Can this noise be made quiet in the future please (mvn clean verify -U):
...
[INFO] --- bsh:1.4:run (process-sbom) @ log4j-api-java9 ---
[INFO] Executing Script
[INFO] file class java.lang.Object
[INFO] script class java.lang.String
[INFO] evaluating script import java.io.*;
import java.nio.file.*;
import java.util.*;
import javax.xml.transform.*;
import javax.xml.transform.stream.*;
import org.apache.commons.codec.digest.*;
// Compute parameters
final String xslt = project.getProperties().getProperty("sbom.xslt");
final File pomFile = project.getModel().getPomFile();
final byte[] digest = new
DigestUtils(MessageDigestAlgorithms.SHA_256).digest(pomFile);
final UUID bomSerialNumber = UUID.nameUUIDFromBytes(digest);
final String vdrUrl =
Objects.requireNonNull(project.getProperties().getProperty("vdr.url"),
"vdr.url");
// Move original SBOM file
final Path basedir = project.getBasedir().toPath();
final Path destPath = basedir.resolve("target/bom.xml");
final Path sourcePath = basedir.resolve("target/bom.orig.xml");
if (!Files.isReadable(destPath)) {
System.out.println("No CycloneDX SBOM file found, skipping
transformation.");
return;
}
Files.move(destPath, sourcePath, new CopyOption[]
{StandardCopyOption.REPLACE_EXISTING});
// Apply XSLT transformation
final StreamSource xsltSource = new StreamSource(new StringReader(xslt));
final TransformerFactory factory = TransformerFactory.newInstance();
final Transformer transformer = factory.newTransformer(xsltSource);
transformer.setParameter("sbom.serialNumber", bomSerialNumber.toString());
transformer.setParameter("vdr.url", vdrUrl);
final StreamSource source = new
StreamSource(sourcePath.toUri().toASCIIString());
final StreamResult result = new
StreamResult(destPath.toUri().toASCIIString());
transformer.transform(source, result);
No CycloneDX SBOM file found, skipping transformation.
[INFO]
[INFO] >>> spotbugs:4.8.2.0:check (default-spotbugs) > :spotbugs @
log4j-api-java9 >>>
....
Gary
On Fri, Dec 22, 2023 at 1:01 PM Piotr P. Karwasz
<piotr.karw...@gmail.com> wrote:
>
> This is a vote to release the Apache Log4j 2.22.1.
>
> Website: https://logging.staged.apache.org/log4j/2.x/
> GitHub: https://github.com/apache/logging-log4j2
> Commit: 8469975a4f2b1f8f1bd4f25ca6d1989a52aefc1b
> Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j
> Nexus:
> https://repository.apache.org/content/repositories/orgapachelogging-1254
> Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0
>
> Please download, test, and cast your votes on this mailing list.
>
> [ ] +1, release the artifacts
> [ ] -1, don't release, because...
>
> This vote is open for 72 hours and will pass unless getting a
> net negative vote count. All votes are welcome and we encourage
> everyone to test the release, but only the Logging Services PMC
> votes are officially counted.
>
> == Review Kit
>
> The minimum set of steps needed to review the uploaded distribution
> files in the Subversion repository can be summarized as follows:
>
> # Check out the distribution
> wget --recursive --no-parent --no-host-directories --cut-dirs=5
> https://dist.apache.org/repos/dist/dev/logging/log4j
>
> # Verify checksums
> sha512sum --check *.sha512
>
> # Verify signatures
> wget -O - https://downloads.apache.org/logging/KEYS | gpg --import
> for sigFile in *.asc; do gpg --verify $sigFile; done
>
> # Verify reproduciblity
> umask 0022
> unzip *-src.zip -d src
> cd src
> export
> NEXUS_REPO=https://repository.apache.org/content/repositories/orgapachelogging-1254
> sh mvnw -Prelease verify artifact:compare -Dreference.repo=$NEXUS_REPO
>
> == Release Notes
>
> This release contains only dependency upgrades and bug fixes, which do
> not change the behavior of the artifacts.
>
> While maintaining compatibility with Java 8, the artifacts in this
> release where generated using JDK 17, unlike version `2.22.0` that
> used JDK 11.
>
>
> [#release-notes-2-22-1-fixed]
> === Fixed
>
> * Mark `JdkMapAdapterStringMap` as frozen if map is immutable. (#2098)
> * Fix NPE in `CloseableThreadContext`. (#1426)
> * Use the module name of Conversant Media Disruptor from version
> `1.2.16+` of the library.
> * Fix NPE in `RollingFileManager`. (#1645)
> * Fix `log4j-to-slf4j` JPMS and OSGi descriptors. (#1983)
> * Workaround a Coursier/Ivy dependency resolution bug affecting
> `log4j-slf4j-impl` and `log4j-mongodb3`. (#2065)
>
> [#release-notes-2-22-1-updated]
> === Updated
>
> * Bumped the minimum Java version required for the build to Java 17.
> Runtime requirements remain unchanged. (#2021)
> * Update `com.github.luben:zstd-jni` to version `1.5.5-11` (#2030)
> * Update `com.google.guava:guava` to version `33.0.0-jre` (#2110)
> * Update `commons-codec:commons-codec` to version `1.16.0` (#2042)
> * Update `commons-io:commons-io` to version `2.15.1` (#2034)
> * Update `commons-logging:commons-logging` to version `1.3.0` (#2050)
> * Update `io.netty:netty-bom` to version `4.1.104.Final` (#2095)
> * Update `org.apache.commons:commons-compress` to version `1.25.0` (#2045)
> * Update `org.apache.commons:commons-dbcp2` to version `2.11.0` (#2048)
> * Update `org.apache.commons:commons-lang3` to version `3.14.0` (#2047)
> * Update `org.apache.commons:commons-pool2` to version `2.12.0` (#2057)
> * Update `org.apache.kafka:kafka-clients` to version `3.6.1` (#2068)
> * Update `org.apache.logging:logging-parent` to version `10.5.0` (#2119)
> * Update `org.jctools:jctools-core` to version `4.0.2` (#1984)
> * Update `org.springframework.boot:spring-boot` to version `2.7.18` (#1998)
> * Update `org.springframework.cloud:spring-cloud-dependencies` to
> version `2021.0.9` (#2109)
