Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on code in PR #2322: URL: https://github.com/apache/maven/pull/2322#discussion_r2084060246 ## pom.xml: ## @@ -796,9 +796,60 @@ under the License. + + org.openrewrite.maven + rewrite-maven-plugin + 6.8.0 + + + + + + + + + + + + + + + Review Comment: - https://github.com/apache/maven/pull/2317 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-8642) Provide the needed infrastructure to write plugins
[ https://issues.apache.org/jira/browse/MNG-8642?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17950853#comment-17950853 ] Guillaume Nodet commented on MNG-8642: -- I think those are new classes for plugins targeting the new API only, so I'm not sure we need to deprecate the ones in maven-plugin-testing. It's more about properly documenting how to use the new classes when writing new plugins. > Provide the needed infrastructure to write plugins > -- > > Key: MNG-8642 > URL: https://issues.apache.org/jira/browse/MNG-8642 > Project: Maven > Issue Type: Task >Reporter: Guillaume Nodet >Assignee: Guillaume Nodet >Priority: Major > Fix For: 4.0.0-rc-4 > > > In order to simplify plugin developers life, I think we should provide a BOM > containing the dependencies needed to write a plugin. > Until we have mixins available, the only way is to provide a BOM. > The maven-plugin-testing is a very important component to use when writing > plugins, and it needs to be part of that BOM, so I think it should be moved > inside maven core project along the API. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on code in PR #2322: URL: https://github.com/apache/maven/pull/2322#discussion_r2084070185 ## pom.xml: ## @@ -796,9 +796,60 @@ under the License. + + org.openrewrite.maven + rewrite-maven-plugin + 6.8.0 + + + + + + + + + + + + + + + + org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods + +true +true + + Review Comment: need suppression to be exact not broad. @timtebeek -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on code in PR #2322: URL: https://github.com/apache/maven/pull/2322#discussion_r2084092664 ## pom.xml: ## @@ -796,9 +796,60 @@ under the License. + + org.openrewrite.maven + rewrite-maven-plugin + 6.8.0 + + + + + + + + + + + + + + + + org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods + +true +true + + Review Comment: its not working neither: [WARNING] The recipe produced 17 warning(s). Please report this to the recipe author. [WARNING] These recipes would make changes to src/mdo/java/WrapperProperties.java: [WARNING] org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods [WARNING] These recipes would make changes to src/mdo/java/WrapperList.java: [WARNING] org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [SCM-1028] Fix clear password logging vulnerability [maven-scm]
asf-gitbox-commits closed pull request #237: [SCM-1028] Fix clear password logging vulnerability URL: https://github.com/apache/maven-scm/pull/237 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (SCM-1028) Vulnerability: Clear text password is logged by JGit provider and by gitexe remoteinfo on a ls-remote failure
[
https://issues.apache.org/jira/browse/SCM-1028?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov closed SCM-1028.
---
Resolution: Fixed
Fixed with
[8b44e4f6745e7bd677428be093921267317b8fe8|https://gitbox.apache.org/repos/asf?p=maven-scm.git;a=commit;h=8b44e4f6745e7bd677428be093921267317b8fe8].
> Vulnerability: Clear text password is logged by JGit provider and by gitexe
> remoteinfo on a ls-remote failure
> -
>
> Key: SCM-1028
> URL: https://issues.apache.org/jira/browse/SCM-1028
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-gitexe, maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Critical
> Labels: vulnerability
> Fix For: 2.2.0
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> *Issue(s):*
> # {*}JGit provider{*}: If the git password contains special characters which
> are differently encoded by the {{URI class}} than {{{}by
> URLEncode.encode{}}}, then the password masking does not become effective and
> the password is logged in clear URI encoded format by the jgit provider.
> # {*}Gitexe remoteinfo{*}: In case ls-remote is failing, then a
> {{ScmException}} is being thrown with the fetch URL passed as error message
> containing the URI encoded clear password.
> *Root cause(s):*
> # The URL encoding used for the credentials within fetch and push URL
> differs from the encoding being used for masking the password at
> [JGitUtils.prepareSession(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/src/main/java/org/apache/maven/scm/provider/git/jgit/command/JGitUtils.java#L149]
> # Password is not masked for the exception message passed to the
> ScmException used at
> [GitRemoteInfoCommand.executeRemoteInfoCommand(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/remoteinfo/GitRemoteInfoCommand.java#L59]
> *Solution:*
> [PR #237|https://github.com/apache/maven-scm/pull/237]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SCM-1028) Vulnerability: Clear text password is logged by JGit provider and by gitexe remoteinfo on a ls-remote failure
[
https://issues.apache.org/jira/browse/SCM-1028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17950856#comment-17950856
]
ASF GitHub Bot commented on SCM-1028:
-
asf-gitbox-commits closed pull request #237: [SCM-1028] Fix clear password
logging vulnerability
URL: https://github.com/apache/maven-scm/pull/237
> Vulnerability: Clear text password is logged by JGit provider and by gitexe
> remoteinfo on a ls-remote failure
> -
>
> Key: SCM-1028
> URL: https://issues.apache.org/jira/browse/SCM-1028
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-gitexe, maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Critical
> Labels: vulnerability
> Fix For: 2.2.0
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> *Issue(s):*
> # {*}JGit provider{*}: If the git password contains special characters which
> are differently encoded by the {{URI class}} than {{{}by
> URLEncode.encode{}}}, then the password masking does not become effective and
> the password is logged in clear URI encoded format by the jgit provider.
> # {*}Gitexe remoteinfo{*}: In case ls-remote is failing, then a
> {{ScmException}} is being thrown with the fetch URL passed as error message
> containing the URI encoded clear password.
> *Root cause(s):*
> # The URL encoding used for the credentials within fetch and push URL
> differs from the encoding being used for masking the password at
> [JGitUtils.prepareSession(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/src/main/java/org/apache/maven/scm/provider/git/jgit/command/JGitUtils.java#L149]
> # Password is not masked for the exception message passed to the
> ScmException used at
> [GitRemoteInfoCommand.executeRemoteInfoCommand(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/remoteinfo/GitRemoteInfoCommand.java#L59]
> *Solution:*
> [PR #237|https://github.com/apache/maven-scm/pull/237]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (SCM-1029) JGit performing empty commit on CheckIn command if includes or excludes fileset is defined but no files changed in it
[
https://issues.apache.org/jira/browse/SCM-1029?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov reassigned SCM-1029:
---
Assignee: Michael Osipov
> JGit performing empty commit on CheckIn command if includes or excludes
> fileset is defined but no files changed in it
> -
>
> Key: SCM-1029
> URL: https://issues.apache.org/jira/browse/SCM-1029
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Major
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> *Issue*
> If includes and/or excludes config is defined, then JGit checkIn is
> performing empty commits if no changes are applied to the effective fileset
> content BUT other files are changed that are NOT within the effective scope
> of the includes or excludes related fileset.
>
> *Root cause*
> Method *JGitCheckInCommand.executeCheckInCommand* is using
> git.status().call().{*}hasUncommittedChanges(){*} if there is nothing to
> commit returned by *JGitUtils.addAllFiles(git, fileSet).*
> Since git.status().call().{*}hasUncommittedChanges(){*} returns the state of
> any file within the working tree of the repo, this will set *doCommit* true
> even in case there is no file changed or added in scope of the includes /
> excludes effective fileset.
>
> *Solution*
> Use OR condition of:
> - status.getAdded().size() > 0
> - status.getChanged().size() > 0
> - status.getRemoved() > 0
> instead of status.hasUncommittedChanges() if an includes / excludes FileSet
> is specified.
> [PR #238|https://github.com/apache/maven-scm/pull/238]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (SCM-1029) JGit performing empty commit on CheckIn command if includes or excludes fileset is defined but no files changed in it
[
https://issues.apache.org/jira/browse/SCM-1029?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov updated SCM-1029:
Fix Version/s: 2.2.0
> JGit performing empty commit on CheckIn command if includes or excludes
> fileset is defined but no files changed in it
> -
>
> Key: SCM-1029
> URL: https://issues.apache.org/jira/browse/SCM-1029
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Major
> Fix For: 2.2.0
>
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> *Issue*
> If includes and/or excludes config is defined, then JGit checkIn is
> performing empty commits if no changes are applied to the effective fileset
> content BUT other files are changed that are NOT within the effective scope
> of the includes or excludes related fileset.
>
> *Root cause*
> Method *JGitCheckInCommand.executeCheckInCommand* is using
> git.status().call().{*}hasUncommittedChanges(){*} if there is nothing to
> commit returned by *JGitUtils.addAllFiles(git, fileSet).*
> Since git.status().call().{*}hasUncommittedChanges(){*} returns the state of
> any file within the working tree of the repo, this will set *doCommit* true
> even in case there is no file changed or added in scope of the includes /
> excludes effective fileset.
>
> *Solution*
> Use OR condition of:
> - status.getAdded().size() > 0
> - status.getChanged().size() > 0
> - status.getRemoved() > 0
> instead of status.hasUncommittedChanges() if an includes / excludes FileSet
> is specified.
> [PR #238|https://github.com/apache/maven-scm/pull/238]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [MNG-8686] Add `SourceRoot.matcher(boolean)` method [maven]
Pankraz76 commented on PR #2236: URL: https://github.com/apache/maven/pull/2236#issuecomment-2871372328 this could not compile with help of https://docs.openrewrite.org/recipes/staticanalysis/finalizemethodarguments -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on code in PR #2322: URL: https://github.com/apache/maven/pull/2322#discussion_r2084077229 ## pom.xml: ## @@ -796,9 +796,60 @@ under the License. + + org.openrewrite.maven + rewrite-maven-plugin + 6.8.0 + + + + + + + + + + + + + + + + org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods + +true +true + + + src/mdo/java/WrapperList.java + src/mdo/java/WrapperProperties.java + + + + + org.openrewrite.recipe + rewrite-static-analysis + 2.9.0 + + + + + rewrite-maven-plugin + +dryRun + + verify + + + + + +org.openrewrite.maven +rewrite-maven-plugin + Review Comment: its only active on `clean install` when here, why so? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on code in PR #2322: URL: https://github.com/apache/maven/pull/2322#discussion_r2084080484 ## pom.xml: ## @@ -796,9 +796,60 @@ under the License. + + org.openrewrite.maven + rewrite-maven-plugin + 6.8.0 + + + + + + + + + + + + + + + + org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods + +true +true Review Comment: how did we not find this ourselves @timtebeek ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on code in PR #2322: URL: https://github.com/apache/maven/pull/2322#discussion_r2084070185 ## pom.xml: ## @@ -796,9 +796,60 @@ under the License. + + org.openrewrite.maven + rewrite-maven-plugin + 6.8.0 + + + + + + + + + + + + + + + + org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods + +true +true + + Review Comment: need suppression to be exact not broad. @timtebeek LOC and class option -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (SCM-1028) Vulnerability: Clear text password is logged by JGit provider and by gitexe remoteinfo on a ls-remote failure
[
https://issues.apache.org/jira/browse/SCM-1028?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov updated SCM-1028:
Labels: vulnerability (was: Vulnerability vulnerabilities vulnerability)
> Vulnerability: Clear text password is logged by JGit provider and by gitexe
> remoteinfo on a ls-remote failure
> -
>
> Key: SCM-1028
> URL: https://issues.apache.org/jira/browse/SCM-1028
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-gitexe, maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Critical
> Labels: vulnerability
> Fix For: 2.2.0
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> *Issue(s):*
> # {*}JGit provider{*}: If the git password contains special characters which
> are differently encoded by the {{URI class}} than {{{}by
> URLEncode.encode{}}}, then the password masking does not become effective and
> the password is logged in clear URI encoded format by the jgit provider.
