My +1
On Fri, 16 Dec 2022 at 17:31, Hervé Boutemy wrote:
>
> +1
>
> Reproducible Builds ok: reference builds done on *nix
> - maven-script-interpreter with JDK 19
> - maven-invoker-plugin with JDK 11
>
> notice that for releases, I tend to prefer using a LTS JDK
ah yes good catch and sorry for t
Howdy,
just an interesting fact:
if we remain in "java realm", kinda are afraid of "arbitrary Java code
execution",
I'd convert the plugin to Takari Incremental plugin
https://github.com/takari/io.takari.incrementalbuild
Its runtime "cages" the Mojos and allows them to read from and write to
only
On Fri, Dec 16, 2022 at 5:02 PM Aldrin Leal wrote:
>
> Hello,
>
> Just a question I'd like to confirm with you guys: How "safe" is to run
> `dependency:tree` on a given arbitrary pom?
>
All that should do is load various XML files from possibly remote
servers and parse them, so it's about as safe
You can write a simple app, using resolver. There are demo that perform
fully functional things, for example
https://github.com/apache/maven-resolver/blob/master/maven-resolver-demos/maven-resolver-demo-snippets/src/main/java/org/apache/maven/resolver/examples/GetDependencyTree.java
Hth
T
On Fri
Thanks Michael, indeed this can be better worded What about?
How to programatically list a poms dependencies (incl transitive) without
the risk of running untrusted/unauthorized code?
--
-- Aldrin Leal, / https://aldrinleal.link
On Fri, Dec 16, 2022 at 3:55 PM Michael Osipov wrote:
> Am 2022
Am 2022-12-16 um 18:02 schrieb Aldrin Leal:
Hello,
Just a question I'd like to confirm with you guys: How "safe" is to run
`dependency:tree` on a given arbitrary pom?
I mean, whats the likelihood of that pom.xml triggering some "unsafe" code?
And how would you do this in (listing all the requi
Hello,
Just a question I'd like to confirm with you guys: How "safe" is to run
`dependency:tree` on a given arbitrary pom?
I mean, whats the likelihood of that pom.xml triggering some "unsafe" code?
And how would you do this in (listing all the required runtime jar files
for a given project) the
+1
Le ven. 16 déc. 2022 à 14:48, Guillaume Nodet a écrit :
> Le ven. 16 déc. 2022 à 14:30, Lasse Lindqvist >
> a écrit :
>
> > The link
> >
> >
> https://github.com/apache/maven-mvnd/releases/tag/untagged-2285434bf6532985094a
> > returns 404.
> >
>
> Fixed
>
>
> > Is the plan that 1.x version
Le ven. 16 déc. 2022 à 14:30, Lasse Lindqvist
a écrit :
> The link
>
> https://github.com/apache/maven-mvnd/releases/tag/untagged-2285434bf6532985094a
> returns 404.
>
Fixed
> Is the plan that 1.x versions only run Maven 4?
>
Yes. We may release a 0.9.x based on Maven 3.9.x but there's no de
The link
https://github.com/apache/maven-mvnd/releases/tag/untagged-2285434bf6532985094a
returns 404.
Is the plan that 1.x versions only run Maven 4?
pe 16. jouluk. 2022 klo 15.07 Guillaume Nodet (gno...@apache.org) kirjoitti:
> I've staged a candidate release at
> https://dist.apache.org/repos
I've staged a candidate release at
https://dist.apache.org/repos/dist/dev/maven/mvnd/1.0.0-m1/
Note that this release is based on the latest Maven 4.0.0-alpha-3.
The release notes are available at
https://github.com/apache/maven-mvnd/releases/tag/untagged-2285434bf6532985094a
Please review and
michael-o commented on code in PR #18:
URL:
https://github.com/apache/maven-shared-incremental/pull/18#discussion_r1050467545
##
src/main/java/org/apache/maven/shared/incremental/IncrementalBuildHelper.java:
##
@@ -48,6 +52,13 @@
public static final String CREATED_FILES_LS
12 matches
Mail list logo
