>
>
> would makes sense with changing groupId/artifactId and packages
>
> but cons: release this if needed will take ages because of ASF procedures
>
>
So, understood re ID/package
But forgot about the ASF process... but it would be weird if I want to
"de-plexus" plexus-sec-dispatcher in codehaus-
I have been hunting down old security "vulnerable" versions of struts that
have been showing up in my .m2 directory, which is raising flags from my
Security people. The dependency seems to be coming from an old
doxia-site-renderer. It has been updated to not have a dependency on
struts at all wit
lokesh090297 commented on pull request #235:
URL: https://github.com/apache/maven-site/pull/235#issuecomment-832404544
@elharo can you merge this PR?
OR please tag someone who can merge it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please
@Guillaume Great, thanks for updating them! I'm processing them as we
speak.
Martin
Op di 4 mei 2021 om 15:13 schreef Michael Osipov :
> Am 2021-05-03 um 20:35 schrieb Guillaume Nodet:
> > Now that maven-shared-utils has been released, I've rebased my PRs:
> >https://github.com/apache/maven/
Hi,
we solved 4 issues:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12320628&version=12350071
There are still a couple of issues left in JIRA:
https://issues.apache.org/jira/issues/?jql=project%20%3D%20MRESOLVER%20AND%20resolution%20%3D%20Unresolved%20AND%20component%20%3D%2
Am 2021-05-04 um 09:26 schrieb Tamás Cservenák:
Howdy,
plexus-sec-dispatcher is a really widely used dependency, is used in maven
itself, but also in many shared components and plugins (nb: there are even
some org.sonatype.plexus:plexus-sec-dispatcher among shared deps!).
Given this module is r
Am 2021-05-03 um 22:15 schrieb Falko Modler:
Earlier today Michael Osipov added this note to the ticket:
I confirm that this still happens on Maven master with Resolver
1.7.0-SNAPSHOT. This isn't Resolver related because no dependency
resolution happens in the build.
I am still confused why
Am 2021-05-03 um 20:35 schrieb Guillaume Nodet:
Now that maven-shared-utils has been released, I've rebased my PRs:
https://github.com/apache/maven/pulls/gnodet
Darn, I would I could review your quality PRs, still busy with Resolver...
---
On Tue, 4 May 2021 at 17:27, Tamás Cservenák wrote:
> Howdy,
>
> plexus-sec-dispatcher is a really widely used dependency, is used in maven
> itself, but also in many shared components and plugins (nb: there are even
> some org.sonatype.plexus:plexus-sec-dispatcher among shared deps!).
>
> Given
Changing artifact and group ID but leaving package names the same is a
recipe for classpath conflicts and broken builds:
https://jlbp.dev/JLBP-6
https://jlbp.dev/JLBP-19
If you change the artifact ID, change package names too. There's no
such thing as a drop-in replacement with a different ID.
Howdy,
plexus-sec-dispatcher is a really widely used dependency, is used in maven
itself, but also in many shared components and plugins (nb: there are even
some org.sonatype.plexus:plexus-sec-dispatcher among shared deps!).
Given this module is really maven specific, I see no reason to keep it
"
11 matches
Mail list logo