> # {*}Gitexe remoteinfo{*}: In case ls-remote is failing, then a
> {{ScmException}} is being thrown with the fetch URL passed as error message
> containing the URI encoded clear password.
> *Root cause(s):*
> # The URL encoding used for the credentials within fetch and push URL
> differs from the encoding being used for masking the password at
> [JGitUtils.prepareSession(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/src/main/java/org/apache/maven/scm/provider/git/jgit/command/JGitUtils.java#L149]
> # Password is not masked for the exception message passed to the
> ScmException used at
> [GitRemoteInfoCommand.executeRemoteInfoCommand(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/remoteinfo/GitRemoteInfoCommand.java#L59]
> *Solution:*
> [PR #237|https://github.com/apache/maven-scm/pull/237]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [MNG-8686] Add `SourceRoot.matcher(boolean)` method [maven]
Pankraz76 commented on PR #2236: URL: https://github.com/apache/maven/pull/2236#issuecomment-2871407397 rewrite would make the boilerplate way i would prefer silent PMD. https://adabeat.com/fp/immutability-in-functional-programming/ We make everywhere boilerplate to throw NPE ourselfs. This would really help to make thinks more robust. immutability is/should be the default case. Kotlin is all about being final and avoiding silly NPE. Thats why we want to live in final existence. Trying to reach invinity. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on code in PR #2322: URL: https://github.com/apache/maven/pull/2322#discussion_r2084111582 ## pom.xml: ## @@ -796,9 +796,68 @@ under the License. + + org.openrewrite.maven + rewrite-maven-plugin + 6.8.0 + + + + + + + + + + + + + + Review Comment: `smell` never reassign params as we live in final land. give dedication method and apply functional programming. https://pmd.github.io/pmd/pmd_rules_java_bestpractices.html#avoidreassigningparameters rewrite would make the boilerplate way i would prefer silent PMD. https://adabeat.com/fp/immutability-in-functional-programming/ We make everywhere boilerplate to throw NPE ourselfs. This would really help to make thinks more robust. immutability is/should be the default case. Kotlin is all about being final and avoiding silly NPE. Thats why we want to live in final existence. Trying to reach invinity. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on code in PR #2322: URL: https://github.com/apache/maven/pull/2322#discussion_r2084111582 ## pom.xml: ## @@ -796,9 +796,68 @@ under the License. + + org.openrewrite.maven + rewrite-maven-plugin + 6.8.0 + + + + + + + + + + + + + + Review Comment: https://pmd.github.io/pmd/pmd_rules_java_bestpractices.html#avoidreassigningparameters rewrite would make the boilerplate way cluttering `final` would prefer silent PMD. https://adabeat.com/fp/immutability-in-functional-programming/ We make everywhere boilerplate to throw NPE ourselfs. This would really help to make thinks more robust. immutability is/should be the default case. Kotlin is all about being final and avoiding silly NPE. Thats why we want to live in final existence. Trying to reach invinity. https://github.com/apache/maven/pull/2236/files#r2083631201 `smell` never reassign params as we live in final land. give dedication method and apply functional programming. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on code in PR #2322: URL: https://github.com/apache/maven/pull/2322#discussion_r2084111582 ## pom.xml: ## @@ -796,9 +796,68 @@ under the License. + + org.openrewrite.maven + rewrite-maven-plugin + 6.8.0 + + + + + + + + + + + + + + Review Comment: https://pmd.github.io/pmd/pmd_rules_java_bestpractices.html#avoidreassigningparameters rewrite would make the boilerplate way i would prefer silent PMD. https://adabeat.com/fp/immutability-in-functional-programming/ We make everywhere boilerplate to throw NPE ourselfs. This would really help to make thinks more robust. immutability is/should be the default case. Kotlin is all about being final and avoiding silly NPE. Thats why we want to live in final existence. Trying to reach invinity. https://github.com/apache/maven/pull/2236/files#r2083631201 `smell` never reassign params as we live in final land. give dedication method and apply functional programming. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (SCM-1029) JGit performing empty commit on CheckIn command if includes or excludes fileset is defined but no files changed in it
[
https://issues.apache.org/jira/browse/SCM-1029?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov closed SCM-1029.
---
Resolution: Fixed
Fixed with
[c4bbee338746f1979e13c8266c689db2c0ad6bd1|https://gitbox.apache.org/repos/asf?p=maven-scm.git;a=commit;h=c4bbee338746f1979e13c8266c689db2c0ad6bd1].
> JGit performing empty commit on CheckIn command if includes or excludes
> fileset is defined but no files changed in it
> -
>
> Key: SCM-1029
> URL: https://issues.apache.org/jira/browse/SCM-1029
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Major
> Fix For: 2.2.0
>
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> *Issue*
> If includes and/or excludes config is defined, then JGit checkIn is
> performing empty commits if no changes are applied to the effective fileset
> content BUT other files are changed that are NOT within the effective scope
> of the includes or excludes related fileset.
>
> *Root cause*
> Method *JGitCheckInCommand.executeCheckInCommand* is using
> git.status().call().{*}hasUncommittedChanges(){*} if there is nothing to
> commit returned by *JGitUtils.addAllFiles(git, fileSet).*
> Since git.status().call().{*}hasUncommittedChanges(){*} returns the state of
> any file within the working tree of the repo, this will set *doCommit* true
> even in case there is no file changed or added in scope of the includes /
> excludes effective fileset.
>
> *Solution*
> Use OR condition of:
> - status.getAdded().size() > 0
> - status.getChanged().size() > 0
> - status.getRemoved() > 0
> instead of status.hasUncommittedChanges() if an includes / excludes FileSet
> is specified.
> [PR #238|https://github.com/apache/maven-scm/pull/238]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (MNG-8726) Bump jlineVersion from 3.29.0 to 3.30.0
Tamas Cservenak created MNG-8726: Summary: Bump jlineVersion from 3.29.0 to 3.30.0 Key: MNG-8726 URL: https://issues.apache.org/jira/browse/MNG-8726 Project: Maven Issue Type: Dependency upgrade Components: Dependencies Reporter: Tamas Cservenak Fix For: 4.0.0-rc-4 -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Bump jlineVersion from 3.29.0 to 3.30.0 [maven]
cstamas commented on PR #2324: URL: https://github.com/apache/maven/pull/2324#issuecomment-2871717690 Superseded by https://github.com/apache/maven/pull/2325 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [SCM-1028] Fix clear password logging vulnerability [maven-scm]
slawekjaranowski commented on PR #237: URL: https://github.com/apache/maven-scm/pull/237#issuecomment-2871723035 @michael-o - Please take account that PR with status 'closed' will be not reported by release drafter. So we will not have it in release notes. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `editorconfig-maven-plugin`: implement IDE agnostic configuration [maven]
Pankraz76 commented on code in PR #2321: URL: https://github.com/apache/maven/pull/2321#discussion_r2083960846 ## .editorconfig: ## @@ -0,0 +1,33 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +root = true + +[*] +charset = utf-8 +end_of_line = lf Review Comment: could merge without this. Try activating, then you see much files broken. preventing more. ATM dev setup seems broken, as not configured properly: https://dev.to/kevinshu/git-and-normalization-of-line-endings-228j ```suggestion #end_of_line = lf ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `editorconfig-maven-plugin`: implement IDE agnostic configuration [maven]
slawekjaranowski commented on code in PR #2321: URL: https://github.com/apache/maven/pull/2321#discussion_r2083968123 ## .editorconfig: ## @@ -0,0 +1,33 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +root = true + +[*] +charset = utf-8 +end_of_line = lf +indent_style = space +insert_final_newline = true + +[*.java] +ij_continuation_indent_size = 4 +ij_java_class_count_to_use_import_on_demand = 999 +ij_java_names_count_to_use_import_on_demand = 999 Review Comment: imports with asterix are forbidden be checkstyle -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Update site descriptor [maven-archetype]
slawekjaranowski merged PR #269: URL: https://github.com/apache/maven-archetype/pull/269 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Update site descriptor [maven-changes-plugin]
slawekjaranowski merged PR #129: URL: https://github.com/apache/maven-changes-plugin/pull/129 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `editorconfig-maven-plugin`: implement IDE agnostic configuration [maven]
Pankraz76 commented on code in PR #2321: URL: https://github.com/apache/maven/pull/2321#discussion_r2083997501 ## .editorconfig: ## @@ -0,0 +1,33 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +root = true + +[*] +charset = utf-8 +end_of_line = lf +indent_style = space +insert_final_newline = true + +[*.java] +ij_continuation_indent_size = 4 +ij_java_class_count_to_use_import_on_demand = 999 +ij_java_names_count_to_use_import_on_demand = 999 Review Comment: yes but whey will still happen. We need out of the box solution follow convention over config. ATM we have to config by hand this is the automat for whole world. ## .editorconfig: ## @@ -0,0 +1,33 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +root = true + +[*] +charset = utf-8 +end_of_line = lf +indent_style = space +insert_final_newline = true + +[*.java] +ij_continuation_indent_size = 4 +ij_java_class_count_to_use_import_on_demand = 999 +ij_java_names_count_to_use_import_on_demand = 999 Review Comment: yes but they will still happen. We need out of the box solution follow convention over config. ATM we have to config by hand this is the automat for whole world. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `editorconfig-maven-plugin`: implement IDE agnostic configuration [maven]
Pankraz76 commented on code in PR #2321: URL: https://github.com/apache/maven/pull/2321#discussion_r2083999197 ## .editorconfig: ## @@ -0,0 +1,33 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +root = true + +[*] +charset = utf-8 +end_of_line = lf +indent_style = space +insert_final_newline = true + +[*.java] +ij_continuation_indent_size = 4 +ij_java_class_count_to_use_import_on_demand = 999 +ij_java_names_count_to_use_import_on_demand = 999 Review Comment: intellij default is using * when having more then 5 imports. https://en.wikipedia.org/wiki/Convention_over_configuration -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `editorconfig-maven-plugin`: implement IDE agnostic configuration [maven]
Pankraz76 commented on code in PR #2321: URL: https://github.com/apache/maven/pull/2321#discussion_r2083999197 ## .editorconfig: ## @@ -0,0 +1,33 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +root = true + +[*] +charset = utf-8 +end_of_line = lf +indent_style = space +insert_final_newline = true + +[*.java] +ij_continuation_indent_size = 4 +ij_java_class_count_to_use_import_on_demand = 999 +ij_java_names_count_to_use_import_on_demand = 999 Review Comment: intellij default is using * when having more then 5 imports. https://en.wikipedia.org/wiki/Convention_over_configuration we have broken the contract therefore need to fix up again. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Assigned] (SCM-1028) Vulnerability: Clear text password is logged by JGit provider and by gitexe remoteinfo on a ls-remote failure
[
https://issues.apache.org/jira/browse/SCM-1028?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov reassigned SCM-1028:
---
Assignee: Michael Osipov
> Vulnerability: Clear text password is logged by JGit provider and by gitexe
> remoteinfo on a ls-remote failure
> -
>
> Key: SCM-1028
> URL: https://issues.apache.org/jira/browse/SCM-1028
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-gitexe, maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Critical
> Labels: Vulnerability, vulnerabilities, vulnerability
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> *Issue(s):*
> # {*}JGit provider{*}: If the git password contains special characters which
> are differently encoded by the {{URI class}} than {{{}by
> URLEncode.encode{}}}, then the password masking does not become effective and
> the password is logged in clear URI encoded format by the jgit provider.
> # {*}Gitexe remoteinfo{*}: In case ls-remote is failing, then a
> {{ScmException}} is being thrown with the fetch URL passed as error message
> containing the URI encoded clear password.
