Builds by default



[ 
https://issues.apache.org/jira/browse/MNG-8258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884874#comment-17884874
 ] 

Herve Boutemy commented on MNG-8258:


additional notice: "[WARNING]  property is 
inherited, it should be defined in pom.xml"
probably this message from {{artifact:checkbuildplan}} is too aggressive: it's 
a pure project choice to define if it cares about having a project-specific 
timestamp for entries in its jar files
having the default value from super pom is perfectly fine, it does not deserve 
any warning: more an INFO = "this project inherits timestamp from parent pom, 
value xxx"
I'll create a MARTIFACT issue for that...

> activate Reproducible Builds by default
> ---
>
> Key: MNG-8258
> URL: https://issues.apache.org/jira/browse/MNG-8258
> Project: Maven
>  Issue Type: New Feature
>  Components: Core
>Affects Versions: 3.9.9, 4.0.0-beta-4
>Reporter: Herve Boutemy
>Priority: Major
> Fix For: 4.0.0-beta-5
>
>
> Reproducible Builds is a good practice that is easy to enable: it would be 
> nice to enable it by default, and have projects
> - either disable it 
> ({{x}}) if 
> they really have a problem with the default Reproducible behaviour
> - or customize locally the value of the default Maven core-provided 
> timestamp, to have a project-specific value



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MNG-8266) maven-jar-plugin sometimes doesn't add MANIFEST.MF as 1st or 2nd entry

2024-09-25 Thread Slawomir Jaranowski (Jira)



[ 
https://issues.apache.org/jira/browse/MNG-8266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884878#comment-17884878
 ] 

Slawomir Jaranowski commented on MNG-8266:
--

Can you extract a simple project from jdbi which can reproduce it?

> maven-jar-plugin sometimes doesn't add MANIFEST.MF as 1st or 2nd entry
> --
>
> Key: MNG-8266
> URL: https://issues.apache.org/jira/browse/MNG-8266
> Project: Maven
>  Issue Type: Improvement
>  Components: build/consumer
>Reporter: Attila Kelemen
>Priority: Major
>
> In certain situations (not sure what is the exact condition required), the 
> Maven jar plugin doesn't add the _MANIFEST.MF_ as the 1st or 2nd entry. This 
> can be a problem (even though technically the spec doesn't have such a 
> requirement), because such a jar file cannot be read with the core JDK class 
> {{JarInputStream}}.
> A project this can be reproduced with is JDBI. See the 
> [https://github.com/jdbi/jdbi/issues/2698] for details.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Moved] (MJAR-313) maven-jar-plugin sometimes doesn't add MANIFEST.MF as 1st or 2nd entry

2024-09-25 Thread Slawomir Jaranowski (Jira)



 [ 
https://issues.apache.org/jira/browse/MJAR-313?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Slawomir Jaranowski moved MNG-8266 to MJAR-313:
---

Component/s: (was: build/consumer)
Key: MJAR-313  (was: MNG-8266)
 Issue Type: Bug  (was: Improvement)
Project: Maven JAR Plugin  (was: Maven)

> maven-jar-plugin sometimes doesn't add MANIFEST.MF as 1st or 2nd entry
> --
>
> Key: MJAR-313
> URL: https://issues.apache.org/jira/browse/MJAR-313
> Project: Maven JAR Plugin
>  Issue Type: Bug
>Reporter: Attila Kelemen
>Priority: Major
>
> In certain situations (not sure what is the exact condition required), the 
> Maven jar plugin doesn't add the _MANIFEST.MF_ as the 1st or 2nd entry. This 
> can be a problem (even though technically the spec doesn't have such a 
> requirement), because such a jar file cannot be read with the core JDK class 
> {{JarInputStream}}.
> A project this can be reproduced with is JDBI. See the 
> [https://github.com/jdbi/jdbi/issues/2698] for details.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[PR] Bump org.junit.jupiter:junit-jupiter-api from 5.10.2 to 5.11.1 [maven-source-plugin]



dependabot[bot] opened a new pull request, #44:
URL: https://github.com/apache/maven-source-plugin/pull/44

   Bumps 
[org.junit.jupiter:junit-jupiter-api](https://github.com/junit-team/junit5) 
from 5.10.2 to 5.11.1.
   
   Release notes
   Sourced from https://github.com/junit-team/junit5/releases";>org.junit.jupiter:junit-jupiter-api's
 releases.
   
   JUnit 5.11.1 = Platform 1.11.1 + Jupiter 5.11.1 + Vintage 5.11.1
   See http://junit.org/junit5/docs/5.11.1/release-notes/";>Release 
Notes.
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1
   JUnit 5.11.0 = Platform 1.11.0 + Jupiter 5.11.0 + Vintage 5.11.0
   See http://junit.org/junit5/docs/5.11.0/release-notes/";>Release 
Notes.
   New Contributors
   
   https://github.com/pshevche";>@pshevche made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3427";>junit-team/junit5#3427
   https://github.com/rybak";>@rybak made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3416";>junit-team/junit5#3416
   https://github.com/pixeebot";>@pixeebot made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3491";>junit-team/junit5#3491
   https://github.com/shartte";>@shartte made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3562";>junit-team/junit5#3562
   https://github.com/eliasnogueira";>@eliasnogueira made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3674";>junit-team/junit5#3674
   https://github.com/bigdaz";>@bigdaz made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3668";>junit-team/junit5#3668
   https://github.com/gilday";>@gilday made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3667";>junit-team/junit5#3667
   https://github.com/bjmi";>@bjmi made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3806";>junit-team/junit5#3806
   https://github.com/madalingiurca";>@madalingiurca made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3787";>junit-team/junit5#3787
   https://github.com/dmlloyd";>@dmlloyd made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3820";>junit-team/junit5#3820
   https://github.com/compf";>@compf made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3867";>junit-team/junit5#3867
   https://github.com/SveinKare";>@SveinKare made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3840";>junit-team/junit5#3840
   https://github.com/mobounya";>@mobounya made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3720";>junit-team/junit5#3720
   https://github.com/robinjhector";>@robinjhector made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3345";>junit-team/junit5#3345
   https://github.com/jabhatfield";>@jabhatfield 
made their first contribution in https://redirect.github.com/junit-team/junit5/pull/3829";>junit-team/junit5#3829
   https://github.com/rfscholte";>@rfscholte made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3909";>junit-team/junit5#3909
   
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.10.3...r5.11.0";>https://github.com/junit-team/junit5/compare/r5.10.3...r5.11.0
   JUnit 5.11.0-RC1 = Platform 1.11.0-RC1 + Jupiter 5.11.0-RC1 + Vintage 
5.11.0-RC1
   See http://junit.org/junit5/docs/5.11.0-RC1/release-notes/";>Release 
Notes.
   New Contributors
   
   https://github.com/compf";>@compf made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3867";>junit-team/junit5#3867
   https://github.com/SveinKare";>@SveinKare made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3840";>junit-team/junit5#3840
   https://github.com/mobounya";>@mobounya made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3720";>junit-team/junit5#3720
   https://github.com/robinjhector";>@robinjhector made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3345";>junit-team/junit5#3345
   https://github.com/jabhatfield";>@jabhatfield 
made their first contribution in https://redirect.github.com/junit-team/junit5/pull/3829";>junit-team/junit5#3829
   
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0-M2...r5.11.0-RC1";>https://github.com/junit-team/junit5/compare/r5.11.0-M2...r5.11.0-RC1
   JUnit 5.11.0-M2 = Platform 1.11.0-M2 + Jupiter 5.11.0-M2 + Vintage 
5.11.0-M2
   See http://junit.org/junit5/docs/5.11.0-M2/release-notes/";>Release 
Notes.
   New Contributors
   
   https://github.com/bjmi";>@bjmi made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3806";>junit-team

Re: [PR] Bump org.junit.jupiter:junit-jupiter-api from 5.10.2 to 5.11.0 [maven-source-plugin]



dependabot[bot] commented on PR #40:
URL: 
https://github.com/apache/maven-source-plugin/pull/40#issuecomment-2376039641

   Superseded by #44.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump org.junit.jupiter:junit-jupiter-api from 5.10.2 to 5.11.0 [maven-source-plugin]



dependabot[bot] closed pull request #40: Bump 
org.junit.jupiter:junit-jupiter-api from 5.10.2 to 5.11.0
URL: https://github.com/apache/maven-source-plugin/pull/40


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Created] (MARTIFACT-71) don't WARN if timestamp property is inherited but only INFO

Herve Boutemy created MARTIFACT-71:
--

 Summary: don't WARN if timestamp property is inherited but only 
INFO
 Key: MARTIFACT-71
 URL: https://issues.apache.org/jira/browse/MARTIFACT-71
 Project: Maven Artifact Plugin
  Issue Type: Improvement
  Components: artifact:check-buildplan
Affects Versions: 3.5.1
Reporter: Herve Boutemy
 Fix For: 3.5.2


as seen in MNG-8258, WARNING is too aggressive: inheriting is completely valid, 
just a choice

it's better to display an INFO in the spirit of "this project inherits 
timestamp from parent pom yyy, value xxx"



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Comment Edited] (MNG-8258) activate Reproducible Builds by default



[ 
https://issues.apache.org/jira/browse/MNG-8258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884874#comment-17884874
 ] 

Herve Boutemy edited comment on MNG-8258 at 9/26/24 6:28 AM:
-

additional notice: "[WARNING]  property is 
inherited, it should be defined in pom.xml"
probably this message from {{artifact:checkbuildplan}} is too aggressive: it's 
a pure project choice to define if it cares about having a project-specific 
timestamp for entries in its jar files
having the default value from super pom is perfectly fine, it does not deserve 
any warning: more an INFO = "this project inherits timestamp from parent pom, 
value xxx"
MARTIFACT-71 issue created for that...


was (Author: hboutemy):
additional notice: "[WARNING]  property is 
inherited, it should be defined in pom.xml"
probably this message from {{artifact:checkbuildplan}} is too aggressive: it's 
a pure project choice to define if it cares about having a project-specific 
timestamp for entries in its jar files
having the default value from super pom is perfectly fine, it does not deserve 
any warning: more an INFO = "this project inherits timestamp from parent pom, 
value xxx"
I'll create a MARTIFACT issue for that...

> activate Reproducible Builds by default
> ---
>
> Key: MNG-8258
> URL: https://issues.apache.org/jira/browse/MNG-8258
> Project: Maven
>  Issue Type: New Feature
>  Components: Core
>Affects Versions: 3.9.9, 4.0.0-beta-4
>Reporter: Herve Boutemy
>Priority: Major
> Fix For: 4.0.0-beta-5
>
>
> Reproducible Builds is a good practice that is easy to enable: it would be 
> nice to enable it by default, and have projects
> - either disable it 
> ({{x}}) if 
> they really have a problem with the default Reproducible behaviour
> - or customize locally the value of the default Maven core-provided 
> timestamp, to have a project-specific value



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MJAVADOC-815) Aggregate goal misses skipped reactor modules when resuming build

2024-09-25 Thread Richard Eckart de Castilho (Jira)



[ 
https://issues.apache.org/jira/browse/MJAVADOC-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884882#comment-17884882
 ] 

Richard Eckart de Castilho commented on MJAVADOC-815:
-

It may be in general a lame excuse, but in the context where I ran into this 
issue, it seems I can currently not upgrade to Maven 4 because there are 
plugins in the build that are not yet compatible with it.+

Just mentioning that because I could imagine that more people might be stuck 
with Maven 3 for a while longer.

