[GitHub] [maven-artifact-transfer] dependabot[bot] commented on pull request #39: Bump slf4j-api from 1.7.5 to 1.7.31

2021-06-18 Thread GitBox 


dependabot[bot] commented on pull request #39:
URL: 
https://github.com/apache/maven-artifact-transfer/pull/39#issuecomment-864279594


   OK, I won't notify you again about this release, but will get in touch when 
a new version is available. If you'd rather skip all updates until the next 
major or minor version, let me know by commenting `@dependabot ignore this 
major version` or `@dependabot ignore this minor version`. You can also ignore 
all major, minor, or patch releases for a dependency by adding an [`ignore` 
condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore)
 with the desired `update_types` to your config file.
   
   If you change your mind, just re-open this PR and I'll resolve any conflicts 
on it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

[GitHub] [maven-artifact-transfer] slachiewicz closed pull request #39: Bump slf4j-api from 1.7.5 to 1.7.31

2021-06-18 Thread GitBox 


slachiewicz closed pull request #39:
URL: https://github.com/apache/maven-artifact-transfer/pull/39


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

[GitHub] [maven-artifact-transfer] dependabot[bot] opened a new pull request #39: Bump slf4j-api from 1.7.5 to 1.7.31

2021-06-18 Thread GitBox 


dependabot[bot] opened a new pull request #39:
URL: https://github.com/apache/maven-artifact-transfer/pull/39


   Bumps [slf4j-api](https://github.com/qos-ch/slf4j) from 1.7.5 to 1.7.31.
   
   Commits
   
   See full diff in https://github.com/qos-ch/slf4j/commits";>compare view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.slf4j:slf4j-api&package-manager=maven&previous-version=1.7.5&new-version=1.7.31)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Re: Supporting building with incompatible JDK versions on a single project

2021-06-18 Thread Tibor Digaňa 
The example given by Guillaume looks interesting.

  jre-options =
${jre-${java.specification.version}-options:-${jre-default-options}}
  jre-default-options = [default options]
  jre-1.8 = [my JDK 1.8 specific options]

But I would maybe distinguish between:
1. Maven options
2. and plugin options

And to be more specific, the first case (1) may have more alternatives with
[root]/.mvn/jvm.config.
Example:
1. [root]/.mvn/jvm9.config
2. [root]/.mvn/jvm11.config
3. [root]/.mvn/jvm16.config

It does not make sense to have "--add-opens" and similar things in the
jvm.config for plugins (2) because the lifecycle and plugins are complex.
We should not end up with a kind of config structure in the jvm.config. Due
to this we have POM structure.

Perhaps the POM should have new non/transitive entry points dedicated for
the phases of the build life cycle rather than parameters (entry points) in
the plugins.
I believe the users would be lucky if e.g. JUnit5 BOM (one for compile,
runtime, another for test and test-compile) would have these entry points
(as a recommendation from the OSS groups) and the user would just use it
without writing "--add-reads ... --add-exports ... --add-opens ...
--add-modules ... etc.".


Cheers
Tibor


On Wed, Jun 16, 2021 at 2:27 PM Guillaume Nodet  wrote:

> Le mer. 16 juin 2021 à 14:04, Romain Manni-Bucau  a
> écrit :
>
> > Le mer. 16 juin 2021 à 13:53, Guillaume Nodet  a
> écrit
> > :
> >
> > > Le mer. 16 juin 2021 à 13:39, Romain Manni-Bucau <
> rmannibu...@gmail.com>
> > a
> > > écrit :
> > >
> > > > Le mer. 16 juin 2021 à 12:05, Guillaume Nodet  a
> > > écrit
> > > > :
> > > >
> > > > > A few plugins that fail with the same problem found by googling a
> > bit:
> > > > >  https://youtrack.jetbrains.com/issue/IDEA-266556
> > > > >  https://github.com/projectlombok/lombok/issues/2681
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> https://community.sonarsource.com/t/maven-sonar-scanner-not-working-with-jdk-16/40699
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> https://www.bountysource.com/issues/97382407-enunciate-does-not-run-on-jdk16
> > > > > That's just the first page on google... so I don't think this is me
> > > > running
> > > > > into a corner case.  JDK 16 has only been release 2 months ago, and
> > the
> > > > > rules have changed quite a bit since JDK 15, so that's not an old
> > > > problem,
> > > > > it's a new one.
> > > > >
> > > >
> > > > All these ones are solved with MAVEN_OPTS AFAIK so it is already in -
> > > > understand we can't have the correct jpms options by default since
> > we'll
> > > > never know all plugins.
> > > >
> > > > Maybe I'm the only one, but when I see a project with a pom.xml and I
> > > just
> > > want to build it, the first thing I try is `mvn install -DskipTests`.
> > This
> > > work in most of the case, and I think it should stay that way. That's
> why
> > > I'm looking for a way to configure those options per-project.
> > >
> > > So yes, that's right, MAVEN_OPTS may solve the problem.  But that does
> > not
> > > solve my problem which is:
> > >   * how to set up the environment (maven options or jvm options or
> > > eventually environment variable)
> > >   * with a config per project (not at the maven installation level)
> > >   * with something that can have a bit of logic so that it can depend
> on
> > > which jdk version is used
> > >
> >
> > setenv.sh in multimoduleroot/.mvn ;)
> >
> >
> Actually, thinking about it, this also raises a few problems.  It makes the
> life for tools embedding maven much more complicated.
> I'm wondering if a configuration based solution wouldn't be easier to work
> with (i.e. without having to interpret or spawn a command shell) ?
>
> In felix / karaf, the problem was solved by using property files and
> property substitution.  This could look like:
>   jre-options =
> ${jre-${java.specification.version}-options:-${jre-default-options}}
>   jre-default-options = [default options]
>   jre-1.8 = [my JDK 1.8 specific options]
>
> This kind of configuration allows you to lay out a bit of logic in the
> configuration.
> This is just an example of course, but it would be more inlined with the
> [root]/.mvn/jvm.config and like.
>
> Guillaume
>
>
> > >
> > >
> > >
> > > >
> > > > >
> > > > > I think adding the --illegal-access=permit option on the command is
> > > > > sufficient to solve all those problems, but the problem is still
> the
> > > > same :
> > > > > this option will break if using JDK 1.8.  This has to be configured
> > on
> > > > the
> > > > > project and not globally.
> > > > >
> > > >
> > > > This will likely break soon so I wouldn't consider it as an option.
> > > >
> > >
> > > See above, I'm not looking for maven to fix the problem.  I'm looking
> for
> > > maven to provide a way to fix the problem.  Which implies, the exact
> > option
> > > to configure is up to the user, so the fact that is already deprecated
> is
> > > irrelevant.
> > >
> > > >
> > > >
> > > > >
> > > > > I'm not sure what