> *Root cause(s):*
> # The URL encoding used for the credentials within fetch and push URL
> differs from the encoding being used for masking the password at
> [JGitUtils.prepareSession(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/src/main/java/org/apache/maven/scm/provider/git/jgit/command/JGitUtils.java#L149]
> # Password is not masked for the exception message passed to the
> ScmException used at
> [GitRemoteInfoCommand.executeRemoteInfoCommand(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/remoteinfo/GitRemoteInfoCommand.java#L59]
> *Solution:*
> [PR #237|https://github.com/apache/maven-scm/pull/237]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (SCM-1028) Vulnerability: Clear text password is logged by JGit provider and by gitexe remoteinfo on a ls-remote failure
[
https://issues.apache.org/jira/browse/SCM-1028?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov updated SCM-1028:
Fix Version/s: 2.2.0
> Vulnerability: Clear text password is logged by JGit provider and by gitexe
> remoteinfo on a ls-remote failure
> -
>
> Key: SCM-1028
> URL: https://issues.apache.org/jira/browse/SCM-1028
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-gitexe, maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Critical
> Labels: Vulnerability, vulnerabilities, vulnerability
> Fix For: 2.2.0
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> *Issue(s):*
> # {*}JGit provider{*}: If the git password contains special characters which
> are differently encoded by the {{URI class}} than {{{}by
> URLEncode.encode{}}}, then the password masking does not become effective and
> the password is logged in clear URI encoded format by the jgit provider.
> # {*}Gitexe remoteinfo{*}: In case ls-remote is failing, then a
> {{ScmException}} is being thrown with the fetch URL passed as error message
> containing the URI encoded clear password.
> *Root cause(s):*
> # The URL encoding used for the credentials within fetch and push URL
> differs from the encoding being used for masking the password at
> [JGitUtils.prepareSession(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/src/main/java/org/apache/maven/scm/provider/git/jgit/command/JGitUtils.java#L149]
> # Password is not masked for the exception message passed to the
> ScmException used at
> [GitRemoteInfoCommand.executeRemoteInfoCommand(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/remoteinfo/GitRemoteInfoCommand.java#L59]
> *Solution:*
> [PR #237|https://github.com/apache/maven-scm/pull/237]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on code in PR #2322:
URL: https://github.com/apache/maven/pull/2322#discussion_r2084144583
##
src/mdo/java/WrapperList.java:
##
@@ -105,7 +105,7 @@ public T remove(int index) {
}
}
-private Object writeReplace() throws ObjectStreamException {
Review Comment:
Exclude is not working too:
```xml
src/mdo/java/**
*/some/irrelevant/or/expensive/directory/**
*/src/mdo/java/**
*src/mdo/java/**
src/mdo/java/**.java
src/mdo/java/Wrapper*.java
src/mdo/java/Wrapper**.java
src/mdo/java/WrapperList.java
src/mdo/java/WrapperProperties.java
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on code in PR #2322: URL: https://github.com/apache/maven/pull/2322#discussion_r2084111582 ## pom.xml: ## @@ -796,9 +796,68 @@ under the License. + + org.openrewrite.maven + rewrite-maven-plugin + 6.8.0 + + + + + + + + + + + + + + Review Comment: https://pmd.github.io/pmd/pmd_rules_java_bestpractices.html#avoidreassigningparameters rewrite would make the boilerplate way cluttering `final` would prefer silent PMD. https://adabeat.com/fp/immutability-in-functional-programming/ We make everywhere boilerplate to throw NPE ourselfs. This would really help to make thinks more robust. immutability is/should be the default case. Kotlin is all about being final and avoiding silly NPE. Thats why we want to live in final existence. Trying to reach invinity. https://github.com/apache/maven/pull/2236/files#r2083631201 `smell` never reassign params as we live in final land. give dedication method and apply functional programming. https://github.com/user-attachments/assets/190ce68b-f6bc-4c18-85e3-f40d4a5afb7b"; /> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-8642) Provide the needed infrastructure to write plugins
[ https://issues.apache.org/jira/browse/MNG-8642?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17950849#comment-17950849 ] Slawomir Jaranowski commented on MNG-8642: -- [~gnodet] - should we do according changes in maven-plugin-testing, like deprecated moved classes? - should we update documentation? > Provide the needed infrastructure to write plugins > -- > > Key: MNG-8642 > URL: https://issues.apache.org/jira/browse/MNG-8642 > Project: Maven > Issue Type: Task >Reporter: Guillaume Nodet >Assignee: Guillaume Nodet >Priority: Major > Fix For: 4.0.0-rc-4 > > > In order to simplify plugin developers life, I think we should provide a BOM > containing the dependencies needed to write a plugin. > Until we have mixins available, the only way is to provide a BOM. > The maven-plugin-testing is a very important component to use when writing > plugins, and it needs to be part of that BOM, so I think it should be moved > inside maven core project along the API. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on code in PR #2322: URL: https://github.com/apache/maven/pull/2322#discussion_r2084080484 ## pom.xml: ## @@ -796,9 +796,60 @@ under the License. + + org.openrewrite.maven + rewrite-maven-plugin + 6.8.0 + + + + + + + + + + + + + + + + org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods + +true +true Review Comment: how did we not find this ourselves @timtebeek? thanks for this learning @gnodet. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [SCM-1029] Fix empty commits on JGit checkin [maven-scm]
asf-gitbox-commits closed pull request #238: [SCM-1029] Fix empty commits on JGit checkin URL: https://github.com/apache/maven-scm/pull/238 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SCM-1029) JGit performing empty commit on CheckIn command if includes or excludes fileset is defined but no files changed in it
[
https://issues.apache.org/jira/browse/SCM-1029?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17950870#comment-17950870
]
ASF GitHub Bot commented on SCM-1029:
-
asf-gitbox-commits closed pull request #238: [SCM-1029] Fix empty commits on
JGit checkin
URL: https://github.com/apache/maven-scm/pull/238
> JGit performing empty commit on CheckIn command if includes or excludes
> fileset is defined but no files changed in it
> -
>
> Key: SCM-1029
> URL: https://issues.apache.org/jira/browse/SCM-1029
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Major
> Fix For: 2.2.0
>
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> *Issue*
> If includes and/or excludes config is defined, then JGit checkIn is
> performing empty commits if no changes are applied to the effective fileset
> content BUT other files are changed that are NOT within the effective scope
> of the includes or excludes related fileset.
>
> *Root cause*
> Method *JGitCheckInCommand.executeCheckInCommand* is using
> git.status().call().{*}hasUncommittedChanges(){*} if there is nothing to
> commit returned by *JGitUtils.addAllFiles(git, fileSet).*
> Since git.status().call().{*}hasUncommittedChanges(){*} returns the state of
> any file within the working tree of the repo, this will set *doCommit* true
> even in case there is no file changed or added in scope of the includes /
> excludes effective fileset.
>
> *Solution*
> Use OR condition of:
> - status.getAdded().size() > 0
> - status.getChanged().size() > 0
> - status.getRemoved() > 0
> instead of status.hasUncommittedChanges() if an includes / excludes FileSet
> is specified.
> [PR #238|https://github.com/apache/maven-scm/pull/238]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [SCM-1029] Fix empty commits on JGit checkin [maven-scm]
slawekjaranowski commented on PR #238: URL: https://github.com/apache/maven-scm/pull/238#issuecomment-2871738995 @michael-o Merged PR should have a label and milestone By default GitHub action - PR Automation do it but here was not executed ... probably of merge by commit no GitHub UI -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SCM-1028) Vulnerability: Clear text password is logged by JGit provider and by gitexe remoteinfo on a ls-remote failure
[
https://issues.apache.org/jira/browse/SCM-1028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17950886#comment-17950886
]
ASF GitHub Bot commented on SCM-1028:
-
slawekjaranowski commented on PR #237:
URL: https://github.com/apache/maven-scm/pull/237#issuecomment-2871723035
@michael-o - Please take account that PR with status 'closed' will be not
reported by release drafter.
So we will not have it in release notes.
> Vulnerability: Clear text password is logged by JGit provider and by gitexe
> remoteinfo on a ls-remote failure
> -
>
> Key: SCM-1028
> URL: https://issues.apache.org/jira/browse/SCM-1028
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-gitexe, maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Critical
> Labels: vulnerability
> Fix For: 2.2.0
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> *Issue(s):*
> # {*}JGit provider{*}: If the git password contains special characters which
> are differently encoded by the {{URI class}} than {{{}by
> URLEncode.encode{}}}, then the password masking does not become effective and
> the password is logged in clear URI encoded format by the jgit provider.
> # {*}Gitexe remoteinfo{*}: In case ls-remote is failing, then a
> {{ScmException}} is being thrown with the fetch URL passed as error message
> containing the URI encoded clear password.
> *Root cause(s):*
> # The URL encoding used for the credentials within fetch and push URL
> differs from the encoding being used for masking the password at
> [JGitUtils.prepareSession(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/src/main/java/org/apache/maven/scm/provider/git/jgit/command/JGitUtils.java#L149]
> # Password is not masked for the exception message passed to the
> ScmException used at
> [GitRemoteInfoCommand.executeRemoteInfoCommand(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/remoteinfo/GitRemoteInfoCommand.java#L59]
> *Solution:*
> [PR #237|https://github.com/apache/maven-scm/pull/237]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [SCM-1028] Fix clear password logging vulnerability [maven-scm]
slawekjaranowski commented on PR #237: URL: https://github.com/apache/maven-scm/pull/237#issuecomment-2871728242 please look ar draft release notes - https://github.com/apache/maven-scm/releases -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SCM-1028) Vulnerability: Clear text password is logged by JGit provider and by gitexe remoteinfo on a ls-remote failure
[
https://issues.apache.org/jira/browse/SCM-1028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17950887#comment-17950887
]
ASF GitHub Bot commented on SCM-1028:
-
slawekjaranowski commented on PR #237:
URL: https://github.com/apache/maven-scm/pull/237#issuecomment-2871728242
please look ar draft release notes -
https://github.com/apache/maven-scm/releases
> Vulnerability: Clear text password is logged by JGit provider and by gitexe
> remoteinfo on a ls-remote failure
> -
>
> Key: SCM-1028
> URL: https://issues.apache.org/jira/browse/SCM-1028
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-gitexe, maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Critical
> Labels: vulnerability
> Fix For: 2.2.0
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> *Issue(s):*
> # {*}JGit provider{*}: If the git password contains special characters which
> are differently encoded by the {{URI class}} than {{{}by
> URLEncode.encode{}}}, then the password masking does not become effective and
> the password is logged in clear URI encoded format by the jgit provider.
> # {*}Gitexe remoteinfo{*}: In case ls-remote is failing, then a
> {{ScmException}} is being thrown with the fetch URL passed as error message
> containing the URI encoded clear password.
> *Root cause(s):*
> # The URL encoding used for the credentials within fetch and push URL
> differs from the encoding being used for masking the password at
> [JGitUtils.prepareSession(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/src/main/java/org/apache/maven/scm/provider/git/jgit/command/JGitUtils.java#L149]
> # Password is not masked for the exception message passed to the
> ScmException used at
> [GitRemoteInfoCommand.executeRemoteInfoCommand(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/remoteinfo/GitRemoteInfoCommand.java#L59]
> *Solution:*
> [PR #237|https://github.com/apache/maven-scm/pull/237]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SCM-1029) JGit performing empty commit on CheckIn command if includes or excludes fileset is defined but no files changed in it
[
https://issues.apache.org/jira/browse/SCM-1029?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17950889#comment-17950889
]
ASF GitHub Bot commented on SCM-1029:
-
slawekjaranowski commented on PR #238:
URL: https://github.com/apache/maven-scm/pull/238#issuecomment-2871738995
@michael-o
Merged PR should have a label and milestone
By default GitHub action - PR Automation do it but here was not
executed ... probably of merge by commit no GitHub UI
> JGit performing empty commit on CheckIn command if includes or excludes
> fileset is defined but no files changed in it
> -
>
> Key: SCM-1029
> URL: https://issues.apache.org/jira/browse/SCM-1029
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Major
> Fix For: 2.2.0
>
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> *Issue*
> If includes and/or excludes config is defined, then JGit checkIn is
> performing empty commits if no changes are applied to the effective fileset
> content BUT other files are changed that are NOT within the effective scope
> of the includes or excludes related fileset.