> Aggregate goal misses skipped reactor modules when resuming build
> -
>
> Key: MJAVADOC-815
> URL: https://issues.apache.org/jira/browse/MJAVADOC-815
> Project: Maven Javadoc Plugin
>  Issue Type: Bug
>Affects Versions: 3.10.0
>Reporter: Richard Eckart de Castilho
>Priority: Major
>
> When resuming a build using {{-rf}}, then the {{javadoc:aggregate}} goal is 
> not injected with the reactor modules that are skipped (are before the module 
> being resumed from). 
> That means the JavaDoc for those skipped modules is not included in the 
> aggregate.
> I can imagine that to happen when I build using {{-pl}} to build individual 
> modules, but if I resume, I would expect all the reactor modules that have 
> already been covered and are being resumed over to be part of the reactor 
> modules that are provided to the javadoc plugin.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MJAVADOC-815) Aggregate goal misses skipped reactor modules when resuming build

2024-09-25 Thread Maarten Mulders (Jira)



[ 
https://issues.apache.org/jira/browse/MJAVADOC-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884881#comment-17884881
 ] 

Maarten Mulders commented on MJAVADOC-815:
--

{quote}I wonder whether this is a plugin issue or rather a Maven Core issue. 
[~gnodet], [~mthmulders], [~cstamas], WDYT?
{quote}
Try running the plugin with a Maven 4 beta and see if it behaves the same. 
Given the major overhaul of the Reactor w.r.t. how {{-rf}} works, I guess that 
this is an issue in Core that is resolved in Maven 4.

> Aggregate goal misses skipped reactor modules when resuming build
> -
>
> Key: MJAVADOC-815
> URL: https://issues.apache.org/jira/browse/MJAVADOC-815
> Project: Maven Javadoc Plugin
>  Issue Type: Bug
>Affects Versions: 3.10.0
>Reporter: Richard Eckart de Castilho
>Priority: Major
>
> When resuming a build using {{-rf}}, then the {{javadoc:aggregate}} goal is 
> not injected with the reactor modules that are skipped (are before the module 
> being resumed from). 
> That means the JavaDoc for those skipped modules is not included in the 
> aggregate.
> I can imagine that to happen when I build using {{-pl}} to build individual 
> modules, but if I resume, I would expect all the reactor modules that have 
> already been covered and are being resumed over to be part of the reactor 
> modules that are provided to the javadoc plugin.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MJAVADOC-815) Aggregate goal misses skipped reactor modules when resuming build

2024-09-25 Thread Maarten Mulders (Jira)



[ 
https://issues.apache.org/jira/browse/MJAVADOC-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884884#comment-17884884
 ] 

Maarten Mulders commented on MJAVADOC-815:
--

Don't worry, I don't see it as a lame excuse.

If your finding is indeed an issue in Core, not in the Maven Javadoc Plugin - 
as [~michael-o] and I are thinking - then there is, unfortunately, no way this 
can be fixed in the Maven Javadoc Plugin.

Would it be possible for you to extract the problem from where you observe it 
(probably a large, closed-source project?) to a minimal example which 
illustrates the problem? It might be easier to run that minimal reproducer with 
Maven 4 and observe if the problem is still there.

> Aggregate goal misses skipped reactor modules when resuming build
> -
>
> Key: MJAVADOC-815
> URL: https://issues.apache.org/jira/browse/MJAVADOC-815
> Project: Maven Javadoc Plugin
>  Issue Type: Bug
>Affects Versions: 3.10.0
>Reporter: Richard Eckart de Castilho
>Priority: Major
>
> When resuming a build using {{-rf}}, then the {{javadoc:aggregate}} goal is 
> not injected with the reactor modules that are skipped (are before the module 
> being resumed from). 
> That means the JavaDoc for those skipped modules is not included in the 
> aggregate.
> I can imagine that to happen when I build using {{-pl}} to build individual 
> modules, but if I resume, I would expect all the reactor modules that have 
> already been covered and are being resumed over to be part of the reactor 
> modules that are provided to the javadoc plugin.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (MNG-8266) maven-jar-plugin sometimes doesn't add MANIFEST.MF as 1st or 2nd entry

2024-09-25 Thread Attila Kelemen (Jira)

Attila Kelemen created MNG-8266:
---

 Summary: maven-jar-plugin sometimes doesn't add MANIFEST.MF as 1st 
or 2nd entry
 Key: MNG-8266
 URL: https://issues.apache.org/jira/browse/MNG-8266
 Project: Maven
  Issue Type: Improvement
  Components: build/consumer
Reporter: Attila Kelemen


In certain situations (not sure what is the exact condition required), the 
Maven jar plugin doesn't add the _MANIFEST.MF_ as the 1st or 2nd entry. This 
can be a problem (even though technically the spec doesn't have such a 
requirement), because such a jar file cannot be read with the core JDK class 
{{JarInputStream}}.

A project this can be reproduced with is JDBI. See the 
[https://github.com/jdbi/jdbi/issues/2698] for details.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MARTIFACT-70] jetty-jspc-maven-plugin is build reproducible since 11.0.0 [maven-artifact-plugin]



olamy commented on PR #57:
URL: 
https://github.com/apache/maven-artifact-plugin/pull/57#issuecomment-2375363621

   > @olamy IIUC, this has been integrated into Jetty 11.0.21 and 12.0.8 
[jetty/jetty.project@6a10c65](https://github.com/jetty/jetty.project/commit/6a10c65c359704f94b540447b7bf455b29322c94)
 , isn't it?
   
   The exact commit is 
https://github.com/jetty/jetty.project/commit/00d324979fb775d6c4e6950155d735a4a7d3403f
   
   With upgrade to 10.0.0-M10 which is the first version containing the Apache 
Tomcat fix. 
   
   which means Jetty 11.0.0


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump org.junit:junit-bom from 5.11.0 to 5.11.1 [maven-toolchains-plugin]



dependabot[bot] opened a new pull request, #44:
URL: https://github.com/apache/maven-toolchains-plugin/pull/44

   Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 
5.11.0 to 5.11.1.
   
   Release notes
   Sourced from https://github.com/junit-team/junit5/releases";>org.junit:junit-bom's 
releases.
   
   JUnit 5.11.1 = Platform 1.11.1 + Jupiter 5.11.1 + Vintage 5.11.1
   See http://junit.org/junit5/docs/5.11.1/release-notes/";>Release 
Notes.
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1
   
   
   
   Commits
   
   https://github.com/junit-team/junit5/commit/e4b2c0c1384dd980abbd61c11322c419cf7cd1eb";>e4b2c0c
 Release 5.11.1
   https://github.com/junit-team/junit5/commit/c37b179f74e06ddaa7a86d82ff4ea2a8d04a0ea9";>c37b179
 Finalize 5.11.1 release notes
   https://github.com/junit-team/junit5/commit/a7b1c49702ddf8113a7e74da2cfe6ca9e3e35521";>a7b1c49
 Include 5.10.4 release notes
   https://github.com/junit-team/junit5/commit/3646b7d37e3401d9cda0106290bbf9cb36a735b2";>3646b7d
 Document benefits of messageSupplier in Assertions 
(https://redirect.github.com/junit-team/junit5/issues/3938";>#3938)
   https://github.com/junit-team/junit5/commit/6b9f15d9d53ceef1db1a0fa1fd3e7f38f757e88e";>6b9f15d
 Delete unnecessary (and potentially misleading) comment in User Guide
   https://github.com/junit-team/junit5/commit/98dafd3746dcf141ac8b5906f26e69e9a140ff5d";>98dafd3
 Reduce flakiness
   https://github.com/junit-team/junit5/commit/6529d8d4b14e0ab2b9134a9d9b0d9260ba2f6410";>6529d8d
 Allow for work stealing when only holding read locks (https://redirect.github.com/junit-team/junit5/issues/4012";>#4012)
   https://github.com/junit-team/junit5/commit/0d25a5a0ddab609df3d7382264b050dc61f54d2f";>0d25a5a
 Fix YAML syntax
   https://github.com/junit-team/junit5/commit/28dd375d31995365ed36c40270be619b4d64be99";>28dd375
 Fix step label
   https://github.com/junit-team/junit5/commit/348ef61d6b2f945cb0bf315b97eef80a41686a88";>348ef61
 Switch to Temurin for JDK 23 (https://redirect.github.com/junit-team/junit5/issues/4005";>#4005)
   Additional commits viewable in https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit:junit-bom&package-manager=maven&previous-version=5.11.0&new-version=5.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MARTIFACT-70) jetty-jspc-maven-plugin is build reproducible since 11.0.0



[ 
https://issues.apache.org/jira/browse/MARTIFACT-70?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884802#comment-17884802
 ] 

ASF GitHub Bot commented on MARTIFACT-70:
-

olamy commented on PR #57:
URL: 
https://github.com/apache/maven-artifact-plugin/pull/57#issuecomment-2375363621

   > @olamy IIUC, this has been integrated into Jetty 11.0.21 and 12.0.8 
[jetty/jetty.project@6a10c65](https://github.com/jetty/jetty.project/commit/6a10c65c359704f94b540447b7bf455b29322c94)
 , isn't it?
   
   The exact commit is 
https://github.com/jetty/jetty.project/commit/00d324979fb775d6c4e6950155d735a4a7d3403f
   
   With upgrade to 10.0.0-M10 which is the first version containing the Apache 
Tomcat fix. 
   
   which means Jetty 11.0.0




> jetty-jspc-maven-plugin is build reproducible since 11.0.0
> --
>
> Key: MARTIFACT-70
> URL: https://issues.apache.org/jira/browse/MARTIFACT-70
> Project: Maven Artifact Plugin
>  Issue Type: Task
>Reporter: Olivier Lamy
>Assignee: Olivier Lamy
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.5.2
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[PR] Bump org.junit:junit-bom from 5.11.0 to 5.11.1 [maven]



dependabot[bot] opened a new pull request, #1747:
URL: https://github.com/apache/maven/pull/1747

   Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 
5.11.0 to 5.11.1.
   
   Release notes
   Sourced from https://github.com/junit-team/junit5/releases";>org.junit:junit-bom's 
releases.
   
   JUnit 5.11.1 = Platform 1.11.1 + Jupiter 5.11.1 + Vintage 5.11.1
   See http://junit.org/junit5/docs/5.11.1/release-notes/";>Release 
Notes.
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1
   
   
   
   Commits
   
   https://github.com/junit-team/junit5/commit/e4b2c0c1384dd980abbd61c11322c419cf7cd1eb";>e4b2c0c
 Release 5.11.1
   https://github.com/junit-team/junit5/commit/c37b179f74e06ddaa7a86d82ff4ea2a8d04a0ea9";>c37b179
 Finalize 5.11.1 release notes
   https://github.com/junit-team/junit5/commit/a7b1c49702ddf8113a7e74da2cfe6ca9e3e35521";>a7b1c49
 Include 5.10.4 release notes
   https://github.com/junit-team/junit5/commit/3646b7d37e3401d9cda0106290bbf9cb36a735b2";>3646b7d
 Document benefits of messageSupplier in Assertions 
(https://redirect.github.com/junit-team/junit5/issues/3938";>#3938)
   https://github.com/junit-team/junit5/commit/6b9f15d9d53ceef1db1a0fa1fd3e7f38f757e88e";>6b9f15d
 Delete unnecessary (and potentially misleading) comment in User Guide
   https://github.com/junit-team/junit5/commit/98dafd3746dcf141ac8b5906f26e69e9a140ff5d";>98dafd3
 Reduce flakiness
   https://github.com/junit-team/junit5/commit/6529d8d4b14e0ab2b9134a9d9b0d9260ba2f6410";>6529d8d
 Allow for work stealing when only holding read locks (https://redirect.github.com/junit-team/junit5/issues/4012";>#4012)
   https://github.com/junit-team/junit5/commit/0d25a5a0ddab609df3d7382264b050dc61f54d2f";>0d25a5a
 Fix YAML syntax
   https://github.com/junit-team/junit5/commit/28dd375d31995365ed36c40270be619b4d64be99";>28dd375
 Fix step label
   https://github.com/junit-team/junit5/commit/348ef61d6b2f945cb0bf315b97eef80a41686a88";>348ef61
 Switch to Temurin for JDK 23 (https://redirect.github.com/junit-team/junit5/issues/4005";>#4005)
   Additional commits viewable in https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit:junit-bom&package-manager=maven&previous-version=5.11.0&new-version=5.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump net.bytebuddy:byte-buddy from 1.15.1 to 1.15.2 [maven]



dependabot[bot] opened a new pull request, #1746:
URL: https://github.com/apache/maven/pull/1746

   Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 
1.15.1 to 1.15.2.
   
   Release notes
   Sourced from https://github.com/raphw/byte-buddy/releases";>net.bytebuddy:byte-buddy's 
releases.
   
   Byte Buddy 1.15.2
   
   Add support for multi-release JAR files in 
ClassFileLocators and Plugin.Engine.Default.
   Add Gradle task for transforming multiple jar files with 
ByteBuddyJarsTask.
   Avoid validation of JarFile when extracting individual 
entries.
   Rework discovery in ByteBuddyMojo.
   
