Re: change.xml

2022-06-27 Thread Ralph Goers
I don’t always check the changes.xml and during the frenzy of the CVE releases I probably didn’t look at all. But I don’t think it is wise to go back and change it. For one, we won’t be updating the sites of those past releases so modifying them would make the history in the new release not

Re: change.xml

2022-06-27 Thread Piotr P. Karwasz
Hi Ralph, On Tue, 28 Jun 2022 at 01:40, Ralph Goers wrote: > In preparation for the release I am going through changes.xml and am finding > some issues. > 1. The dev attribute should always include the uid of the committer who > performed the commit. > 2. The due-to attribute should be used to

change.xml

2022-06-27 Thread Ralph Goers
In preparation for the release I am going through changes.xml and am finding some issues. 1. The dev attribute should always include the uid of the committer who performed the commit. 2. The due-to attribute should be used to acknowledge the individual who either submitted a PR or provided

Re: Dependabot breaks things again.

2022-06-27 Thread Ralph Goers
Yup. Probably for the same reasons. It seems something is generating bad FOP XML for stuff we don’t even include in the pdf we generate. From what I can tell it fails building a list of dependencies. Ralph > On Jun 27, 2022, at 12:46 PM, Piotr P. Karwasz > wrote: > > Hi Ralph, > > On Mon, 2

Re: Log4j 2.18.0

2022-06-27 Thread Piotr P. Karwasz
Hi Ralph, On Mon, 27 Jun 2022 at 17:36, Ralph Goers wrote: > I have no problem upgrading the JEE stuff like all the other dependencies > except when it switches from javax to Jakarta. Of course, I upgraded to the last version using the `javax.*` namespace. Piotr

Re: Dependabot breaks things again.

2022-06-27 Thread Piotr P. Karwasz
Hi Ralph, On Mon, 27 Jun 2022 at 20:27, Ralph Goers wrote: > I ran mvn site and now the pdf plugin is failing. It seems no-one validated > that the build worked after the plugin was updated. That seems to be an old commit. Since then Volkan added a "Maven site" build job, that is run on each de

Re: Dependabot breaks things again.

2022-06-27 Thread Ralph Goers
I reverted the plugin back to 1.2 and the site build works again. Ralph > On Jun 27, 2022, at 11:31 AM, Matt Sicker wrote: > > It’s why I don’t merge dependency updates for reporter plugins unless I can > verify it still works. Some of these reporter plugins are tricky to configure > properly

Re: Dependabot breaks things again.

2022-06-27 Thread Matt Sicker
It’s why I don’t merge dependency updates for reporter plugins unless I can verify it still works. Some of these reporter plugins are tricky to configure properly. — Matt Sicker > On Jun 27, 2022, at 13:27, Ralph Goers wrote: > > I ran mvn site and now the pdf plugin is failing. It seems no-

Dependabot breaks things again.

2022-06-27 Thread Ralph Goers
I ran mvn site and now the pdf plugin is failing. It seems no-one validated that the build worked after the plugin was updated. Ralph

Re: Log4j 2.18.0

2022-06-27 Thread Ralph Goers
I have no problem upgrading the JEE stuff like all the other dependencies except when it switches from javax to Jakarta. Ralph > On Jun 26, 2022, at 11:30 PM, Piotr P. Karwasz > wrote: > > Hi Ralph, > > On Mon, 27 Jun 2022 at 07:52, Ralph Goers wrote: >> Note that I don’t usually create a r