>
> *Root cause*
> Method *JGitCheckInCommand.executeCheckInCommand* is using
> git.status().call().{*}hasUncommittedChanges(){*} if there is nothing to
> commit returned by *JGitUtils.addAllFiles(git, fileSet).*
> Since git.status().call().{*}hasUncommittedChanges(){*} returns the state of
> any file within the working tree of the repo, this will set *doCommit* true
> even in case there is no file changed or added in scope of the includes /
> excludes effective fileset.
>
> *Solution*
> Use OR condition of:
> - status.getAdded().size() > 0
> - status.getChanged().size() > 0
> - status.getRemoved() > 0
> instead of status.hasUncommittedChanges() if an includes / excludes FileSet
> is specified.
> [PR #238|https://github.com/apache/maven-scm/pull/238]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [SCM-1029] Fix empty commits on JGit checkin [maven-scm]
michael-o commented on PR #238: URL: https://github.com/apache/maven-scm/pull/238#issuecomment-2871752383 > @michael-o Merged PR should have a label and milestone > > By default GitHub action - PR Automation do it but here was not executed ... probably of merge by commit no GitHub UI I don't use the Github UI since it uses the wrong email address for me instead of the apache.org. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [SCM-1028] Fix clear password logging vulnerability [maven-scm]
mhoffrog commented on PR #237: URL: https://github.com/apache/maven-scm/pull/237#issuecomment-2871752655 @slawekjaranowski @michael-o - Is there a reason why asf-gitbox-commits is closing without merging the PR and creating a dedicated commit to master with the changes. Looks pretty irritating. - Same question for release notes - I'd like to get it appearing in the release notes - just because it is a vulnerability fix. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SCM-1029) JGit performing empty commit on CheckIn command if includes or excludes fileset is defined but no files changed in it
[
https://issues.apache.org/jira/browse/SCM-1029?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17950892#comment-17950892
]
ASF GitHub Bot commented on SCM-1029:
-
michael-o commented on PR #238:
URL: https://github.com/apache/maven-scm/pull/238#issuecomment-2871752383
> @michael-o Merged PR should have a label and milestone
>
> By default GitHub action - PR Automation do it but here was not
executed ... probably of merge by commit no GitHub UI
I don't use the Github UI since it uses the wrong email address for me
instead of the apache.org.
> JGit performing empty commit on CheckIn command if includes or excludes
> fileset is defined but no files changed in it
> -
>
> Key: SCM-1029
> URL: https://issues.apache.org/jira/browse/SCM-1029
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Major
> Fix For: 2.2.0
>
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> *Issue*
> If includes and/or excludes config is defined, then JGit checkIn is
> performing empty commits if no changes are applied to the effective fileset
> content BUT other files are changed that are NOT within the effective scope
> of the includes or excludes related fileset.
>
> *Root cause*
> Method *JGitCheckInCommand.executeCheckInCommand* is using
> git.status().call().{*}hasUncommittedChanges(){*} if there is nothing to
> commit returned by *JGitUtils.addAllFiles(git, fileSet).*
> Since git.status().call().{*}hasUncommittedChanges(){*} returns the state of
> any file within the working tree of the repo, this will set *doCommit* true
> even in case there is no file changed or added in scope of the includes /
> excludes effective fileset.
>
> *Solution*
> Use OR condition of:
> - status.getAdded().size() > 0
> - status.getChanged().size() > 0
> - status.getRemoved() > 0
> instead of status.hasUncommittedChanges() if an includes / excludes FileSet
> is specified.
> [PR #238|https://github.com/apache/maven-scm/pull/238]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SCM-1028) Vulnerability: Clear text password is logged by JGit provider and by gitexe remoteinfo on a ls-remote failure
[
https://issues.apache.org/jira/browse/SCM-1028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17950893#comment-17950893
]
ASF GitHub Bot commented on SCM-1028:
-
mhoffrog commented on PR #237:
URL: https://github.com/apache/maven-scm/pull/237#issuecomment-2871752655
@slawekjaranowski @michael-o
- Is there a reason why asf-gitbox-commits is closing without merging the PR
and creating a dedicated commit to master with the changes. Looks pretty
irritating.
- Same question for release notes - I'd like to get it appearing in the
release notes - just because it is a vulnerability fix.
> Vulnerability: Clear text password is logged by JGit provider and by gitexe
> remoteinfo on a ls-remote failure
> -
>
> Key: SCM-1028
> URL: https://issues.apache.org/jira/browse/SCM-1028
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-gitexe, maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Critical
> Labels: vulnerability
> Fix For: 2.2.0
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> *Issue(s):*
> # {*}JGit provider{*}: If the git password contains special characters which
> are differently encoded by the {{URI class}} than {{{}by
> URLEncode.encode{}}}, then the password masking does not become effective and
> the password is logged in clear URI encoded format by the jgit provider.
> # {*}Gitexe remoteinfo{*}: In case ls-remote is failing, then a
> {{ScmException}} is being thrown with the fetch URL passed as error message
> containing the URI encoded clear password.
> *Root cause(s):*
> # The URL encoding used for the credentials within fetch and push URL
> differs from the encoding being used for masking the password at
> [JGitUtils.prepareSession(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/src/main/java/org/apache/maven/scm/provider/git/jgit/command/JGitUtils.java#L149]
> # Password is not masked for the exception message passed to the
> ScmException used at
> [GitRemoteInfoCommand.executeRemoteInfoCommand(...)|https://github.com/apache/maven-scm/blob/55186fdf42f65fd3a1be07161bc198f092386f77/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/remoteinfo/GitRemoteInfoCommand.java#L59]
> *Solution:*
> [PR #237|https://github.com/apache/maven-scm/pull/237]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SCM-1029) JGit performing empty commit on CheckIn command if includes or excludes fileset is defined but no files changed in it
[
https://issues.apache.org/jira/browse/SCM-1029?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17950904#comment-17950904
]
ASF GitHub Bot commented on SCM-1029:
-
michael-o commented on PR #238:
URL: https://github.com/apache/maven-scm/pull/238#issuecomment-2871923247
> > > @michael-o Merged PR should have a label and milestone
> > > By default GitHub action - PR Automation do it but here was not
executed ... probably of merge by commit no GitHub UI
> >
> >
> > I don't use the Github UI since it uses the wrong email address for me
instead of the apache.org.
>
> Did you check your github configuration:
https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address#setting-your-commit-email-address-on-github
I have multiple addresses for multiple purposes. The Apache isn't and won't
be my primary one. Therefore, the GItHub UI is unsuitable for the task.
> Maybe we should add or update something at:
https://maven.apache.org/developers/conventions/github.html
Maybe, but won't solve the problem from above.
> JGit performing empty commit on CheckIn command if includes or excludes
> fileset is defined but no files changed in it
> -
>
> Key: SCM-1029
> URL: https://issues.apache.org/jira/browse/SCM-1029
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-scm-provider-jgit
>Affects Versions: 2.1.0
>Reporter: Markus Hoffrogge
>Assignee: Michael Osipov
>Priority: Major
> Fix For: 2.2.0
>
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> *Issue*
> If includes and/or excludes config is defined, then JGit checkIn is
> performing empty commits if no changes are applied to the effective fileset
> content BUT other files are changed that are NOT within the effective scope
> of the includes or excludes related fileset.
>
> *Root cause*
> Method *JGitCheckInCommand.executeCheckInCommand* is using
> git.status().call().{*}hasUncommittedChanges(){*} if there is nothing to
> commit returned by *JGitUtils.addAllFiles(git, fileSet).*
> Since git.status().call().{*}hasUncommittedChanges(){*} returns the state of
> any file within the working tree of the repo, this will set *doCommit* true
> even in case there is no file changed or added in scope of the includes /
> excludes effective fileset.
>
> *Solution*
> Use OR condition of:
> - status.getAdded().size() > 0
> - status.getChanged().size() > 0
> - status.getRemoved() > 0
> instead of status.hasUncommittedChanges() if an includes / excludes FileSet
> is specified.