   
   
   
   Changelog
   Sourced from https://github.com/raphw/byte-buddy/blob/master/release-notes.md";>net.bytebuddy:byte-buddy's
 changelog.
   
   Byte Buddy release notes
   
   
   
   Commits
   
   https://github.com/raphw/byte-buddy/commit/02f64db234a6463255119061ac04fa13abf9aeeb";>02f64db
 [maven-release-plugin] prepare release byte-buddy-1.15.2
   https://github.com/raphw/byte-buddy/commit/3bca38815196a66d93f1345b998529825070ae0b";>3bca388
 [release] Release new version
   https://github.com/raphw/byte-buddy/commit/ceca355d9dc1c70190f0181806ebc5c5fc11917b";>ceca355
 Do not use seperator char.
   https://github.com/raphw/byte-buddy/commit/0248218c3c98b21634d4e3a3c4213b81153fa097";>0248218
 Remove unused method.
   https://github.com/raphw/byte-buddy/commit/27e12fea4bfd88ed877fd85fec6ec00f0669760a";>27e12fe
 Adjust signature.
   https://github.com/raphw/byte-buddy/commit/cdbe5ec30ba97ce1e4adab789a70e560fe034838";>cdbe5ec
 Add type witnesses.
   https://github.com/raphw/byte-buddy/commit/642ea4f1b6870f6604bf56269c4705d9da46444e";>642ea4f
 Clean up.
   https://github.com/raphw/byte-buddy/commit/94ee0ce67f3a7fc28b2126e6ee8099d5742ba3be";>94ee0ce
 Add suppression annotation.
   https://github.com/raphw/byte-buddy/commit/27d4c5e98664c8196ed6a45794cce83a87fc2a25";>27d4c5e
 Improve in-memory source for build plugin.
   https://github.com/raphw/byte-buddy/commit/40707d8a0c03f61b24b22c906f6001ba66ed29d4";>40707d8
 Avoid diamond operator.
   Additional commits viewable in https://github.com/raphw/byte-buddy/compare/byte-buddy-1.15.1...byte-buddy-1.15.2";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=net.bytebuddy:byte-buddy&package-manager=maven&previous-version=1.15.1&new-version=1.15.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MJAVADOC-813) [REGRESSION] The given File link: X is not a dir



[ 
https://issues.apache.org/jira/browse/MJAVADOC-813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884521#comment-17884521
 ] 

Michael Osipov commented on MJAVADOC-813:
-

It is an outcome of MJAVADOC-785 to complete align this plugin with all other 
plugins using maven-reporting-impl and this plugin cannot for technical reasons.

> [REGRESSION] The given File link: X is not a dir
> 
>
> Key: MJAVADOC-813
> URL: https://issues.apache.org/jira/browse/MJAVADOC-813
> Project: Maven Javadoc Plugin
>  Issue Type: Bug
>  Components: javadoc
>Affects Versions: 3.10.0
>Reporter: Gili
>Assignee: Michael Osipov
>Priority: Major
> Attachments: javadoc-test.zip
>
>
> Given:
> {noformat}
> 
>   
>     
> https://cowwoc.github.io/requirements.java/${project.version}/docs/api/
>     ${rootBaseDir}/java/target/apidocs/
>   
> {noformat}
>  
>  
> Running the "attach-javadocs" goal works fine in version 3.8.0 but if I 
> update to version 3.10.0 the execution fails with:
>  
>  
> {noformat}
> [ERROR] The given File link: 
> C:\Users\Gili\Documents\requirements.java\guava\..\java\target\apidocs is not 
> a dir.
> [ERROR] Error fetching link: 
> C:\Users\Gili\Documents\requirements.java\guava/../java/target/apidocs/. 
> Ignored it.  {noformat}
>  
> Under version 3.8.0 the target/apidocs directory is created and the javadoc 
> is generated. Under version 3.10.0 the error is thrown and the apidocs 
> directory is never created.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MNG-8258] activate Reproducible Builds by default [maven]



desruisseaux commented on PR #1726:
URL: https://github.com/apache/maven/pull/1726#issuecomment-2373444529

   Correct me if I'm wrong, but it seems to me that one of the main goals of 
reproducible build is security: allowing developers to verify that the released 
JAR files do not contain altered byte codes (e.g. malicious code injected by a 
compromised compiler). For this goal, the timestamp of ZIP entries does not 
matter. Only the content of ZIP entries matter. In my understanding, a 
verification focussed on what matter is called "semantically reproducible 
build" or "semantic equivalency".
   
   [Microsoft seems to propose a tool for semantic 
equivalency](https://github.com/microsoft/OSSGadget/wiki/OSS-Reproducible) at 
least for NPM packages. Are we pushing a bit for bit reproducible build because 
we have no easy tool for semantic equivalency? If yes, what about instead 
developing a new Maven plugin or modifying `maven-deploy-plugin` with a new 
goal? Instead of deploying to the server, it would download from the server and 
compare the ZIP **content**. Differences in timestamp and compression would be 
ignored. We could also ignore a limited set of `META-INF` attributes.
   
   This proposal would allow the following workflow during release: the release 
manager deploys the JAR files on a staging repository and give the URL to other 
developers. Other developers would use that URL with the above-cited new 
plugin, which would automatically build the project and compare semantically 
with the JARs on the staging repository.
   
   >> as a developer, I want to build my source code twice and get the same 
output (which will also help build-cache)
   
   > To be honest I never wanted that in the last 10+years :-D
   
   Same for me. What I want is security check. Actually, I would rather not 
desire bit for bit reproducibility, as I would find more useful to keep the 
(non-standard) `Built-By` and `Built-On` attributes in `META-INF` with accurate 
values if it can be done without compromising security.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Created] (MARTIFACT-70) jetty-jspc-maven-plugin is build reproducible since 11.0.0

2024-09-25 Thread Olivier Lamy (Jira)

Olivier Lamy created MARTIFACT-70:
-

 Summary: jetty-jspc-maven-plugin is build reproducible since 11.0.0
 Key: MARTIFACT-70
 URL: https://issues.apache.org/jira/browse/MARTIFACT-70
 Project: Maven Artifact Plugin
  Issue Type: Task
Reporter: Olivier Lamy
Assignee: Olivier Lamy






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MARTIFACT-70) jetty-jspc-maven-plugin is build reproducible since 11.0.0



[ 
https://issues.apache.org/jira/browse/MARTIFACT-70?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884541#comment-17884541
 ] 

ASF GitHub Bot commented on MARTIFACT-70:
-

olamy opened a new pull request, #57:
URL: https://github.com/apache/maven-artifact-plugin/pull/57

   Signed-off-by: Olivier Lamy 
   




> jetty-jspc-maven-plugin is build reproducible since 11.0.0
> --
>
> Key: MARTIFACT-70
> URL: https://issues.apache.org/jira/browse/MARTIFACT-70
> Project: Maven Artifact Plugin
>  Issue Type: Task
>Reporter: Olivier Lamy
>Assignee: Olivier Lamy
>Priority: Major
> Fix For: 3.5.2
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MARTIFACT-70] jetty-jspc-maven-plugin is build reproducible since 11.0.0 [maven-artifact-plugin]



olamy commented on PR #57:
URL: 
https://github.com/apache/maven-artifact-plugin/pull/57#issuecomment-2373488179

   Apache Tomcat change 
https://github.com/apache/tomcat/commit/374690d5793248f26d5894a33bb5ed562e22da91#diff-57d2f0a72170743f6c3687a48997b2aa37d8d209efe200f00a0b9dc51fc7e572


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Updated] (MARTIFACT-70) jetty-jspc-maven-plugin is build reproducible since 11.0.0



 [ 
https://issues.apache.org/jira/browse/MARTIFACT-70?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

ASF GitHub Bot updated MARTIFACT-70:

Labels: pull-request-available  (was: )

> jetty-jspc-maven-plugin is build reproducible since 11.0.0
> --
>
> Key: MARTIFACT-70
> URL: https://issues.apache.org/jira/browse/MARTIFACT-70
> Project: Maven Artifact Plugin
>  Issue Type: Task
>Reporter: Olivier Lamy
>Assignee: Olivier Lamy
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.5.2
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MARTIFACT-70) jetty-jspc-maven-plugin is build reproducible since 11.0.0

2024-09-25 Thread Olivier Lamy (Jira)



[ 
https://issues.apache.org/jira/browse/MARTIFACT-70?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884542#comment-17884542
 ] 

Olivier Lamy commented on MARTIFACT-70:
---

thanks to Apache Tomcat change 
https://github.com/apache/tomcat/commit/374690d5793248f26d5894a33bb5ed562e22da91#diff-57d2f0a72170743f6c3687a48997b2aa37d8d209efe200f00a0b9dc51fc7e572

> jetty-jspc-maven-plugin is build reproducible since 11.0.0
> --
>
> Key: MARTIFACT-70
> URL: https://issues.apache.org/jira/browse/MARTIFACT-70
> Project: Maven Artifact Plugin
>  Issue Type: Task
>Reporter: Olivier Lamy
>Assignee: Olivier Lamy
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.5.2
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (MARTIFACT-70) jetty-jspc-maven-plugin is build reproducible since 11.0.0

2024-09-25 Thread Olivier Lamy (Jira)



 [ 
https://issues.apache.org/jira/browse/MARTIFACT-70?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Olivier Lamy updated MARTIFACT-70:
--
Fix Version/s: 3.5.2

> jetty-jspc-maven-plugin is build reproducible since 11.0.0
> --
>
> Key: MARTIFACT-70
> URL: https://issues.apache.org/jira/browse/MARTIFACT-70
> Project: Maven Artifact Plugin
>  Issue Type: Task
>Reporter: Olivier Lamy
>Assignee: Olivier Lamy
>Priority: Major
> Fix For: 3.5.2
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MARTIFACT-70) jetty-jspc-maven-plugin is build reproducible since 11.0.0



[ 
https://issues.apache.org/jira/browse/MARTIFACT-70?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884543#comment-17884543
 ] 

ASF GitHub Bot commented on MARTIFACT-70:
-

olamy commented on PR #57:
URL: 
https://github.com/apache/maven-artifact-plugin/pull/57#issuecomment-2373488179

   Apache Tomcat change 
https://github.com/apache/tomcat/commit/374690d5793248f26d5894a33bb5ed562e22da91#diff-57d2f0a72170743f6c3687a48997b2aa37d8d209efe200f00a0b9dc51fc7e572




> jetty-jspc-maven-plugin is build reproducible since 11.0.0
> --
>
> Key: MARTIFACT-70
> URL: https://issues.apache.org/jira/browse/MARTIFACT-70
> Project: Maven Artifact Plugin
>  Issue Type: Task
>Reporter: Olivier Lamy
>Assignee: Olivier Lamy
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.5.2
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] Feature add rat head to m2.conf [maven]



XenoAmess commented on code in PR #1743:
URL: https://github.com/apache/maven/pull/1743#discussion_r1774808141


##
maven-bom/pom.xml:
##
@@ -204,6 +204,14 @@ under the License.
   
 
   
+  
+com.diffplug.spotless
+spotless-maven-plugin

Review Comment:
   @cstamas removed. hope you find another better way for resolving this.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump org.junit:junit-bom from 5.11.0 to 5.11.1 [maven-reporting-impl]



dependabot[bot] opened a new pull request, #51:
URL: https://github.com/apache/maven-reporting-impl/pull/51

   Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 
5.11.0 to 5.11.1.
   
   Release notes
   Sourced from https://github.com/junit-team/junit5/releases";>org.junit:junit-bom's 
releases.
   