> [PR #238|https://github.com/apache/maven-scm/pull/238]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [SCM-1029] Fix empty commits on JGit checkin [maven-scm]
michael-o commented on PR #238: URL: https://github.com/apache/maven-scm/pull/238#issuecomment-2871923247 > > > @michael-o Merged PR should have a label and milestone > > > By default GitHub action - PR Automation do it but here was not executed ... probably of merge by commit no GitHub UI > > > > > > I don't use the Github UI since it uses the wrong email address for me instead of the apache.org. > > Did you check your github configuration: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address#setting-your-commit-email-address-on-github I have multiple addresses for multiple purposes. The Apache isn't and won't be my primary one. Therefore, the GItHub UI is unsuitable for the task. > Maybe we should add or update something at: https://maven.apache.org/developers/conventions/github.html Maybe, but won't solve the problem from above. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] master branch breaks on Maven 4.0.0-rc3 on Windows [maven-enforcer]
Bukama commented on issue #364: URL: https://github.com/apache/maven-enforcer/issues/364#issuecomment-2873499765 On Maven 3.9.8 it's working fine. [2025-05-12_master_Maven3.9.8.log](https://github.com/user-attachments/files/20170042/2025-05-12_master_Maven3.9.8.log) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.wiremock:wiremock from 3.12.1 to 3.13.0 [maven-dist-tool]
slawekjaranowski merged PR #107: URL: https://github.com/apache/maven-dist-tool/pull/107 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] [MNG-8727] Prepare for Java 24 [maven]
cstamas opened a new pull request, #2328: URL: https://github.com/apache/maven/pull/2328 Simple changes that makes build/ITs work with Java 24. PR does not contains: * action addition of Java 24 to CI * updated Eclipse Sisu version (needed for that above) --- https://issues.apache.org/jira/browse/MNG-8727 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Assigned] (MNG-8727) Prepare for Java 24
[ https://issues.apache.org/jira/browse/MNG-8727?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak reassigned MNG-8727: Assignee: Tamas Cservenak > Prepare for Java 24 > --- > > Key: MNG-8727 > URL: https://issues.apache.org/jira/browse/MNG-8727 > Project: Maven > Issue Type: Task >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 4.0.0-rc-4 > > > Maven build contains several issues that makes it fail on Java 24. Fix those. > This issue is NOT covering: > * making Maven build run on Java 24 > * updating Eclipse Sisu (needed for that above) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[I] master branch breaks on Maven 4.0.0-rc3 on Windows [maven-enforcer]
Bukama opened a new issue, #364: URL: https://github.com/apache/maven-enforcer/issues/364 ### Affected version 3.6.0-SNAPSHOT (master - f6c114b7d7f8035c152af0efe955d71c12870222) ### Bug description The master branch breaks on Maven 4.0.0-rc3 on Windows (with admin rights) [2025-05-12_maven-enforcer-master_Maven4.0.0-rc3.log](https://github.com/user-attachments/files/20168763/2025-05-12_maven-enforcer-master_Maven4.0.0-rc3.log) ``` [INFO] - [INFO] Build Summary: [INFO] Passed: 125, Failed: 2, Errors: 0, Skipped: 4 [INFO] - [ERROR] The following builds failed: [ERROR] * ban-dependency-management-scope-fail\pom.xml [ERROR] * require-dependency-scope\pom.xml [INFO] - [WARNING] The following builds were skipped: [WARNING] * ban-duplicate-dependencies-versions\pom.xml [WARNING] * ban-pom-dependency-version-utf8-with-bom\pom.xml [WARNING] * ban-pom-dependency-version\pom.xml [WARNING] * require-profile-ids-exist_failure\pom.xml ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
gnodet commented on PR #2322: URL: https://github.com/apache/maven/pull/2322#issuecomment-2873545295 As an alternative, could open rewrite be setup to comment on PRs ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] master branch breaks on Maven 4.0.0-rc3 on Windows [maven-enforcer]
gnodet commented on issue #364: URL: https://github.com/apache/maven-enforcer/issues/364#issuecomment-2873540958 The dependency tree has slightly changed between in Maven 4, so I suspect it comes from that. If that's the case (you may want to diff the dependency tree), that's not a bug and you'll have to slightly adjust. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MNG-8686] Add `SourceRoot.matcher(boolean)` method [maven]
Pankraz76 commented on PR #2236: URL: https://github.com/apache/maven/pull/2236#issuecomment-2873551134 > useless disagree, its called best practise for reason. agree, with help of rewrite, we can get benefits for free. Enforcing really strong coding guidelines. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on PR #2322: URL: https://github.com/apache/maven/pull/2322#issuecomment-2873791586 > * I don't want to introduce additional plugins into the build. > * Format is limited to cosmetics. Check is just file parser too, therefore very limited. Ideally, we would superset what Checkstyle relies on using: - [PMD](https://pmd.github.io/) - [SpotBugs](https://spotbugs.github.io/) It's interesting to see that each tool has its niche: - PMD often passes - SpotBugs really taps in if something is sus [Checkstyle PMD Reference](https://github.com/checkstyle/checkstyle/blob/0a341c4dc53b149ee42c5ddf8e5507d44738c6eb/pom.xml#L211) Trading just a few seconds for higher code standards is generally an effort taken. **Current real world problem:** Missing auto-fix effectively preventing integration. This is where Rewrite kicks in. So we need Rewrite as enabler. --- Ideally `org.openrewrite.staticanalysis.CodeCleanup` would sooner or later: - Fix all violations covered by other tools - Make them kind of obsolete in comparison - Yet keep them very valuable each on their own Even when having the option, running them would make sense to really make sure. Once (and for all) fixed by [Rewrite CodeCleanup](https://docs.openrewrite.org/recipes/staticanalysis/codecleanup), technical debt is considered non-existent anymore. **SpotBugs/PMD** checks for more than 400 bug patterns. While Rewrite aims to: - Cover all existing tools - Automate them (its dedicated super power) Trading CPU time for maintenance and bugs avoidance seems lit. ``` [INFO] --- pmd:3.23.0:check (default) @ maven-api-di --- [INFO] PMD version: 7.0.0 [INFO] PMD Failure: org.apache.maven.api.di.Inject:25 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.ElementType.CONSTRUCTOR'. [INFO] PMD Failure: org.apache.maven.api.di.Inject:26 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.ElementType.FIELD'. [INFO] PMD Failure: org.apache.maven.api.di.Inject:27 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.ElementType.METHOD'. [INFO] PMD Failure: org.apache.maven.api.di.Inject:28 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.RetentionPolicy.RUNTIME'. [INFO] PMD Failure: org.apache.maven.api.di.MojoExecutionScoped:25 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.ElementType.METHOD'. [INFO] PMD Failure: org.apache.maven.api.di.MojoExecutionScoped:26 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.ElementType.TYPE'. [INFO] PMD Failure: org.apache.maven.api.di.MojoExecutionScoped:27 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.RetentionPolicy.RUNTIME'. [INFO] PMD Failure: org.apache.maven.api.di.Named:24 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.RetentionPolicy.RUNTIME'. [INFO] PMD Failure: org.apache.maven.api.di.Priority:25 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.ElementType.METHOD'. [INFO] PMD Failure: org.apache.maven.api.di.Priority:26 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.ElementType.TYPE'. [INFO] PMD Failure: org.apache.maven.api.di.Priority:27 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.RetentionPolicy.RUNTIME'. [INFO] PMD Failure: org.apache.maven.api.di.Provides:25 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.ElementType.METHOD'. [INFO] PMD Failure: org.apache.maven.api.di.Provides:26 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.RetentionPolicy.RUNTIME'. [INFO] PMD Failure: org.apache.maven.api.di.Qualifier:25 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.ElementType.ANNOTATION_TYPE'. [INFO] PMD Failure: org.apache.maven.api.di.Qualifier:26 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.RetentionPolicy.RUNTIME'. [INFO] PMD Failure: org.apache.maven.api.di.Scope:25 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.ElementType.ANNOTATION_TYPE'. [INFO] PMD Failure: org.apache.maven.api.di.Scope:26 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.RetentionPolicy.RUNTIME'. [INFO] PMD Failure: org.apache.maven.api.di.SessionScoped:25 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.ElementType.METHOD'. [INFO] PMD Failure: org.apache.maven.api.di.SessionScoped:26 Rule:UnnecessaryImport Priority:4 Unused static import 'java.lang.annotation.ElementType.TYPE'. [INFO] PMD Failure: org.apache.maven.api.di.SessionScoped:27 Rule:UnnecessaryImport Priority:4 Unused static import
[jira] [Created] (MNG-8728) Eclipse Sisu upgrade and Java 24
Tamas Cservenak created MNG-8728: Summary: Eclipse Sisu upgrade and Java 24 Key: MNG-8728 URL: https://issues.apache.org/jira/browse/MNG-8728 Project: Maven Issue Type: Task Reporter: Tamas Cservenak Fix For: 4.0.0-rc-4 Changes: * add Java 24 to CI matrix * update Eclipse Sisu to Java 24 capable * make sisu-maven-plugin use same ASM Maven is using -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MNG-8728) Bump Eclipse Sisu from 0.9.0.M3 to XXX and use Java 24 on CI
[ https://issues.apache.org/jira/browse/MNG-8728?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak updated MNG-8728: - Summary: Bump Eclipse Sisu from 0.9.0.M3 to XXX and use Java 24 on CI (was: Eclipse Sisu upgrade and Java 24) > Bump Eclipse Sisu from 0.9.0.M3 to XXX and use Java 24 on CI > > > Key: MNG-8728 > URL: https://issues.apache.org/jira/browse/MNG-8728 > Project: Maven > Issue Type: Task >Reporter: Tamas Cservenak >Priority: Major > Fix For: 4.0.0-rc-4 > > > Changes: > * add Java 24 to CI matrix > * update Eclipse Sisu to Java 24 capable > * make sisu-maven-plugin use same ASM Maven is using -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Resolve `feature envy` in `DefaultPluginXmlFactory` [maven]
Pankraz76 commented on PR #2326: URL: https://github.com/apache/maven/pull/2326#issuecomment-2873836165 https://refactoring.guru/design-patterns/factory-method Considering factory adhering to creational design pattern its supposed to `create` (what) stuff like shown in pr, not to `do` (how). > sake of having methods collocated with the data. yes this is considered OOP, IoC, SRP, and SOC avoiding the `feature envy`. Our factory is actually an worker which is considered two different kind. Might be related but im sure its not one and only. Grouping data and its entourage; companion into dedicated classified dimensions. - https://en.wikipedia.org/wiki/Object-oriented_programming - https://en.wikipedia.org/wiki/Inversion_of_control When this factory is handling 100 products im sure they wont all gather inside on place. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Resolve `feature envy` in `DefaultPluginXmlFactory` [maven]
Pankraz76 commented on PR #2326: URL: https://github.com/apache/maven/pull/2326#issuecomment-2873857919 > It really does not make any sense to me to wrap the request (immutable data object) into another object, just for the sake of having methods collocated with the data. we can inline of course and least separate code on impl lvl giving each dedicated concern. Imho considering SOLID `one thing` for factory is to delegate and create, thats more then enough. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] GitHub action set fail-fast to false [maven-javadoc-plugin]
slawekjaranowski closed pull request #366: GitHub action set fail-fast to false URL: https://github.com/apache/maven-javadoc-plugin/pull/366 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] GitHub action set fail-fast to false [maven-javadoc-plugin]
slawekjaranowski commented on PR #366: URL: https://github.com/apache/maven-javadoc-plugin/pull/366#issuecomment-2873596369 looks like all JDKs are ok ... so close it -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] master branch breaks on Maven 4.0.0-rc3 on Windows [maven-enforcer]
Bukama commented on issue #364: URL: https://github.com/apache/maven-enforcer/issues/364#issuecomment-2873609518 > The dependency tree has slightly changed between in Maven 4, so I suspect it comes from that. If that's the case (you may want to diff the dependency tree), that's not a bug and you'll have to slightly adjust. Differences in tree (funny to see that Maven 3.9.8 has newer of jsr, while Maven 4 has newer of plexus-cipher) ``` Maven 3.9.8: com.google.code.findbugs:jsr305:jar:3.0.2:provided org.sonatype.plexus:plexus-cipher:jar:1.4:provided Maven 4.0.0-rc3: com.google.code.findbugs:jsr305:jar:3.0.1:provided org.sonatype.plexus:plexus-cipher:jar:1.7:provided ``` [dependency-tree_3.9.8.txt](https://github.com/user-attachments/files/20173697/dependency-tree_3.9.8.txt) [dependency-tree_4.0.0-rc-3.txt](https://github.com/user-attachments/files/20173696/dependency-tree_4.0.0-rc-3.txt) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on PR #2322: URL: https://github.com/apache/maven/pull/2322#issuecomment-2873629051 > As an alternative, could open rewrite be setup to comment on PRs ? of course, this is aimed happy path for easy integration and wide acceptance. Its easy to apply then, but will spam and take away, as friction we aim to automate will still happen. Mostly to dedicated dev and pr which is fine. But this violates `fail early fail often`. therefore we need `failOnDryRunResults` local failure and online mode. If local build is skipped then still it will be applied. As happy path is `clean install` verify will trigger `failOnDryRunResults`, tempting dev to run local `fixup` same like with spot, but way more mighty. https://github.com/openrewrite/rewrite-static-analysis/pull/544#discussion_r2076253957 https://github.com/user-attachments/assets/6aa119f4-dc6c-40d2-8fc8-fc901031d144"; /> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Update parent to 44 [maven-enforcer]
Bukama merged PR #365: URL: https://github.com/apache/maven-enforcer/pull/365 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-parent from 43 to 44 [maven-enforcer]
dependabot[bot] closed pull request #361: Bump org.apache.maven:maven-parent from 43 to 44 URL: https://github.com/apache/maven-enforcer/pull/361 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-parent from 43 to 44 [maven-enforcer]
Bukama commented on PR #361: URL: https://github.com/apache/maven-enforcer/pull/361#issuecomment-2873639420 @dependabot close -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MNG-8727] Prepare for Java 24 [maven]
gnodet commented on code in PR #2328: URL: https://github.com/apache/maven/pull/2328#discussion_r2085380486 ## pom.xml: ## @@ -796,6 +796,17 @@ under the License. + + org.apache.maven.plugins + maven-pmd-plugin Review Comment: Is that related ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MNG-8727] Prepare for Java 24 [maven]
cstamas commented on code in PR #2328: URL: https://github.com/apache/maven/pull/2328#discussion_r2085383430 ## pom.xml: ## @@ -796,6 +796,17 @@ under the License. + + org.apache.maven.plugins + maven-pmd-plugin Review Comment: Yes, older PMD craps out on Java 24 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MNG-8727] Prepare for Java 24 [maven]
cstamas commented on code in PR #2328: URL: https://github.com/apache/maven/pull/2328#discussion_r2085383430 ## pom.xml: ## @@ -796,6 +796,17 @@ under the License. + + org.apache.maven.plugins + maven-pmd-plugin Review Comment: Yes, older PMD ctaps out on Java 24 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MNG-8727] Prepare for Java 24 [maven]
cstamas commented on code in PR #2328: URL: https://github.com/apache/maven/pull/2328#discussion_r2085383430 ## pom.xml: ## @@ -796,6 +796,17 @@ under the License. + + org.apache.maven.plugins + maven-pmd-plugin Review Comment: Yes, older PMD craps out on Java 24. This basically just ups the PMD dependency used by m-pmd-p to one that works on Java 24. No other code change needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Resolve `feature envy` in `DefaultPluginXmlFactory` [maven]
Pankraz76 commented on code in PR #2326:
URL: https://github.com/apache/maven/pull/2326#discussion_r2085375181
##
impl/maven-impl/src/main/java/org/apache/maven/impl/DefaultPluginXmlFactory.java:
##
@@ -35,70 +27,19 @@
import org.apache.maven.api.services.xml.XmlReaderRequest;
import org.apache.maven.api.services.xml.XmlWriterException;
import org.apache.maven.api.services.xml.XmlWriterRequest;
-import org.apache.maven.plugin.descriptor.io.PluginDescriptorStaxReader;
-import org.apache.maven.plugin.descriptor.io.PluginDescriptorStaxWriter;
-
-import static org.apache.maven.impl.ImplUtils.nonNull;
-import static org.apache.maven.impl.StaxLocation.getLocation;
-import static org.apache.maven.impl.StaxLocation.getMessage;
@Named
@Singleton
public class DefaultPluginXmlFactory implements PluginXmlFactory {
+
@Override
public PluginDescriptor read(@Nonnull XmlReaderRequest request) throws
XmlReaderException {
-nonNull(request, "request");
-Path path = request.getPath();
-URL url = request.getURL();
-Reader reader = request.getReader();
-InputStream inputStream = request.getInputStream();
-if (path == null && url == null && reader == null && inputStream ==
null) {
-throw new IllegalArgumentException("path, url, reader or
inputStream must be non null");
Review Comment:
SOC
##
impl/maven-impl/src/main/java/org/apache/maven/impl/DefaultPluginXmlFactory.java:
##
@@ -35,70 +27,19 @@
import org.apache.maven.api.services.xml.XmlReaderRequest;
import org.apache.maven.api.services.xml.XmlWriterException;
import org.apache.maven.api.services.xml.XmlWriterRequest;
-import org.apache.maven.plugin.descriptor.io.PluginDescriptorStaxReader;
-import org.apache.maven.plugin.descriptor.io.PluginDescriptorStaxWriter;
-
-import static org.apache.maven.impl.ImplUtils.nonNull;
-import static org.apache.maven.impl.StaxLocation.getLocation;
-import static org.apache.maven.impl.StaxLocation.getMessage;
@Named
@Singleton
public class DefaultPluginXmlFactory implements PluginXmlFactory {
+
@Override
public PluginDescriptor read(@Nonnull XmlReaderRequest request) throws
XmlReaderException {
-nonNull(request, "request");
-Path path = request.getPath();
-URL url = request.getURL();
-Reader reader = request.getReader();
-InputStream inputStream = request.getInputStream();
-if (path == null && url == null && reader == null && inputStream ==
null) {
-throw new IllegalArgumentException("path, url, reader or
inputStream must be non null");
-}
-try {
-PluginDescriptorStaxReader xml = new PluginDescriptorStaxReader();
-xml.setAddDefaultEntities(request.isAddDefaultEntities());
-if (inputStream != null) {
Review Comment:
SOC
##
impl/maven-impl/src/main/java/org/apache/maven/impl/DefaultPluginXmlFactory.java:
##
@@ -35,70 +27,19 @@
import org.apache.maven.api.services.xml.XmlReaderRequest;
import org.apache.maven.api.services.xml.XmlWriterException;
import org.apache.maven.api.services.xml.XmlWriterRequest;
-import org.apache.maven.plugin.descriptor.io.PluginDescriptorStaxReader;
-import org.apache.maven.plugin.descriptor.io.PluginDescriptorStaxWriter;
-
-import static org.apache.maven.impl.ImplUtils.nonNull;
-import static org.apache.maven.impl.StaxLocation.getLocation;
-import static org.apache.maven.impl.StaxLocation.getMessage;
@Named
@Singleton
public class DefaultPluginXmlFactory implements PluginXmlFactory {
+
@Override
public PluginDescriptor read(@Nonnull XmlReaderRequest request) throws
XmlReaderException {
-nonNull(request, "request");
-Path path = request.getPath();
Review Comment:
SOC
##
impl/maven-impl/src/main/java/org/apache/maven/impl/ReadRequest.java:
##
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.impl;
+
+import javax.xml.stream.XMLStreamException;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Reader;
+import java.net.URL;
+import java.nio.file.Files;
+import ja
Re: [PR] Resolve `feature envy` in `DefaultPluginXmlFactory` [maven]
Pankraz76 commented on PR #2326: URL: https://github.com/apache/maven/pull/2326#issuecomment-2873893011 sacrifice/spike architectural design again, in sake to increment code. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MNG-8727] Prepare for Java 24 [maven]
cstamas commented on code in PR #2328: URL: https://github.com/apache/maven/pull/2328#discussion_r2085383430 ## pom.xml: ## @@ -796,6 +796,17 @@ under the License. + + org.apache.maven.plugins + maven-pmd-plugin Review Comment: Yes, older PMD craps out on Java 24. This basically just ups the PMD dependency used by m-pmd-p to one that works on Java 24. No other code change needed. This fixes the "full-build" step that builds site that uses PMD report. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MNG-8727] Prepare for Java 24 [maven]
michael-o commented on code in PR #2328:
URL: https://github.com/apache/maven/pull/2328#discussion_r2085415382
##
impl/maven-executor/src/main/java/org/apache/maven/cling/executor/internal/ToolboxTool.java:
##
@@ -142,7 +142,7 @@ private String validateOutput(boolean shave,
ByteArrayOutputStream stdout, ByteA
}
// sanity checks: stderr has any OR result is empty string (no method
should emit empty string)
if (stderr.size() > 0 || result.trim().isEmpty()) {
-throw new ExecutorException(
+System.err.println(
Review Comment:
Why?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] [MNG-8727] Prepare for Java 24 [maven]
cstamas commented on code in PR #2328:
URL: https://github.com/apache/maven/pull/2328#discussion_r2085418836
##
impl/maven-executor/src/main/java/org/apache/maven/cling/executor/internal/ToolboxTool.java:
##
@@ -142,7 +142,7 @@ private String validateOutput(boolean shave,
ByteArrayOutputStream stdout, ByteA
}
// sanity checks: stderr has any OR result is empty string (no method
should emit empty string)
if (stderr.size() > 0 || result.trim().isEmpty()) {
-throw new ExecutorException(
+System.err.println(
Review Comment:
To not have it lost. Without this, the output is lost, this way you have it
at least in surefire report.
And with throw it would just fail (as on Java 24 mvn4 always emits warning
on stderr).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] [MNG-8727] Prepare for Java 24 [maven]
michael-o commented on code in PR #2328:
URL: https://github.com/apache/maven/pull/2328#discussion_r2085425311
##
impl/maven-executor/src/main/java/org/apache/maven/cling/executor/internal/ToolboxTool.java:
##
@@ -142,7 +142,7 @@ private String validateOutput(boolean shave,
ByteArrayOutputStream stdout, ByteA
}
// sanity checks: stderr has any OR result is empty string (no method
should emit empty string)
if (stderr.size() > 0 || result.trim().isEmpty()) {
-throw new ExecutorException(
+System.err.println(
Review Comment:
I see, makes sense.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] Escape JIRA reserved words in JqlQueryBuilder [maven-changes-plugin]
garydgregory commented on PR #127: URL: https://github.com/apache/maven-changes-plugin/pull/127#issuecomment-2872168668 @slawekjaranowski Thank you for the review and merge. Would you please set expectations for a release timeframe? This is blocking Commons Exec unless I use a snapshot or local build. TY! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Test unused `stream` in `DefaultPluginXmlFactory#write` [maven]
Pankraz76 commented on code in PR #2312:
URL: https://github.com/apache/maven/pull/2312#discussion_r2084474413
##
impl/maven-impl/src/main/java/org/apache/maven/impl/DefaultPluginXmlFactory.java:
##
@@ -35,93 +27,18 @@
import org.apache.maven.api.services.xml.XmlReaderRequest;
import org.apache.maven.api.services.xml.XmlWriterException;
import org.apache.maven.api.services.xml.XmlWriterRequest;
-import org.apache.maven.plugin.descriptor.io.PluginDescriptorStaxReader;
-import org.apache.maven.plugin.descriptor.io.PluginDescriptorStaxWriter;
-
-import static org.apache.maven.impl.ImplUtils.nonNull;
-import static org.apache.maven.impl.StaxLocation.getLocation;
-import static org.apache.maven.impl.StaxLocation.getMessage;
@Named
@Singleton
public class DefaultPluginXmlFactory implements PluginXmlFactory {
+
@Override
public PluginDescriptor read(@Nonnull XmlReaderRequest request) throws
XmlReaderException {
-nonNull(request, "request");
-Path path = request.getPath();
-URL url = request.getURL();
-Reader reader = request.getReader();
-InputStream inputStream = request.getInputStream();
-if (path == null && url == null && reader == null && inputStream ==
null) {
-throw new IllegalArgumentException("path, url, reader or