   JUnit 5.11.1 = Platform 1.11.1 + Jupiter 5.11.1 + Vintage 5.11.1
   See http://junit.org/junit5/docs/5.11.1/release-notes/";>Release 
Notes.
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1
   
   
   
   Commits
   
   https://github.com/junit-team/junit5/commit/e4b2c0c1384dd980abbd61c11322c419cf7cd1eb";>e4b2c0c
 Release 5.11.1
   https://github.com/junit-team/junit5/commit/c37b179f74e06ddaa7a86d82ff4ea2a8d04a0ea9";>c37b179
 Finalize 5.11.1 release notes
   https://github.com/junit-team/junit5/commit/a7b1c49702ddf8113a7e74da2cfe6ca9e3e35521";>a7b1c49
 Include 5.10.4 release notes
   https://github.com/junit-team/junit5/commit/3646b7d37e3401d9cda0106290bbf9cb36a735b2";>3646b7d
 Document benefits of messageSupplier in Assertions 
(https://redirect.github.com/junit-team/junit5/issues/3938";>#3938)
   https://github.com/junit-team/junit5/commit/6b9f15d9d53ceef1db1a0fa1fd3e7f38f757e88e";>6b9f15d
 Delete unnecessary (and potentially misleading) comment in User Guide
   https://github.com/junit-team/junit5/commit/98dafd3746dcf141ac8b5906f26e69e9a140ff5d";>98dafd3
 Reduce flakiness
   https://github.com/junit-team/junit5/commit/6529d8d4b14e0ab2b9134a9d9b0d9260ba2f6410";>6529d8d
 Allow for work stealing when only holding read locks (https://redirect.github.com/junit-team/junit5/issues/4012";>#4012)
   https://github.com/junit-team/junit5/commit/0d25a5a0ddab609df3d7382264b050dc61f54d2f";>0d25a5a
 Fix YAML syntax
   https://github.com/junit-team/junit5/commit/28dd375d31995365ed36c40270be619b4d64be99";>28dd375
 Fix step label
   https://github.com/junit-team/junit5/commit/348ef61d6b2f945cb0bf315b97eef80a41686a88";>348ef61
 Switch to Temurin for JDK 23 (https://redirect.github.com/junit-team/junit5/issues/4005";>#4005)
   Additional commits viewable in https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit:junit-bom&package-manager=maven&previous-version=5.11.0&new-version=5.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Created] (MJAVADOC-814) Ability to split grouped packages over multiple lines

2024-09-25 Thread Richard Eckart de Castilho (Jira)

Richard Eckart de Castilho created MJAVADOC-814:
---

 Summary: Ability to split grouped packages over multiple lines
 Key: MJAVADOC-814
 URL: https://issues.apache.org/jira/browse/MJAVADOC-814
 Project: Maven Javadoc Plugin
  Issue Type: New Feature
  Components: javadoc
Affects Versions: 3.10.0
Reporter: Richard Eckart de Castilho


When configuring groups, the packages in the group need to be written on a 
single line separated with colons.

{noformat}

  
Core

  org.apache.uima.analysis_component:org.apache.uima.analysis_engine

  

{noformat}

If there are many packages that can not easily be captured using a prefix 
pattern, this yields a very long line.

It would be greate if one could split the packages over multiple lines such as

{noformat}

  
Core

  org.apache.uima.analysis_component:
  org.apache.uima.analysis_engine

  

{noformat}

The code internally already calls 
{{org.apache.maven.plugins.javadoc.JavadocUtil.quotedArgument(String)}} to 
sanitze the line breaks away, but it seems the whitespace still breaks it and 
javadoc tool in the end only recognizes the first package in the multi-line 
group. 

Even nicer may be.

{noformat}

  
Core

  org.apache.uima.analysis_component
  org.apache.uima.analysis_engine

  

{noformat}




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MNG-8231) Maven (3.9) documentation site points to wrong version of the resolver site (2.x)

2024-09-25 Thread Didier Loiseau (Jira)



[ 
https://issues.apache.org/jira/browse/MNG-8231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884667#comment-17884667
 ] 

Didier Loiseau commented on MNG-8231:
-

[~cstamas], I have created the PR as you suggested two weeks ago, but it seems 
to have been left unseen 😏

> Maven (3.9) documentation site points to wrong version of the resolver site 
> (2.x)
> -
>
> Key: MNG-8231
> URL: https://issues.apache.org/jira/browse/MNG-8231
> Project: Maven
>  Issue Type: Bug
>  Components: Documentation:  General, Documentation: Guides
>Affects Versions: 3.9.9
>Reporter: Didier Loiseau
>Priority: Major
>
> The page [Guide for Resolver 
> Transport|https://maven.apache.org/guides/mini/guide-resolver-transport.html] 
> has a link at the end of the page:
> {quote} * For Native HTTP transport detailed configuration user properties 
> are [collected on this 
> page|https://maven.apache.org/resolver/configuration.html].{quote}
> This links points to the non-versioned site of the Maven Resolver, which is 
> now in version 2.x, however the latest release of Maven (3.9.9) still appears 
> to use version 1.9.x.
> I was trying to disable redirects, as documented in the mentioned page, but 
> it seems this was introduced in 2.x, as per MRESOLVER-595 – so only available 
> in the upcoming Maven 4.x, as far as I understand.
> I didn’t check if other pages were affected, nor was I able to find the 
> actual documentation for Resolver 1.9.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (MDEP-955) unpack ignores global fileMappers

2024-09-25 Thread Jonah Bauer (Jira)

Jonah Bauer created MDEP-955:


 Summary: unpack ignores global fileMappers
 Key: MDEP-955
 URL: https://issues.apache.org/jira/browse/MDEP-955
 Project: Maven Dependency Plugin
  Issue Type: Bug
  Components: unpack
Affects Versions: 3.8.0
 Environment: Windows 11, Java 21, Maven 3.8.6, Maven Dependency Plugin 
3.8.0
Reporter: Jonah Bauer


I was trying to use the {{unpack}} goal to unpack multiple artifacts with a 
similar structure (namely webjars) and rewrite their filenames using a common 
file mapper. The {{unpack}} goal conveniently defines the property 
{{fileMappers}} which seems suited for this use case. The configuration is as 
follows
{code:xml}

org.apache.maven.plugins
maven-dependency-plugin
3.8.0


unpack-libraries
generate-resources

unpack




org.webjars.npm
chart.js
${chartjs.version}


org.webjars.npm
chartjs-adapter-date-fns
3.0.0


META-INF/resources/webjars/*/*/dist/**

${project.build.directory}/generated-resources/libraries




^META-INF/resources/webjars/([^/]+)/[^/]+/dist/
./$1/



            



{code}
This, however, does not work. While the artifacts are unpacked to the target 
directory, the globally configured {{fileMappers}} did not seem to take any 
effect.

After looking into the code of {{UnpackMojo}} it seems the 
{{UnpackMojo::getFileMappers}} method is unused. In 
{{UnpackMojo::getProcessedArtifactItems}} the {{includes}} and {{excludes}} of 
each artifact item are set to the globally configured values if empty, but the 
file mappers are left unchanged.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] Bump Maven 4 from 4.0.0-beta-3 ot 4.0.0-beta-4 [maven-gh-actions-shared]



slachiewicz commented on PR #110:
URL: 
https://github.com/apache/maven-gh-actions-shared/pull/110#issuecomment-2373365050

   LGTM 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] [MNG-8258] activate Reproducible Builds by default [maven]

laeubi commented on PR #1726:
URL: https://github.com/apache/maven/pull/1726#issuecomment-2373651297

> f yes, what about instead developing a new Maven plugin or modifying
`maven-deploy-plugin` with a new goal? Instead of deploying to the server, it
would download from the server and compare the ZIP **content**. Differences in
timestamp and compression would be ignored. We could also ignore a limited set
of `META-INF` attributes.

Tycho has exactly this kind of "semantic equivalency" here:
-
https://github.com/eclipse-tycho/tycho/tree/main/tycho-artifactcomparator/src/main/java/org/eclipse/tycho/zipcomparator/internal

it is not used for "reproducibility" instead it is used to check if an
artifact only differs in version, and in this case the artifact is not
deployed. Additionally if it differs but version has not changed one gets an
error / warning that one needs to increment the version (this is similar to
this use-case here: If i build the same version the jar should be "semantic
equivalent".

This currently even can detect if a file only differs in line endings
(e.g.`\r\n` versus `\n`) and some normalization of Manifests (e.g. order does
not matter) and other types like XML (e.g. only attribute ordering changed)
and even properties files (e.g. order of properties is ignored).

--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MNG-8258) activate Reproducible Builds by default



[ 
https://issues.apache.org/jira/browse/MNG-8258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884639#comment-17884639
 ] 

Herve Boutemy commented on MNG-8258:


bq. Would it be possible to get the warning from Maven instead of having to run 
a plugin to find that ?

of course, plugin code can go into Maven core: but is it a good idea?
for example: do we code enforcer's JDK and Maven minimum version checks into 
core, or le the plugin do its job when people are interested to check?

the spirit for now is: have a reasonable default even if basic, let people 
override if they are more opinionated (disable or get a value dedicated to 
their project instead of default)

adding warning for people who don't care is just causing friction (the type of 
friction we removed when adding default encodings)

> activate Reproducible Builds by default
> ---
>
> Key: MNG-8258
> URL: https://issues.apache.org/jira/browse/MNG-8258
> Project: Maven
>  Issue Type: New Feature
>  Components: Core
>Affects Versions: 3.9.9, 4.0.0-beta-4
>Reporter: Herve Boutemy
>Priority: Major
> Fix For: 4.0.0-beta-5
>
>
> Reproducible Builds is a good practice that is easy to enable: it would be 
> nice to enable it by default, and have projects disable it of they really 
> have a problem with the default bahaviour
> result can be checked by running {{mvn artifact:check-buildplan}} on a 
> minimal pom.xml:
> - before: {{[ERROR] Reproducible Build not activated by 
> project.build.outputTimestamp property: see 
> https://maven.apache.org/guides/mini/guide-reproducible-builds.html}}
> - after: {{[WARNING]  property is inherited, 
> it should be defined in pom.xml}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (MNG-8258) activate Reproducible Builds by default



 [ 
https://issues.apache.org/jira/browse/MNG-8258?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Herve Boutemy updated MNG-8258:
---
Description: 
Reproducible Builds is a good practice that is easy to enable: it would be nice 
to enable it by default, and have projects disable it of they really have a 
problem with the default bahaviour

result can be checked by running {{mvn artifact:check-buildplan}} on a minimal 
pom.xml (to check that the PR does what it promised to do = enable RB by 
default):
- before: {{[ERROR] Reproducible Build not activated by 
project.build.outputTimestamp property: see 
https://maven.apache.org/guides/mini/guide-reproducible-builds.html}}
- after: {{[WARNING]  property is inherited, it 
should be defined in pom.xml}}

  was:
Reproducible Builds is a good practice that is easy to enable: it would be nice 
to enable it by default, and have projects disable it of they really have a 
problem with the default bahaviour

result can be checked by running {{mvn artifact:check-buildplan}} on a minimal 
pom.xml:
- before: {{[ERROR] Reproducible Build not activated by 
project.build.outputTimestamp property: see 
https://maven.apache.org/guides/mini/guide-reproducible-builds.html}}
- after: {{[WARNING]  property is inherited, it 
should be defined in pom.xml}}


> activate Reproducible Builds by default
> ---
>
> Key: MNG-8258
> URL: https://issues.apache.org/jira/browse/MNG-8258
> Project: Maven
>  Issue Type: New Feature
>  Components: Core
>Affects Versions: 3.9.9, 4.0.0-beta-4
>Reporter: Herve Boutemy
>Priority: Major
> Fix For: 4.0.0-beta-5
>
>
> Reproducible Builds is a good practice that is easy to enable: it would be 
> nice to enable it by default, and have projects disable it of they really 
> have a problem with the default bahaviour
> result can be checked by running {{mvn artifact:check-buildplan}} on a 
> minimal pom.xml (to check that the PR does what it promised to do = enable RB 
> by default):
> - before: {{[ERROR] Reproducible Build not activated by 
> project.build.outputTimestamp property: see 
> https://maven.apache.org/guides/mini/guide-reproducible-builds.html}}
> - after: {{[WARNING]  property is inherited, 
> it should be defined in pom.xml}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Comment Edited] (MNG-8258) activate Reproducible Builds by default



[ 
https://issues.apache.org/jira/browse/MNG-8258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884639#comment-17884639
 ] 

Herve Boutemy edited comment on MNG-8258 at 9/25/24 3:06 PM:
-

bq. Would it be possible to get the warning from Maven instead of having to run 
a plugin to find that ?