inputStream must be non null");
-}
-try {
-PluginDescriptorStaxReader xml = new PluginDescriptorStaxReader();
-xml.setAddDefaultEntities(request.isAddDefaultEntities());
-if (inputStream != null) {
-return xml.read(inputStream, request.isStrict());
-} else if (reader != null) {
-return xml.read(reader, request.isStrict());
-} else if (path != null) {
-try (InputStream is = Files.newInputStream(path)) {
-return xml.read(is, request.isStrict());
-}
-} else {
-try (InputStream is = url.openStream()) {
-return xml.read(is, request.isStrict());
-}
-}
-} catch (Exception e) {
-throw new XmlReaderException("Unable to read plugin: " +
getMessage(e), getLocation(e), e);
-}
+return new ReadRequest(request).read();
}
@Override
public void write(XmlWriterRequest request) throws
XmlWriterException {
-nonNull(request, "request");
-PluginDescriptor content = nonNull(request.getContent(), "content");
-Path path = request.getPath();
-OutputStream outputStream = request.getOutputStream();
-Writer writer = request.getWriter();
-if (writer == null && outputStream == null && path == null) {
-throw new IllegalArgumentException("writer, outputStream or path
must be non null");
-}
-try {
-if (writer != null) {
-new PluginDescriptorStaxWriter().write(writer, content);
-} else if (outputStream != null) {
-new PluginDescriptorStaxWriter().write(outputStream, content);
-} else {
-try (OutputStream os = Files.newOutputStream(path)) {
-new PluginDescriptorStaxWriter().write(outputStream,
content);
Review Comment:
ony bug fix
##
impl/maven-impl/src/main/java/org/apache/maven/impl/DefaultPluginXmlFactory.java:
##
@@ -35,93 +27,18 @@
import org.apache.maven.api.services.xml.XmlReaderRequest;
import org.apache.maven.api.services.xml.XmlWriterException;
import org.apache.maven.api.services.xml.XmlWriterRequest;
-import org.apache.maven.plugin.descriptor.io.PluginDescriptorStaxReader;
-import org.apache.maven.plugin.descriptor.io.PluginDescriptorStaxWriter;
-
-import static org.apache.maven.impl.ImplUtils.nonNull;
-import static org.apache.maven.impl.StaxLocation.getLocation;
-import static org.apache.maven.impl.StaxLocation.getMessage;
@Named
@Singleton
public class DefaultPluginXmlFactory implements PluginXmlFactory {
+
@Override
public PluginDescriptor read(@Nonnull XmlReaderRequest request) throws
XmlReaderException {
-nonNull(request, "request");
-Path path = request.getPath();
-URL url = request.getURL();
-Reader reader = request.getReader();
-InputStream inputStream = request.getInputStream();
-if (path == null && url == null && reader == null && inputStream ==
null) {
-throw new IllegalArgumentException("path, url, reader or
inputStream must be non null");
-}
-try {
-PluginDescriptorStaxReader xml = new PluginDescriptorStaxReader();
-xml.setAddDefaultEntities(request.isAddDefaultEntities());
-if (inputStream != null) {
-return xml.read(inputStream, request.isStrict());
-} else if (reader != null) {
-return xml.read(reader, request.isStrict());
-} else
[PR] Bump org.codehaus.gmavenplus:gmavenplus-plugin from 4.1.1 to 4.2.0 [maven-mvnd]
dependabot[bot] opened a new pull request, #1321: URL: https://github.com/apache/maven-mvnd/pull/1321 Bumps [org.codehaus.gmavenplus:gmavenplus-plugin](https://github.com/groovy/GMavenPlus) from 4.1.1 to 4.2.0. Release notes Sourced from https://github.com/groovy/GMavenPlus/releases";>org.codehaus.gmavenplus:gmavenplus-plugin's releases. 4.2.0 Bugs None. Enhancements Support Java 24 and 25 (https://redirect.github.com/groovy/GMavenPlus/issues/330";>#330). Support Maven 4 (https://redirect.github.com/groovy/GMavenPlus/issues/328";>#328) Thanks to https://github.com/gnodet";>@gnodet for this PR! Potentially breaking changes None Notes None Commits https://github.com/groovy/GMavenPlus/commit/796337da241d2676af93df37bdd13b8be4cd673f";>796337d [maven-release-plugin] prepare release 4.2.0 https://github.com/groovy/GMavenPlus/commit/10f57c5e0b2ddf08b283620e1b5e681df0fdb321";>10f57c5 Merge pull request https://redirect.github.com/groovy/GMavenPlus/issues/326";>#326 from groovy/snyk-upgrade-d903072a16375cd525f2711dc1f5... https://github.com/groovy/GMavenPlus/commit/5b920e54d5f8ae3da68440c782efdbc4d28cb6fa";>5b920e5 Merge pull request https://redirect.github.com/groovy/GMavenPlus/issues/327";>#327 from groovy/snyk-upgrade-6520365dd41e2b02e81c49233992... https://github.com/groovy/GMavenPlus/commit/c361909762f3fc34a0ac7f02f20c1399daa11692";>c361909 Update plugins https://github.com/groovy/GMavenPlus/commit/8a797f3f7de07eb8e466c18373a1dd8d5bf34c2a";>8a797f3 Fix for Maven 4 breaking changes (closes https://redirect.github.com/groovy/GMavenPlus/issues/328";>#328) https://github.com/groovy/GMavenPlus/commit/69ac88dd0ac309dc2a4a3b6bff70997ccdaf6a0c";>69ac88d Merge pull request https://redirect.github.com/groovy/GMavenPlus/issues/330";>#330 from groovy/java-24 https://github.com/groovy/GMavenPlus/commit/b28792ced46a03acc90dbf05eea06c259a886c81";>b28792c Bump version for next release https://github.com/groovy/GMavenPlus/commit/82bdf0b65b70d75fbce42b458e0c4fadbafd2568";>82bdf0b Java 25 support https://github.com/groovy/GMavenPlus/commit/8d37dd98030713fe681074d3fb82d0a3dbb3af06";>8d37dd9 Update plugins and dependencies https://github.com/groovy/GMavenPlus/commit/d673ef5436e200a34a4b95570fc47cde6c660bcf";>d673ef5 Update bytecode checks for Groovy 5 Additional commits viewable in https://github.com/groovy/GMavenPlus/compare/4.1.1...4.2.0";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump testcontainers.version from 1.20.6 to 1.21.0 [maven-mvnd]
dependabot[bot] opened a new pull request, #1322:
URL: https://github.com/apache/maven-mvnd/pull/1322
Bumps `testcontainers.version` from 1.20.6 to 1.21.0.
Updates `org.testcontainers:testcontainers` from 1.20.6 to 1.21.0
Release notes
Sourced from https://github.com/testcontainers/testcontainers-java/releases";>org.testcontainers:testcontainers's
releases.
1.21.0
What's Changed
Fix typo in LGTM container method (https://redirect.github.com/testcontainers/testcontainers-java/issues/10189";>#10189)
https://github.com/jaydeluca";>@jaydeluca
Pass start command required in Solr 10 (https://redirect.github.com/testcontainers/testcontainers-java/issues/10174";>#10174)
https://github.com/epugh";>@epugh
[solr] Replace "create_core" with "create" command
(https://redirect.github.com/testcontainers/testcontainers-java/issues/10172";>#10172)
https://github.com/epugh";>@epugh
Update docs version to ${GITHUB_REF##*/} (https://redirect.github.com/testcontainers/testcontainers-java/issues/10063";>#10063)
https://github.com/github-actions";>@github-actions
Update testcontainers version to ${GITHUB_REF##*/} (https://redirect.github.com/testcontainers/testcontainers-java/issues/10062";>#10062)
https://github.com/github-actions";>@github-actions
⚠️ Breaking API changes
Remove spock-core from spock module (https://redirect.github.com/testcontainers/testcontainers-java/issues/10069";>#10069)
https://github.com/eddumelendez";>@eddumelendez
Uses clickhouse/clickhouse-server as Docker Image in
ClickHouseProvider (https://redirect.github.com/testcontainers/testcontainers-java/issues/8738";>#8738)
https://github.com/linghengqian";>@linghengqian
🚀 Features & Enhancements
Expose Tempo in LgtmContainer (https://redirect.github.com/testcontainers/testcontainers-java/issues/10192";>#10192)
https://github.com/jaydeluca";>@jaydeluca
Allow spock tests to be skipped when Docker is unavailable (https://redirect.github.com/testcontainers/testcontainers-java/issues/10180";>#10180)
https://github.com/eddumelendez";>@eddumelendez
Support new chromadb api version (https://redirect.github.com/testcontainers/testcontainers-java/issues/10170";>#10170)
https://github.com/dev-jonghoonpark";>@dev-jonghoonpark
Add default database name to MongoDB Atlas (https://redirect.github.com/testcontainers/testcontainers-java/issues/10034";>#10034)
https://github.com/blancqua";>@blancqua
[servicebus] Skip waiting for sql to be ready (https://redirect.github.com/testcontainers/testcontainers-java/issues/10092";>#10092)
https://github.com/eddumelendez";>@eddumelendez
Support additional flags in FirestoreEmulatorContainer (https://redirect.github.com/testcontainers/testcontainers-java/issues/10067";>#10067)
https://github.com/eddumelendez";>@eddumelendez
☠️ Deprecations
Deprecate getUserPass and add getPassword (https://redirect.github.com/testcontainers/testcontainers-java/issues/10064";>#10064)
https://github.com/eddumelendez";>@eddumelendez
🐛 Bug Fixes
Fix connection leak in JdbcDatabaseDelegate (https://redirect.github.com/testcontainers/testcontainers-java/issues/9662";>#9662)
https://github.com/froque";>@froque
Allow configuring the AlwaysPullPolicy (https://redirect.github.com/testcontainers/testcontainers-java/issues/10188";>#10188)
https://github.com/sebastian-steiner";>@sebastian-steiner
📖 Documentation
Add DockerModelRunnerContainer to core (https://redirect.github.com/testcontainers/testcontainers-java/issues/10183";>#10183)
https://github.com/kiview";>@kiview
Allow configuring the AlwaysPullPolicy (https://redirect.github.com/testcontainers/testcontainers-java/issues/10188";>#10188)
https://github.com/sebastian-steiner";>@sebastian-steiner
Fix Apache Solr link (https://redirect.github.com/testcontainers/testcontainers-java/issues/10171";>#10171)
https://github.com/epugh";>@epugh
Remove incubator note from Solr docs (https://redirect.github.com/testcontainers/testcontainers-java/issues/10173";>#10173)
https://github.com/epugh";>@epugh
Remove linked-container (https://redirect.github.com/testcontainers/testcontainers-java/issues/10065";>#10065)
https://github.com/eddumelendez";>@eddumelendez
🧹 Housekeeping
Add SFTP host key check example (https://redirect.github.com/testcontainers/testcontainers-java/issues/10127";>#10127)
https://github.com/julianladisch";>@julianladisch
Remove linked-container (https://redirect.github.com/testcontainers/testcontainers-java/issues/10065";>#10065)
https://github.com/eddumelendez";>@eddumelendez
📦 Dependency updates
Update Gradle Wrapper from undefined to 8.13 (https://redirect.github.com/testcontainers/testcontainers-java/issues/10033";>#10033)
https://github.com/github-actions";>@github-actions
Update docker-java version to 3.4.2 (https://redirect.github.com/testcontainers/testcontainers-ja
Re: [PR] Fix: Use correct `outputStream` destination; `request` instead of `path` in `DefaultPluginXmlFactory#write` [maven]
Pankraz76 commented on PR #2312: URL: https://github.com/apache/maven/pull/2312#issuecomment-2872498097 > The point of this PR is to fix the call with the output stream. Please rename it accordingly. yes, updated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on PR #2322: URL: https://github.com/apache/maven/pull/2322#issuecomment-2872525438 > 2\. You're not changing existing public API. yes, > * I don't want to introduce additional plugins into the build. > * spot is limited to format only, while rewrite kicks in where others sign off. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [POC] `rewrite-maven-plugin`: Introduce OpenRewrite by Moderne (RemoveUnusedPrivateMethods) [maven]
Pankraz76 commented on PR #2322: URL: https://github.com/apache/maven/pull/2322#issuecomment-2872538698 > * I don't want to introduce additional plugins into the build. > * no body want but only computer can fix our code. As we out of nature not being consistent. comparing clean code vs runtime its an easy tradeoff as motivation is just the same like `spot` and `check`. OpenRewrite is ATM king and `the one to rule them all`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [RSPEC-S1068] Remove `unused` private fields [maven]
Pankraz76 commented on code in PR #2317:
URL: https://github.com/apache/maven/pull/2317#discussion_r2084660845
##
its/core-it-suite/src/test/resources/mng-3694/maven-mng3694-plugin/src/main/java/plugin/MyMojo.java:
##
@@ -47,24 +47,12 @@
*/
public class MyMojo extends AbstractMojo {
-/**
Review Comment:
yes im sorry.
order 100% test coverage or deletion.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] [RSPEC-S1068] Remove `unused` private fields [maven]
Pankraz76 commented on code in PR #2317:
URL: https://github.com/apache/maven/pull/2317#discussion_r2084662901
##
its/core-it-suite/src/test/resources/mng-3694/maven-mng3694-plugin/src/main/java/plugin/MyMojo.java:
##
@@ -47,24 +47,12 @@
*/
public class MyMojo extends AbstractMojo {
-/**
- * Not used, just an offset to place reactorProjects in the middle.
- * @parameter default-value="${project.build.directory}"
- */
-private String outputDirectory;
-
/**
* @parameter expression="${reactorProjects}"
* @required
*/
private List reactorProjects;
-/**
- * Not used, just an offset to place reactorProjects in the middle.
- * @parameter default-value="${project.build.directory}"
- */
-private String outputDirectory2;
Review Comment:
this seems just `c&p` leftover.
##
its/core-it-suite/src/test/resources/mng-3694/maven-mng3694-plugin/src/main/java/plugin/MyMojo.java:
##
@@ -47,24 +47,12 @@
*/
public class MyMojo extends AbstractMojo {
-/**
- * Not used, just an offset to place reactorProjects in the middle.
- * @parameter default-value="${project.build.directory}"
- */
-private String outputDirectory;
-
/**
* @parameter expression="${reactorProjects}"
* @required
*/
private List reactorProjects;
-/**
- * Not used, just an offset to place reactorProjects in the middle.
- * @parameter default-value="${project.build.directory}"
- */
-private String outputDirectory2;
Review Comment:
seems `c&p` leftover.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] [RSPEC-S1068] Remove `unused` private fields [maven]
Pankraz76 commented on code in PR #2317:
URL: https://github.com/apache/maven/pull/2317#discussion_r2084670550
##
its/core-it-suite/src/test/resources/mng-3694/maven-mng3694-plugin/src/main/java/plugin/MyMojo.java:
##
@@ -47,24 +47,12 @@
*/
public class MyMojo extends AbstractMojo {
-/**
Review Comment:
yes its unused. Details does not help me. Im unaware.
From technical POV its seems obsolet.
If CI happy ship or test / use as its only `test` stage.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] [RSPEC-S1068] Remove `unused` private fields [maven]
Pankraz76 commented on code in PR #2317:
URL: https://github.com/apache/maven/pull/2317#discussion_r2084672990
##
its/core-it-suite/src/test/java/org/apache/maven/it/MavenITmng6401ProxyPortInterpolationTest.java:
##
@@ -28,10 +28,6 @@
class MavenITmng6401ProxyPortInterpolationTest extends
AbstractMavenIntegrationTestCase {
-private Proxy proxy;
Review Comment:
yes then its nice to have good TC to challenge or suppress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] Fix for Java 24 w/ upcoming new Eclipse Sisu [maven]
slawekjaranowski commented on PR #2311: URL: https://github.com/apache/maven/pull/2311#issuecomment-2872681931 maybe it is time for: - https://github.com/apache/maven-parent/issues/254 or even though - https://github.com/apache/maven-parent/issues/238 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Fix for Java 24 w/ upcoming new Eclipse Sisu [maven]
cstamas commented on code in PR #2311:
URL: https://github.com/apache/maven/pull/2311#discussion_r2084759497
##
impl/maven-executor/src/main/java/org/apache/maven/cling/executor/internal/ToolboxTool.java:
##
@@ -122,27 +122,29 @@ private ExecutorRequest.Builder
mojo(ExecutorRequest.Builder builder, String moj
return builder.argument(TOOLBOX +
mojo).argument("--quiet").argument("-DforceStdout");
}
-private void doExecute(ExecutorRequest.Builder builder) {
+private ExecutorRequest doExecute(ExecutorRequest.Builder builder) {
ExecutorRequest request = builder.build();
int ec = helper.execute(request);
if (ec != 0) {
throw new ExecutorException("Unexpected exit code=" + ec + ";
stdout="
+ request.stdOut().orElse(null) + "; stderr="
+ request.stdErr().orElse(null));
}
+return request;
}
/**
* Performs "sanity check" for output, making sure no insane values like
empty strings are returned.
*/
-private String validateOutput(boolean shave, ByteArrayOutputStream stdout,
ByteArrayOutputStream stderr) {
+private String validateOutput(
+ExecutorRequest request, boolean shave, ByteArrayOutputStream
stdout, ByteArrayOutputStream stderr) {
Review Comment:
Nowhere, you are right. The original problem was that on "unexpected stderr
output" this method was throwing, but on Java 24 that "unexpected output" is
present. Change can be simplified by dropping this method.
(originally I wanted to send content to caller, just realize that this class
is setting the streams, not caller, caller is really interested in success
(exit code = 0) and stdout).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] Fix for Java 24 w/ upcoming new Eclipse Sisu [maven]
cstamas commented on PR #2311: URL: https://github.com/apache/maven/pull/2311#issuecomment-2872664518 The IT failures: ``` [ERROR] Errors: [ERROR] MavenITmng7045DropUselessAndOutdatedCdiApiTest.testShouldNotLeakCdiApi:41 » Verification Exit code was non-zero: 1; command line and log = [ERROR] MavenITmng7160ExtensionClassloader.testVerify:44 » Verification Text not found in log: xpp3 -> mvn [ERROR] MavenITmng7587Jsr330.test:57 » Verification Exit code was non-zero: 1; command line and log = ``` 7045 craps out due old Groovy on Java 24, the latter two due lack of sisu index, but the build does not calls index plugin explicitly... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Fix for Java 24 w/ upcoming new Eclipse Sisu [maven]
slawekjaranowski commented on code in PR #2311:
URL: https://github.com/apache/maven/pull/2311#discussion_r2084753265
##
impl/maven-executor/src/main/java/org/apache/maven/cling/executor/internal/ToolboxTool.java:
##
@@ -122,27 +122,29 @@ private ExecutorRequest.Builder
mojo(ExecutorRequest.Builder builder, String moj
return builder.argument(TOOLBOX +
mojo).argument("--quiet").argument("-DforceStdout");
}
-private void doExecute(ExecutorRequest.Builder builder) {
+private ExecutorRequest doExecute(ExecutorRequest.Builder builder) {
ExecutorRequest request = builder.build();
int ec = helper.execute(request);
if (ec != 0) {
throw new ExecutorException("Unexpected exit code=" + ec + ";
stdout="
+ request.stdOut().orElse(null) + "; stderr="
+ request.stdErr().orElse(null));
}
+return request;
}
/**
* Performs "sanity check" for output, making sure no insane values like
empty strings are returned.
*/
-private String validateOutput(boolean shave, ByteArrayOutputStream stdout,
ByteArrayOutputStream stderr) {
+private String validateOutput(
+ExecutorRequest request, boolean shave, ByteArrayOutputStream
stdout, ByteArrayOutputStream stderr) {
Review Comment:
Where a `request` parameter is used in this method?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] Fix for Java 24 w/ upcoming new Eclipse Sisu [maven]
cstamas commented on code in PR #2311:
URL: https://github.com/apache/maven/pull/2311#discussion_r2084767433
##
impl/maven-executor/src/main/java/org/apache/maven/cling/executor/internal/ToolboxTool.java:
##
@@ -122,27 +122,29 @@ private ExecutorRequest.Builder
mojo(ExecutorRequest.Builder builder, String moj
return builder.argument(TOOLBOX +
mojo).argument("--quiet").argument("-DforceStdout");
}
-private void doExecute(ExecutorRequest.Builder builder) {
+private ExecutorRequest doExecute(ExecutorRequest.Builder builder) {
ExecutorRequest request = builder.build();
int ec = helper.execute(request);
if (ec != 0) {
throw new ExecutorException("Unexpected exit code=" + ec + ";
stdout="
+ request.stdOut().orElse(null) + "; stderr="
+ request.stdErr().orElse(null));
}
+return request;
}
/**
* Performs "sanity check" for output, making sure no insane values like
empty strings are returned.
*/
-private String validateOutput(boolean shave, ByteArrayOutputStream stdout,
ByteArrayOutputStream stderr) {
+private String validateOutput(
+ExecutorRequest request, boolean shave, ByteArrayOutputStream
stdout, ByteArrayOutputStream stderr) {
Review Comment:
Removed all the changes in this class except the needed one.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] Fix for Java 24 w/ upcoming new Eclipse Sisu [maven]
cstamas commented on PR #2311: URL: https://github.com/apache/maven/pull/2311#issuecomment-2872919108 ITs seems fixed, full-build still plagued by PMD issue -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MNG-8725) Option for "-T" argument: Use max cores minus 1
Matthias Bünger created MNG-8725:
Summary: Option for "-T" argument: Use max cores minus 1
Key: MNG-8725
URL: https://issues.apache.org/jira/browse/MNG-8725
Project: Maven
Issue Type: Improvement
Affects Versions: 3.9.9
Reporter: Matthias Bünger
You can enable parallel builds in Maven using the {{-T}} argument and pass the
number of threads or threads per core (see:
https://cwiki.apache.org/confluence/display/MAVEN/Parallel+builds+in+Maven+3 ).
The Maven Daemon uses the maxinum number of cores minus 1 per default for max
effiencey without blocking the system.
Sadly there is no option for the Maven core to behave like this. So each
developer has either to have the same number of cores available (which is often
not the case) or pass his/her individual number of threads on each call.
It would be great to have a built-in argument to use maximum -1 cores like the
Daemon does.
Note: I write cores all the time, because threads in this context are hardware
threads (and no virtual threads possible with Java 21 and I don't want to mix
this even that Maven is not yet on Java 21)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [MNG-8727] Prepare for Java 24 [maven]
cstamas commented on code in PR #2328:
URL: https://github.com/apache/maven/pull/2328#discussion_r2085481175
##
its/core-it-suite/src/test/resources/mng-7045/pom.xml:
##
@@ -43,13 +43,13 @@
javax.enterprise.inject.Instance.class.getDeclaredMethod("stream")]]>
org.apache.groovy
groovy-ant
-4.0.15
+4.0.26
runtime
org.apache.groovy
groovy
-4.0.15
+4.0.26
Review Comment:
this is an IT and this version moves first time since IT was added... I may
be a property, but ... meh
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] [POC] Migrate `JUnit` asserts to `AssertJ` - impl [maven]
elharo commented on PR #2307: URL: https://github.com/apache/maven/pull/2307#issuecomment-2874086355 JUnit has a lot more than assertTrue. There's assertEquals, assertNull, assertSame, etc. I'm OK with things JUnit doesn't have like assertContains, but I don't want to replace things JUnit already has. Guava's MoreAsserts makes a lot more sense than AssertJ. It fills the potholes, not replaces the road. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MNG-8727] Prepare for Java 24 [maven]
michael-o commented on code in PR #2328:
URL: https://github.com/apache/maven/pull/2328#discussion_r2085452335
##
its/core-it-suite/src/test/resources/mng-7045/pom.xml:
##
@@ -43,13 +43,13 @@
javax.enterprise.inject.Instance.class.getDeclaredMethod("stream")]]>
org.apache.groovy
groovy-ant
-4.0.15
+4.0.26
runtime
org.apache.groovy
groovy
-4.0.15
+4.0.26
Review Comment:
Shouldn't this be a property?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] [MNG-8727] Prepare for Java 24 [maven]
cstamas commented on code in PR #2328:
URL: https://github.com/apache/maven/pull/2328#discussion_r2085492979
##
its/core-it-suite/src/test/resources/mng-7045/pom.xml:
##
@@ -43,13 +43,13 @@
javax.enterprise.inject.Instance.class.getDeclaredMethod("stream")]]>
org.apache.groovy
groovy-ant
-4.0.15
+4.0.26
runtime
org.apache.groovy
groovy
-4.0.15
+4.0.26
Review Comment:
Groovy 4.0.26 contains ASM 9.7.1, and no newer release so far. I guess there
will be once Java 26 is out? So this version will change once we move CI to
Java 26+
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