of course, plugin code can go into Maven core: but is it a good idea?
for example: do we code enforcer's JDK and Maven minimum version checks into 
core, or let the plugin do its job when people are interested to check?

the spirit for now is: have a reasonable default even if basic, let people 
override if they are more opinionated (disable or get a value dedicated to 
their project instead of default)

adding warning for people who don't care is just causing friction (the type of 
friction we removed when adding default encodings)


was (Author: hboutemy):
bq. Would it be possible to get the warning from Maven instead of having to run 
a plugin to find that ?

of course, plugin code can go into Maven core: but is it a good idea?
for example: do we code enforcer's JDK and Maven minimum version checks into 
core, or le the plugin do its job when people are interested to check?

the spirit for now is: have a reasonable default even if basic, let people 
override if they are more opinionated (disable or get a value dedicated to 
their project instead of default)

adding warning for people who don't care is just causing friction (the type of 
friction we removed when adding default encodings)

> activate Reproducible Builds by default
> ---
>
> Key: MNG-8258
> URL: https://issues.apache.org/jira/browse/MNG-8258
> Project: Maven
>  Issue Type: New Feature
>  Components: Core
>Affects Versions: 3.9.9, 4.0.0-beta-4
>Reporter: Herve Boutemy
>Priority: Major
> Fix For: 4.0.0-beta-5
>
>
> Reproducible Builds is a good practice that is easy to enable: it would be 
> nice to enable it by default, and have projects disable it of they really 
> have a problem with the default bahaviour
> result can be checked by running {{mvn artifact:check-buildplan}} on a 
> minimal pom.xml (to check that the PR does what it promised to do = enable RB 
> by default):
> - before: {{[ERROR] Reproducible Build not activated by 
> project.build.outputTimestamp property: see 
> https://maven.apache.org/guides/mini/guide-reproducible-builds.html}}
> - after: {{[WARNING]  property is inherited, 
> it should be defined in pom.xml}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MNG-6276) Support Reproducible Builds (https://reproducible-builds.org)



[ 
https://issues.apache.org/jira/browse/MNG-6276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884645#comment-17884645
 ] 

Herve Boutemy commented on MNG-6276:


next step is now  MNG-8258 activate Reproducible Builds by default 

> Support Reproducible Builds (https://reproducible-builds.org)
> -
>
> Key: MNG-6276
> URL: https://issues.apache.org/jira/browse/MNG-6276
> Project: Maven
>  Issue Type: New Feature
>  Components: Core, General
>Reporter: Paolo Sacconier
>Assignee: Herve Boutemy
>Priority: Major
>  Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> A venerable build system like Maven should support full build reproducibilty 
> (i.e. producing bit a bit identical binaries from the same source).
> As initiatives like https://reproducible-builds.org gain traction and the 
> news of the recent Debian policy change to mandate this build behavior (see 
> https://reproducible.alioth.debian.org/blog/posts/121/), this seems a feature 
> that needs to be considered for inclusion into Maven core & core plugins.
> There is an independent ongoing effort to support this feature and the author 
> stated that he has found interest from maven project to integrate his work: 
> https://github.com/Zlika/reproducible-build-maven-plugin/issues/6#issuecomment-325005883
> I hope this issue helps kickstart the effort.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (MNG-8258) activate Reproducible Builds by default



 [ 
https://issues.apache.org/jira/browse/MNG-8258?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Herve Boutemy updated MNG-8258:
---
Description: 
Reproducible Builds is a good practice that is easy to enable: it would be nice 
to enable it by default, and have projects
- either disable it 
({{x}}) if they 
really have a problem with the default Reproducible behaviour
- or customize locally the value of the default Maven core-provided timestamp, 
to have a project-specific value


  was:
Reproducible Builds is a good practice that is easy to enable: it would be nice 
to enable it by default, and have projects disable it of they really have a 
problem with the default bahaviour

result can be checked by running {{mvn artifact:check-buildplan}} on a minimal 
pom.xml (to check that the PR does what it promised to do = enable RB by 
default):
- before: {{[ERROR] Reproducible Build not activated by 
project.build.outputTimestamp property: see 
https://maven.apache.org/guides/mini/guide-reproducible-builds.html}}
- after: {{[WARNING]  property is inherited, it 
should be defined in pom.xml}}


> activate Reproducible Builds by default
> ---
>
> Key: MNG-8258
> URL: https://issues.apache.org/jira/browse/MNG-8258
> Project: Maven
>  Issue Type: New Feature
>  Components: Core
>Affects Versions: 3.9.9, 4.0.0-beta-4
>Reporter: Herve Boutemy
>Priority: Major
> Fix For: 4.0.0-beta-5
>
>
> Reproducible Builds is a good practice that is easy to enable: it would be 
> nice to enable it by default, and have projects
> - either disable it 
> ({{x}}) if 
> they really have a problem with the default Reproducible behaviour
> - or customize locally the value of the default Maven core-provided 
> timestamp, to have a project-specific value



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MNG-8258] activate Reproducible Builds by default [maven]



gnodet commented on PR #1726:
URL: https://github.com/apache/maven/pull/1726#issuecomment-2374461603

   > > I disagree. Having the binaries being stable allows some optimisation in 
the build downstream. I'd really like to keep that.
   > 
   > One can always use the file modification time, e.g as far as I know maven 
already tries to not overwrite a file if it is the same bytes on some places, 
now the same must only be applied to jar (what actually can be seen as a 
FileSystem where individual item might or might not be updated / deleted / 
added).
   
   Yes, that's what we do, we don't overwrite if nothing has changed.  But if 
you change the timestamp of the zip entries, the binary zip file will differ, 
and maven will overwrite. Which would break the whole thing.
   
   > 
   > > If the generated jar for a dependency is changed (with a different 
timestamp in the zip), the compiler needs to recompile for example.
   > 
   > But now with a fixed timestamp by default how will one know the dependency 
has "changed"? Especially for this case a "semantic equivalence" would pay of, 
e.g. compilation must not be performed if only a resource changed in a jar or a 
property file but only with class file changes. One can even go a step further 
and say that recompilation is even only needed if a `public` or `(package) 
protected` member/ field was changed ...
   
   This is not the timestamped of the files afaik.  When you copy a file, maven 
does not set the timestamp to the value we're talking about here.  This is 
irrelevant here.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] [MNG-8258] activate Reproducible Builds by default [maven]



gnodet commented on PR #1726:
URL: https://github.com/apache/maven/pull/1726#issuecomment-2374464827

   > > Having the binaries being stable allows some optimisation in the build 
downstream. I'd really like to keep that. This allows the compiler to skip as 
the input and dependencies have not changed, same for resources, which cascades 
to the entire build. If the generated jar for a dependency is changed (with a 
different timestamp in the zip), the compiler needs to recompile for example.
   > 
   > I agree with this goal, but I don't think that we need reproducible build 
for that. By default, `javac --module` recompiles only the Java source files 
that are newer than the corresponding `.class` files 
([source](https://docs.oracle.com/en/java/javase/23/docs/specs/man/javac.html#option-module)).
 Maven compiler plugin goes a bit further by caching a list of files compiled 
in the previous build. We discussed a few months ago on the mailing list about 
a mechanism for allowing the compiler plugin to tell other plugins that it 
found no change. If the JAR plugin knows that all previous plugins did nothing, 
it can do nothing too. The JAR file would be unchanged, allowing the rest of 
the build chain to know that nothing changed.
   > 
   > Relying on reproducible build for avoiding unnecessary recomputation is 
useful only if the previous step has already done unnecessary recomputation 
anyway, since it rewrote an identical JAR file. So the goal have been 
half-missed, and would be more efficiently achieved by the approach proposed in 
the previous paragraph.
   
   I don't think so.  Try it on maven.  Just run `mvn -DskipTests package` 
multiple times.  No jars will be modified.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] [MARTIFACT-70] jetty-jspc-maven-plugin is build reproducible since 11.0.0 [maven-artifact-plugin]



hboutemy commented on PR #57:
URL: 
https://github.com/apache/maven-artifact-plugin/pull/57#issuecomment-2374482486

   @olamy IIUC, this has been integrated into Jetty 11.0.21 and 12.0.8 
https://github.com/jetty/jetty.project/commit/6a10c65c359704f94b540447b7bf455b29322c94
 , isn't it?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MARTIFACT-70) jetty-jspc-maven-plugin is build reproducible since 11.0.0



[ 
https://issues.apache.org/jira/browse/MARTIFACT-70?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884651#comment-17884651
 ] 

ASF GitHub Bot commented on MARTIFACT-70:
-

hboutemy commented on PR #57:
URL: 
https://github.com/apache/maven-artifact-plugin/pull/57#issuecomment-2374482486

   @olamy IIUC, this has been integrated into Jetty 11.0.21 and 12.0.8 
https://github.com/jetty/jetty.project/commit/6a10c65c359704f94b540447b7bf455b29322c94
 , isn't it?




> jetty-jspc-maven-plugin is build reproducible since 11.0.0
> --
>
> Key: MARTIFACT-70
> URL: https://issues.apache.org/jira/browse/MARTIFACT-70
> Project: Maven Artifact Plugin
>  Issue Type: Task
>Reporter: Olivier Lamy
>Assignee: Olivier Lamy
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.5.2
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (MPMD-406) java.lang.NoSuchMethodError: 'void org.apache.maven.doxia.sink.Sink.verbatim()' updating from 3.24.0 to 3.25.0



 [ 
https://issues.apache.org/jira/browse/MPMD-406?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Osipov closed MPMD-406.
---
Fix Version/s: (was: waiting-for-feedback)
   (was: wontfix-candidate)
   Resolution: Information Provided

> java.lang.NoSuchMethodError: 'void 
> org.apache.maven.doxia.sink.Sink.verbatim()' updating from 3.24.0 to 3.25.0
> --
>
> Key: MPMD-406
> URL: https://issues.apache.org/jira/browse/MPMD-406
> Project: Maven PMD Plugin
>  Issue Type: Bug
>Affects Versions: 3.25.0
> Environment: openjdk version "17.0.12" 2024-07-16
> OpenJDK Runtime Environment Homebrew (build 17.0.12+0)
> OpenJDK 64-Bit Server VM Homebrew (build 17.0.12+0, mixed mode, sharing)
> Apache Maven 3.9.9 (8e8579a9e76f7d015ee5ec7bfcdc97d260186937)
> Maven home: /usr/local/Cellar/maven/3.9.9/libexec
> Java version: 17.0.12, vendor: Homebrew, runtime: 
> /usr/local/Cellar/openjdk@17/17.0.12/libexec/openjdk.jdk/Contents/Home
> Default locale: en_US, platform encoding: UTF-8
> OS name: "mac os x", version: "14.6.1", arch: "x86_64", family: "mac"
> Darwin  23.6.0 Darwin Kernel Version 23.6.0: Mon Jul 29 21:13:00 PDT 
> 2024; root:xnu-10063.141.2~1/RELEASE_X86_64 x86_64
>Reporter: Gary D. Gregory
>Assignee: Michael Osipov
>Priority: Major
>
> java.lang.NoSuchMethodError: 'void 
> org.apache.maven.doxia.sink.Sink.verbatim()' updating from 3.24.0 to 3.25.0
> {noformat}
> java.lang.NoSuchMethodError: 'void 
> org.apache.maven.doxia.sink.Sink.verbatim()'
> at org.apache.maven.reporting.AbstractMavenReportRenderer.verbatimText 
> (AbstractMavenReportRenderer.java:363)
> at org.apache.maven.plugins.pmd.CpdReportRenderer.renderDuplications 
> (CpdReportRenderer.java:171)
> at org.apache.maven.plugins.pmd.CpdReportRenderer.renderBody 
> (CpdReportRenderer.java:96)
> at org.apache.maven.reporting.AbstractMavenReportRenderer.render 
> (AbstractMavenReportRenderer.java:93)
> at org.apache.maven.plugins.pmd.CpdReport.executeReport 
> (CpdReport.java:140)
> at org.apache.maven.reporting.AbstractMavenReport.generate 
> (AbstractMavenReport.java:354)
> at 
> org.apache.maven.plugins.site.render.ReportDocumentRenderer.renderDocument 
> (ReportDocumentRenderer.java:226)
> at org.apache.maven.doxia.siterenderer.DefaultSiteRenderer.render 
> (DefaultSiteRenderer.java:348)
> at org.apache.maven.plugins.site.render.SiteMojo.renderLocale 
> (SiteMojo.java:194)
> at org.apache.maven.plugins.site.render.SiteMojo.execute 
> (SiteMojo.java:143)
> at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo 
> (DefaultBuildPluginManager.java:126)
> at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 
> (MojoExecutor.java:328)
> at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute 
> (MojoExecutor.java:316)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute 
> (MojoExecutor.java:212)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute 
> (MojoExecutor.java:174)
> at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 
> (MojoExecutor.java:75)
> at org.apache.maven.lifecycle.internal.MojoExecutor$1.run 
> (MojoExecutor.java:162)
> at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute 
> (DefaultMojosExecutionStrategy.java:39)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute 
> (MojoExecutor.java:159)
> at 
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject 
> (LifecycleModuleBuilder.java:105)
> at 
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject 
> (LifecycleModuleBuilder.java:73)
> at 
> org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
>  (SingleThreadedBuilder.java:53)
> at org.apache.maven.lifecycle.internal.LifecycleStarter.execute 
> (LifecycleStarter.java:118)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
> at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
> at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
> at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
> at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke 
> (NativeMethodAccessorImpl.java:77)
> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke 
> (DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke (Method.java:569)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced 
> (Launcher

[jira] [Commented] (MPMD-405) No release notes for 3.25.0 on https://maven.apache.org/plugins/maven-pmd-plugin/releasenotes.html



[ 
https://issues.apache.org/jira/browse/MPMD-405?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884590#comment-17884590
 ] 

Michael Osipov commented on MPMD-405:
-

[~adangel], do you want to keep updating this for every single release?

> No release notes for 3.25.0 on 
> https://maven.apache.org/plugins/maven-pmd-plugin/releasenotes.html
> --
>
> Key: MPMD-405
> URL: https://issues.apache.org/jira/browse/MPMD-405
> Project: Maven PMD Plugin
>  Issue Type: Bug
>Reporter: Gary D. Gregory
>Priority: Major
>
> HI All,
> There are no release notes for 3.25.0 on 
> https://maven.apache.org/plugins/maven-pmd-plugin/releasenotes.html



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (MPMD-405) No release notes for 3.25.0 on https://maven.apache.org/plugins/maven-pmd-plugin/releasenotes.html



 [ 
https://issues.apache.org/jira/browse/MPMD-405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Osipov reassigned MPMD-405:
---

Assignee: Michael Osipov

> No release notes for 3.25.0 on 
> https://maven.apache.org/plugins/maven-pmd-plugin/releasenotes.html
> --
>
> Key: MPMD-405
> URL: https://issues.apache.org/jira/browse/MPMD-405
> Project: Maven PMD Plugin
>  Issue Type: Bug
>Reporter: Gary D. Gregory
>Assignee: Michael Osipov
>Priority: Major
>
> HI All,
> There are no release notes for 3.25.0 on 
> https://maven.apache.org/plugins/maven-pmd-plugin/releasenotes.html



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (MPMD-405) No release notes for 3.25.0 on https://maven.apache.org/plugins/maven-pmd-plugin/releasenotes.html



 [ 
https://issues.apache.org/jira/browse/MPMD-405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Osipov reassigned MPMD-405:
---

Assignee: (was: Michael Osipov)

> No release notes for 3.25.0 on 
> https://maven.apache.org/plugins/maven-pmd-plugin/releasenotes.html
> --
>
> Key: MPMD-405
> URL: https://issues.apache.org/jira/browse/MPMD-405
> Project: Maven PMD Plugin
>  Issue Type: Bug
>Reporter: Gary D. Gregory
>Priority: Major
>
> HI All,
> There are no release notes for 3.25.0 on 
> https://maven.apache.org/plugins/maven-pmd-plugin/releasenotes.html



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[PR] Bump org.jetbrains:annotations from 24.1.0 to 25.0.0 [maven-doxia]



dependabot[bot] opened a new pull request, #231:
URL: https://github.com/apache/maven-doxia/pull/231

   Bumps 
[org.jetbrains:annotations](https://github.com/JetBrains/java-annotations) from 
24.1.0 to 25.0.0.
   
   Release notes
   Sourced from https://github.com/JetBrains/java-annotations/releases";>org.jetbrains:annotations's
 releases.
   
   25.0.0
   
   Added Kotlin Multiplatform artifact (multiplatform-annotations).
   Removed Java 5 artifact.
   
   
   
   
   Changelog
   Sourced from https://github.com/JetBrains/java-annotations/blob/master/CHANGELOG.md";>org.jetbrains:annotations's
 changelog.
   
   Version 25.0.0
   
   Added Kotlin Multiplatform artifact (multiplatform-annotations).
   Removed Java 5 artifact.
   
   
   
   
   Commits
   
   https://github.com/JetBrains/java-annotations/commit/daa47891c4b233820ac528947a1bd4a191de1822";>daa4789
 Merge pull request https://redirect.github.com/JetBrains/java-annotations/issues/112";>#112
 from serjsysoev/signall
   https://github.com/JetBrains/java-annotations/commit/b1d593d73430e540b1fed0a3017a8819a19f0613";>b1d593d
 Add signAll task that signs all artifacts
   https://github.com/JetBrains/java-annotations/commit/e1ad90fe468c1d46fc15c0fd435b068a9a8a11a4";>e1ad90f
 Merge pull request https://redirect.github.com/JetBrains/java-annotations/issues/111";>#111
 from serjsysoev/multiplatform-publication
   https://github.com/JetBrains/java-annotations/commit/229e51a058b3672eaccb979f4dd0704d37e3db4f";>229e51a
 Add javadoc and common sources publishing
   https://github.com/JetBrains/java-annotations/commit/5d7e0230b12d4f5f59e95fbfb1fd961febfc6ba7";>5d7e023
 Set up multiplatform publishing maintaining jvm artifact name
   https://github.com/JetBrains/java-annotations/commit/bc94c2ffbb0ba073b3f3ae5bc877844b23f3a081";>bc94c2f
 Move the multiplatform project to the root
   https://github.com/JetBrains/java-annotations/commit/7bc931ab0d2cb10a5fa65eba869e049b269c1957";>7bc931a
 Make multiplatform expect/actual implicitly actualizing declarations with 
jav...
   https://github.com/JetBrains/java-annotations/commit/42bb869f44c3a3ea12666dc09d1ed1db7857d592";>42bb869
 Fix multiplatform artifact module-info.java
   https://github.com/JetBrains/java-annotations/commit/243b2f7a3c197bed7d8a6510f742defd745c9f94";>243b2f7
 Remove Java artifact
   https://github.com/JetBrains/java-annotations/commit/a1060cdc5b9a5665768b3f32a49343efef10681c";>a1060cd
 Move java annotations to jvm part of multiplatform artifact
   Additional commits viewable in https://github.com/JetBrains/java-annotations/compare/24.1.0...25.0.0";>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.jetbrains:annotations&package-manager=maven&previous-version=24.1.0&new-version=25.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump org.junit:junit-bom from 5.11.0 to 5.11.1 [maven-doxia]



dependabot[bot] opened a new pull request, #232:
URL: https://github.com/apache/maven-doxia/pull/232

   Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 
5.11.0 to 5.11.1.
   
   Release notes
   Sourced from https://github.com/junit-team/junit5/releases";>org.junit:junit-bom's 
releases.
   
   JUnit 5.11.1 = Platform 1.11.1 + Jupiter 5.11.1 + Vintage 5.11.1
   See http://junit.org/junit5/docs/5.11.1/release-notes/";>Release 
Notes.
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1
   
   
   
   Commits
   
   https://github.com/junit-team/junit5/commit/e4b2c0c1384dd980abbd61c11322c419cf7cd1eb";>e4b2c0c
 Release 5.11.1
   https://github.com/junit-team/junit5/commit/c37b179f74e06ddaa7a86d82ff4ea2a8d04a0ea9";>c37b179
 Finalize 5.11.1 release notes
   https://github.com/junit-team/junit5/commit/a7b1c49702ddf8113a7e74da2cfe6ca9e3e35521";>a7b1c49
 Include 5.10.4 release notes
   https://github.com/junit-team/junit5/commit/3646b7d37e3401d9cda0106290bbf9cb36a735b2";>3646b7d
 Document benefits of messageSupplier in Assertions 
(https://redirect.github.com/junit-team/junit5/issues/3938";>#3938)
   https://github.com/junit-team/junit5/commit/6b9f15d9d53ceef1db1a0fa1fd3e7f38f757e88e";>6b9f15d
 Delete unnecessary (and potentially misleading) comment in User Guide
   https://github.com/junit-team/junit5/commit/98dafd3746dcf141ac8b5906f26e69e9a140ff5d";>98dafd3
 Reduce flakiness
   https://github.com/junit-team/junit5/commit/6529d8d4b14e0ab2b9134a9d9b0d9260ba2f6410";>6529d8d
 Allow for work stealing when only holding read locks (https://redirect.github.com/junit-team/junit5/issues/4012";>#4012)
   https://github.com/junit-team/junit5/commit/0d25a5a0ddab609df3d7382264b050dc61f54d2f";>0d25a5a
 Fix YAML syntax
   https://github.com/junit-team/junit5/commit/28dd375d31995365ed36c40270be619b4d64be99";>28dd375
 Fix step label
   https://github.com/junit-team/junit5/commit/348ef61d6b2f945cb0bf315b97eef80a41686a88";>348ef61
 Switch to Temurin for JDK 23 (https://redirect.github.com/junit-team/junit5/issues/4005";>#4005)
   Additional commits viewable in https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit:junit-bom&package-manager=maven&previous-version=5.11.0&new-version=5.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Created] (MJAVADOC-815) Aggregate goal misses skipped reactor modules when resuming build

2024-09-25 Thread Richard Eckart de Castilho (Jira)

Richard Eckart de Castilho created MJAVADOC-815:
---

 Summary: Aggregate goal misses skipped reactor modules when 
resuming build
 Key: MJAVADOC-815
 URL: https://issues.apache.org/jira/browse/MJAVADOC-815
 Project: Maven Javadoc Plugin
  Issue Type: Bug
Affects Versions: 3.10.0
Reporter: Richard Eckart de Castilho


When resuming a build using {{-rf}}, then the {{javadoc:aggregate}} goal is not 
injected with the reactor modules that are skipped (are before the module being 
resumed from). 

That means the JavaDoc for those skipped modules is not included in the 
aggregate.

I can imagine that to happen when I build using {{-pl}} to build individual 
modules, but if I resume, I would expect all the reactor modules that have 
already been covered and are being resumed over to be part of the reactor 
modules that are provided to the javadoc plugin.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MNG-8258] activate Reproducible Builds by default [maven]



laeubi commented on PR #1726:
URL: https://github.com/apache/maven/pull/1726#issuecomment-2373872580

   > I disagree. Having the binaries being stable allows some optimisation in 
the build downstream. I'd really like to keep that. 
   
   One can always use the file modification time, e.g as far as I know maven 
already tries to not overwrite a file if it is the same bytes on some places, 
now the same must only be applied to jar (what actually can be seen as a 
FileSystem where individual item might or might not be updated / deleted / 
added).
   
   > If the generated jar for a dependency is changed (with a different 
timestamp in the zip), the compiler needs to recompile for example.
   
   But now with a fixed timestamp by default how will one know the dependency 
has "changed"? Especially for this case a "semantic equivalence" would pay of, 
e.g. compilation must not be performed if only a resource changed in a jar or a 
property file but only with class file changes. One can even go a step further 
and say that recompilation is even only needed if a `public` or `(package) 
protected` member/ field was changed ...


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] [MNG-8258] activate Reproducible Builds by default [maven]



gnodet commented on PR #1726:
URL: https://github.com/apache/maven/pull/1726#issuecomment-2373832635

   > Correct me if I'm wrong, but it seems to me that one of the main goals of 
reproducible build is security: allowing developers to verify that the released 
JAR files do not contain altered byte codes (e.g. malicious code injected by a 
compromised compiler). For this goal, the timestamp of ZIP entries does not 
matter. Only the content of ZIP entries matter. In my understanding, a 
verification focussed on what matter is called "semantically reproducible 
build" or "semantic equivalency".
   > 
   > [Microsoft seems to propose a tool for semantic 
equivalency](https://github.com/microsoft/OSSGadget/wiki/OSS-Reproducible) at 
least for NPM packages. Are we pushing a bit for bit reproducible build because 
we have no easy tool for semantic equivalency? If yes, what about instead 
developing a new Maven plugin or modifying `maven-deploy-plugin` with a new 
goal? Instead of deploying to the server, it would download from the server and 
compare the ZIP **content**. Differences in timestamp and compression would be 
ignored. We could also ignore a limited set of `META-INF` attributes.
   > 
   > This proposal would allow the following workflow during release: the 
release manager deploys the JAR files on a staging repository and give the URL 
to other developers. Other developers would use that URL with the above-cited 
new plugin, which would automatically build the project and compare 
semantically with the JARs on the staging repository.
   > 
   > > > as a developer, I want to build my source code twice and get the same 
output (which will also help build-cache)
   > 
   > > To be honest I never wanted that in the last 10+years :-D
   > 
   > Same for me. What I want is security check. Actually, I would rather not 
desire bit for bit reproducibility, as I would find more useful to keep the 
(non-standard) `Built-By` and `Built-On` attributes in `META-INF` with accurate 
values if it can be done without compromising security.
   
   I disagree.  Having the binaries allows some optimisation in the build 
downstream.  I'd really like to keep that.  This allows the compiler to skip as 
the input and dependencies have not changed, same for resources, which cascades 
to the entire build.  If the a generated jar for a dependency is changed (with 
a different timestamp), the compiler needs to recompile for example.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MJAVADOC-814) Ability to split grouped packages over multiple lines



[ 
https://issues.apache.org/jira/browse/MJAVADOC-814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884577#comment-17884577
 ] 

Michael Osipov commented on MJAVADOC-814:
-

I believe that implementing this should be incomplete because the same issue 
applies to these as well:
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#docletPath
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#bootclasspath
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#excludePackageNames
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#excludedocfilessubdir
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#extdirs
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#sourcepath
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#subpackages
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#tagletpath

> Ability to split grouped packages over multiple lines
> -
>
> Key: MJAVADOC-814
> URL: https://issues.apache.org/jira/browse/MJAVADOC-814
> Project: Maven Javadoc Plugin
>  Issue Type: New Feature
>  Components: javadoc
>Affects Versions: 3.10.0
>Reporter: Richard Eckart de Castilho
>Priority: Major
>
> When configuring groups, the packages in the group need to be written on a 
> single line separated with colons.
> {noformat}
> 
>   
> Core
> 
>   org.apache.uima.analysis_component:org.apache.uima.analysis_engine
> 
>   
> 
> {noformat}
> If there are many packages that can not easily be captured using a prefix 
> pattern, this yields a very long line.
> It would be greate if one could split the packages over multiple lines such as
> {noformat}
> 
>   
> Core
> 
>   org.apache.uima.analysis_component:
>   org.apache.uima.analysis_engine
> 
>   
> 
> {noformat}
> The code internally already calls 
> {{org.apache.maven.plugins.javadoc.JavadocUtil.quotedArgument(String)}} to 
> sanitze the line breaks away, but it seems the whitespace still breaks it and 
> javadoc tool in the end only recognizes the first package in the multi-line 
> group. 
> Even nicer may be.
> {noformat}
> 
>   
> Core
> 
>   org.apache.uima.analysis_component
>   org.apache.uima.analysis_engine
> 
>   
> 
> {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Comment Edited] (MJAVADOC-814) Ability to split grouped packages over multiple lines



[ 
https://issues.apache.org/jira/browse/MJAVADOC-814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884577#comment-17884577
 ] 

Michael Osipov edited comment on MJAVADOC-814 at 9/25/24 11:44 AM:
---

I believe that implementing this will be incomplete because the same issue 
applies to these as well:
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#docletPath
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#bootclasspath
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#excludePackageNames
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#excludedocfilessubdir
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#extdirs
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#sourcepath
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#subpackages
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#tagletpath


was (Author: michael-o):
I believe that implementing this should be incomplete because the same issue 
applies to these as well:
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#docletPath
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#bootclasspath
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#excludePackageNames
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#excludedocfilessubdir
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#extdirs
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#sourcepath
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#subpackages
* 
https://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html#tagletpath

> Ability to split grouped packages over multiple lines
> -
>
> Key: MJAVADOC-814
> URL: https://issues.apache.org/jira/browse/MJAVADOC-814
> Project: Maven Javadoc Plugin
>  Issue Type: New Feature
>  Components: javadoc
>Affects Versions: 3.10.0
>Reporter: Richard Eckart de Castilho
>Priority: Major
>
> When configuring groups, the packages in the group need to be written on a 
> single line separated with colons.
> {noformat}
> 
>   
> Core
> 
>   org.apache.uima.analysis_component:org.apache.uima.analysis_engine
> 
>   
> 
> {noformat}
> If there are many packages that can not easily be captured using a prefix 
> pattern, this yields a very long line.
> It would be greate if one could split the packages over multiple lines such as
> {noformat}
> 
>   
> Core
> 
>   org.apache.uima.analysis_component:
>   org.apache.uima.analysis_engine
> 
>   
> 
> {noformat}
> The code internally already calls 
> {{org.apache.maven.plugins.javadoc.JavadocUtil.quotedArgument(String)}} to 
> sanitze the line breaks away, but it seems the whitespace still breaks it and 
> javadoc tool in the end only recognizes the first package in the multi-line 
> group. 
> Even nicer may be.
> {noformat}
> 
>   
> Core
> 
>   org.apache.uima.analysis_component
>   org.apache.uima.analysis_engine
> 
>   
> 
> {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MNG-8258] activate Reproducible Builds by default [maven]

desruisseaux commented on PR #1726:
URL: https://github.com/apache/maven/pull/1726#issuecomment-2373989219

> Having the binaries being stable allows some optimisation in the build
downstream. I'd really like to keep that. This allows the compiler to skip as
the input and dependencies have not changed, same for resources, which cascades
to the entire build. If the generated jar for a dependency is changed (with a
different timestamp in the zip), the compiler needs to recompile for example.

I agree with this goal, but I don't think that we need reproducible build
for that. By default, `javac --module` recompiles only the Java source files
that are newer than the corresponding `.class` files
([source](https://docs.oracle.com/en/java/javase/23/docs/specs/man/javac.html#option-module)).
Maven compiler plugin goes a bit further by caching a list of files compiled
in the previous build. We discussed a few months ago on the mailing list about
a mechanism for allowing the compiler plugin to tell other plugins that it
found no change. If the JAR plugin knows that all previous plugins did nothing,
it can do nothing too. The JAR file would be unchanged, allowing the rest of
the build chain to know that nothing changed.

Relying on reproducible build for avoiding unnecessary recomputation is
useful only if the previous step has already done unnecessary recomputation
anyway, since it rewrote an identical JAR file. So the goal have been
half-missed, and would be more efficiently achieved by the approach proposed in
the previous paragraph.

--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MNG-8258) activate Reproducible Builds by default

2024-09-25 Thread Guillaume Nodet (Jira)



[ 
https://issues.apache.org/jira/browse/MNG-8258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884604#comment-17884604
 ] 

Guillaume Nodet commented on MNG-8258:
--

Would it be possible to get the warning from Maven instead of having to run a 
plugin to find that ?

> activate Reproducible Builds by default
> ---
>
> Key: MNG-8258
> URL: https://issues.apache.org/jira/browse/MNG-8258
> Project: Maven
>  Issue Type: New Feature
>  Components: Core
>Affects Versions: 3.9.9, 4.0.0-beta-4
>Reporter: Herve Boutemy
>Priority: Major
> Fix For: 4.0.0-beta-5
>
>
> Reproducible Builds is a good practice that is easy to enable: it would be 
> nice to enable it by default, and have projects disable it of they really 
> have a problem with the default bahaviour
> result can be checked by running {{mvn artifact:check-buildplan}} on a 
> minimal pom.xml:
> - before: {{[ERROR] Reproducible Build not activated by 
> project.build.outputTimestamp property: see 
> https://maven.apache.org/guides/mini/guide-reproducible-builds.html}}
> - after: {{[WARNING]  property is inherited, 
> it should be defined in pom.xml}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (MNG-5862) POM XML parser needs XInclude and/or XML Entity support

2024-09-25 Thread Guillaume Nodet (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-5862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Guillaume Nodet closed MNG-5862.

Resolution: Fixed

> POM XML parser needs XInclude and/or XML Entity support
> ---
>
> Key: MNG-5862
> URL: https://issues.apache.org/jira/browse/MNG-5862
> Project: Maven
>  Issue Type: New Feature
>  Components: POM
>Reporter: Jason Vas Dias
>Assignee: Guillaume Nodet
>Priority: Major
>
> POM XML files can get very large and repetitive ,  and not all modularizaton 
> scenarios can be resolved by using a Super POM as described in MNG-1980 ,
> and would be easily resolved if only the POM parser supported XIncludes or
> XML Entities - neither are supported. 
> Here is one such scenario:
> I have a large project that has several SureFire plugin based "Test Suites" -
> each test suite uses a "common-at-classes" module of common test classes,
> and is essentially identical except in its XML configuration "test resource"  
> files
>  - so the structure is like this :
> {quote}
> {noformat}
>  Top Level project directory:
>./pom.xml
>./acceptance-tests/pom.xml
>./acceptance-tests/common-at-classes/pom.xml
>./acceptance-tests/test-suite_#1/pom.xml
>...
>./acceptance-tests/test-suite_#N/pom.xml
> {noformat}
> {quote}
> There are @ 10 ( being upgraded to @ 20)  "test suites", 
> which all do exactly the same thing, but with slightly
> different "test resource" configuration files,  
> and depend on the 'acceptance-tests/common-at-classes" JAR .
> We can modularize all the test-suite dependencies OK in the single
> common-at-classes/pom.xml location .
> But their is no way to modularize the actual XML code that runs each
> test-suite with plugin executions - these plugin execution stanzas can 
> currently ONLY
> be in each test-suite#N directory, even though they are identical.
> It would make no sense to have the "Super POM" : acceptance-tests/pom.xml 
> contain the plugin executions to run any single test  suite ;  nor can the 
> common-at-classes/pom.xml contain the plugin execution to run any 
> test suite, since a test suite run depends on the customized test resource
> files that only exist in each "test_suite#N/" sub-project .  
> So the only solution currently available with Maven is to copy the XML stanzas
> that configure and run the test suite ( about 400 lines of XML )  into each of
> the 10-20 test-suite/pom.xml files ; this is all because Maven does not 
> support 
> XML XInclude or XML Entities; if it did, we could put all this code into one 
> XML 
> file provided by the common-at-classes project, and include it in each test 
> suite .
> The test suite XML is then a nightmare to maintain, consistently for all test 
> suites.
> This is becoming such a problem that I am considering making the root project
> POM do nothing more than transform the test-suite poms with XML XInclude-s
> (using an external XML processor), creating a new copy of the whole project,
>  and then run an exec plugin goal which runs maven with the transformed POMs.
> Please, please can we have some form of XInclude or XML Entity support , or 
> support for an "" element, in the POM parser !



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MNG-5862) POM XML parser needs XInclude and/or XML Entity support

2024-09-25 Thread Guillaume Nodet (Jira)



[ 
https://issues.apache.org/jira/browse/MNG-5862?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884605#comment-17884605
 ] 

Guillaume Nodet commented on MNG-5862:
--

See 
https://github.com/apache/maven-xinclude-extension/

> POM XML parser needs XInclude and/or XML Entity support
> ---
>
> Key: MNG-5862
> URL: https://issues.apache.org/jira/browse/MNG-5862
> Project: Maven
>  Issue Type: New Feature
>  Components: POM
>Reporter: Jason Vas Dias
>Assignee: Guillaume Nodet
>Priority: Major
>
> POM XML files can get very large and repetitive ,  and not all modularizaton 
> scenarios can be resolved by using a Super POM as described in MNG-1980 ,
> and would be easily resolved if only the POM parser supported XIncludes or
> XML Entities - neither are supported. 
> Here is one such scenario:
> I have a large project that has several SureFire plugin based "Test Suites" -
> each test suite uses a "common-at-classes" module of common test classes,
> and is essentially identical except in its XML configuration "test resource"  
> files
>  - so the structure is like this :
> {quote}
> {noformat}
>  Top Level project directory:
>./pom.xml
>./acceptance-tests/pom.xml
>./acceptance-tests/common-at-classes/pom.xml
>./acceptance-tests/test-suite_#1/pom.xml
>...
>./acceptance-tests/test-suite_#N/pom.xml
> {noformat}
> {quote}
> There are @ 10 ( being upgraded to @ 20)  "test suites", 
> which all do exactly the same thing, but with slightly
> different "test resource" configuration files,  
> and depend on the 'acceptance-tests/common-at-classes" JAR .
> We can modularize all the test-suite dependencies OK in the single
> common-at-classes/pom.xml location .
> But their is no way to modularize the actual XML code that runs each
> test-suite with plugin executions - these plugin execution stanzas can 
> currently ONLY
> be in each test-suite#N directory, even though they are identical.
> It would make no sense to have the "Super POM" : acceptance-tests/pom.xml 
> contain the plugin executions to run any single test  suite ;  nor can the 
> common-at-classes/pom.xml contain the plugin execution to run any 
> test suite, since a test suite run depends on the customized test resource
> files that only exist in each "test_suite#N/" sub-project .  
> So the only solution currently available with Maven is to copy the XML stanzas
> that configure and run the test suite ( about 400 lines of XML )  into each of
> the 10-20 test-suite/pom.xml files ; this is all because Maven does not 
> support 
> XML XInclude or XML Entities; if it did, we could put all this code into one 
> XML 
> file provided by the common-at-classes project, and include it in each test 
> suite .
> The test suite XML is then a nightmare to maintain, consistently for all test 
> suites.
> This is becoming such a problem that I am considering making the root project
> POM do nothing more than transform the test-suite poms with XML XInclude-s
> (using an external XML processor), creating a new copy of the whole project,
>  and then run an exec plugin goal which runs maven with the transformed POMs.
> Please, please can we have some form of XInclude or XML Entity support , or 
> support for an "" element, in the POM parser !



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[PR] Bump net.bytebuddy:byte-buddy from 1.14.18 to 1.15.2 [maven-plugin-tools]

dependabot[bot] opened a new pull request, #328:
URL: https://github.com/apache/maven-plugin-tools/pull/328

Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from
1.14.18 to 1.15.2.

Release notes
Sourced from https://github.com/raphw/byte-buddy/releases";>net.bytebuddy:byte-buddy's
releases.

Byte Buddy 1.15.1

Revert default EntryPoint for Android Gradle plugin to use
DECORATE unless explicitly specified due to many generic type
errors in Kotlin classes.

Byte Buddy 1.15.0

Introduce AsmClassWriter and AsmClassReader
abstractions that allow for plugging different implementations of readers and
writers.
Add configuration extension to the Android Gradle plugin and make it
behave like regular Gradle plugin with standard configuration.
Throw TypeNotPresentException upon discovering undeclared
type variables as it was recently fixed on the JVM.

byte-buddy-1.14.19

Add Maven Mojo for transforming jars and for transforming dependencies
folder.
Better error handling for unresolved type variables.
Allow loading arguments of the instrumented method in
MemberSubstitution.
Fix checks for method visibility.

Changelog
Sourced from https://github.com/raphw/byte-buddy/blob/master/release-notes.md";>net.bytebuddy:byte-buddy's
changelog.

Byte Buddy release notes
29. August 2024: version 1.15.1

Revert default EntryPoint for Android Gradle plugin to use
DECORATE unless explicitly specified due to many generic type
errors in Kotlin classes.

23. August 2024: version 1.15.0

16. August 2024: version 1.14.19

Commits

https://github.com/raphw/byte-buddy/commit/02f64db234a6463255119061ac04fa13abf9aeeb";>02f64db
[maven-release-plugin] prepare release byte-buddy-1.15.2
https://github.com/raphw/byte-buddy/commit/3bca38815196a66d93f1345b998529825070ae0b";>3bca388
[release] Release new version
https://github.com/raphw/byte-buddy/commit/ceca355d9dc1c70190f0181806ebc5c5fc11917b";>ceca355
Do not use seperator char.
https://github.com/raphw/byte-buddy/commit/0248218c3c98b21634d4e3a3c4213b81153fa097";>0248218
Remove unused method.
https://github.com/raphw/byte-buddy/commit/27e12fea4bfd88ed877fd85fec6ec00f0669760a";>27e12fe
Adjust signature.
https://github.com/raphw/byte-buddy/commit/cdbe5ec30ba97ce1e4adab789a70e560fe034838";>cdbe5ec
Add type witnesses.
https://github.com/raphw/byte-buddy/commit/642ea4f1b6870f6604bf56269c4705d9da46444e";>642ea4f
Clean up.
https://github.com/raphw/byte-buddy/commit/94ee0ce67f3a7fc28b2126e6ee8099d5742ba3be";>94ee0ce
Add suppression annotation.
https://github.com/raphw/byte-buddy/commit/27d4c5e98664c8196ed6a45794cce83a87fc2a25";>27d4c5e
Improve in-memory source for build plugin.
https://github.com/raphw/byte-buddy/commit/40707d8a0c03f61b24b22c906f6001ba66ed29d4";>40707d8
Avoid diamond operator.
Additional commits viewable in https://github.com/raphw/byte-buddy/compare/byte-buddy-1.14.18...byte-buddy-1.15.2";>compare
view

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=net.bytebuddy:byte-buddy&package-manager=maven&previous-version=1.14.18&new-version=1.15.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that
have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and
block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and

Re: [PR] Bump net.bytebuddy:byte-buddy from 1.14.18 to 1.15.1 [maven-plugin-tools]



dependabot[bot] commented on PR #325:
URL: 
https://github.com/apache/maven-plugin-tools/pull/325#issuecomment-2374073712

   Superseded by #328.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump net.bytebuddy:byte-buddy from 1.14.18 to 1.15.1 [maven-plugin-tools]



dependabot[bot] closed pull request #325: Bump net.bytebuddy:byte-buddy from 
1.14.18 to 1.15.1
URL: https://github.com/apache/maven-plugin-tools/pull/325


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump org.junit:junit-bom from 5.10.2 to 5.11.1 [maven-antrun-plugin]



dependabot[bot] opened a new pull request, #104:
URL: https://github.com/apache/maven-antrun-plugin/pull/104

   Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 
5.10.2 to 5.11.1.
   
   Release notes
   Sourced from https://github.com/junit-team/junit5/releases";>org.junit:junit-bom's 
releases.
   
   JUnit 5.11.1 = Platform 1.11.1 + Jupiter 5.11.1 + Vintage 5.11.1
   See http://junit.org/junit5/docs/5.11.1/release-notes/";>Release 
Notes.
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1";>https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1
   JUnit 5.11.0 = Platform 1.11.0 + Jupiter 5.11.0 + Vintage 5.11.0
   See http://junit.org/junit5/docs/5.11.0/release-notes/";>Release 
Notes.
   New Contributors
   
   https://github.com/pshevche";>@pshevche made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3427";>junit-team/junit5#3427
   https://github.com/rybak";>@rybak made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3416";>junit-team/junit5#3416
   https://github.com/pixeebot";>@pixeebot made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3491";>junit-team/junit5#3491
   https://github.com/shartte";>@shartte made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3562";>junit-team/junit5#3562
   https://github.com/eliasnogueira";>@eliasnogueira made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3674";>junit-team/junit5#3674
   https://github.com/bigdaz";>@bigdaz made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3668";>junit-team/junit5#3668
   https://github.com/gilday";>@gilday made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3667";>junit-team/junit5#3667
   https://github.com/bjmi";>@bjmi made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3806";>junit-team/junit5#3806
   https://github.com/madalingiurca";>@madalingiurca made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3787";>junit-team/junit5#3787
   https://github.com/dmlloyd";>@dmlloyd made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3820";>junit-team/junit5#3820
   https://github.com/compf";>@compf made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3867";>junit-team/junit5#3867
   https://github.com/SveinKare";>@SveinKare made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3840";>junit-team/junit5#3840
   https://github.com/mobounya";>@mobounya made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3720";>junit-team/junit5#3720
   https://github.com/robinjhector";>@robinjhector made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3345";>junit-team/junit5#3345
   https://github.com/jabhatfield";>@jabhatfield 
made their first contribution in https://redirect.github.com/junit-team/junit5/pull/3829";>junit-team/junit5#3829
   https://github.com/rfscholte";>@rfscholte made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3909";>junit-team/junit5#3909
   
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.10.3...r5.11.0";>https://github.com/junit-team/junit5/compare/r5.10.3...r5.11.0
   JUnit 5.11.0-RC1 = Platform 1.11.0-RC1 + Jupiter 5.11.0-RC1 + Vintage 
5.11.0-RC1
   See http://junit.org/junit5/docs/5.11.0-RC1/release-notes/";>Release 
Notes.
   New Contributors
   
   https://github.com/compf";>@compf made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3867";>junit-team/junit5#3867
   https://github.com/SveinKare";>@SveinKare made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3840";>junit-team/junit5#3840
   https://github.com/mobounya";>@mobounya made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3720";>junit-team/junit5#3720
   https://github.com/robinjhector";>@robinjhector made 
their first contribution in https://redirect.github.com/junit-team/junit5/pull/3345";>junit-team/junit5#3345
   https://github.com/jabhatfield";>@jabhatfield 
made their first contribution in https://redirect.github.com/junit-team/junit5/pull/3829";>junit-team/junit5#3829
   
   Full Changelog: https://github.com/junit-team/junit5/compare/r5.11.0-M2...r5.11.0-RC1";>https://github.com/junit-team/junit5/compare/r5.11.0-M2...r5.11.0-RC1
   JUnit 5.11.0-M2 = Platform 1.11.0-M2 + Jupiter 5.11.0-M2 + Vintage 
5.11.0-M2
   See http://junit.org/junit5/docs/5.11.0-M2/release-notes/";>Release 
Notes.
   New Contributors
   
   https://github.com/bjmi";>@bjmi made their 
first contribution in https://redirect.github.com/junit-team/junit5/pull/3806";>junit-team/junit5#3806
   https://github.

Re: [PR] Bump org.junit:junit-bom from 5.10.2 to 5.11.0 [maven-antrun-plugin]



dependabot[bot] commented on PR #102:
URL: 
https://github.com/apache/maven-antrun-plugin/pull/102#issuecomment-2374098014

   Superseded by #104.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump org.junit:junit-bom from 5.10.2 to 5.11.0 [maven-antrun-plugin]



dependabot[bot] closed pull request #102: Bump org.junit:junit-bom from 5.10.2 
to 5.11.0
URL: https://github.com/apache/maven-antrun-plugin/pull/102


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MJAVADOC-815) Aggregate goal misses skipped reactor modules when resuming build



[ 
https://issues.apache.org/jira/browse/MJAVADOC-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884569#comment-17884569
 ] 

Michael Osipov commented on MJAVADOC-815:
-

I wonder whether this is a plugin issue or rather a Maven Core issue. 
[~gnodet], [~mthmulders], [~cstamas], WDYT?

> Aggregate goal misses skipped reactor modules when resuming build
> -
>
> Key: MJAVADOC-815
> URL: https://issues.apache.org/jira/browse/MJAVADOC-815
> Project: Maven Javadoc Plugin
>  Issue Type: Bug
>Affects Versions: 3.10.0
>Reporter: Richard Eckart de Castilho
>Priority: Major
>
> When resuming a build using {{-rf}}, then the {{javadoc:aggregate}} goal is 
> not injected with the reactor modules that are skipped (are before the module 
> being resumed from). 
> That means the JavaDoc for those skipped modules is not included in the 
> aggregate.
> I can imagine that to happen when I build using {{-pl}} to build individual 
> modules, but if I resume, I would expect all the reactor modules that have 
> already been covered and are being resumed over to be part of the reactor 
> modules that are provided to the javadoc plugin.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] Bump Maven 4 from 4.0.0-beta-3 ot 4.0.0-beta-4 [maven-gh-actions-shared]