[jira] [Commented] (MENFORCER-424) Maven enforcer rule which checks that all dependencies in dependencyManagement don't have an explicit scope set
[
https://issues.apache.org/jira/browse/MENFORCER-424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17559010#comment-17559010
]
Konrad Windszus commented on MENFORCER-424:
---
Right, so probably such a rule needs a way to allow certain dependencies to
have their scope managed. But what about the rule in general, would you accept
a PR for adding it to the standard rules?
> Maven enforcer rule which checks that all dependencies in
> dependencyManagement don't have an explicit scope set
> ---
>
> Key: MENFORCER-424
> URL: https://issues.apache.org/jira/browse/MENFORCER-424
> Project: Maven Enforcer Plugin
> Issue Type: New Feature
> Components: Standard Rules
>Reporter: Konrad Windszus
>Priority: Major
>
> Setting the scope in the dependencyManagement is an anti-pattern and may lead
> to surprising results during classpath creation. Compare also with the
> discussion in
> https://github.com/apache/maven-apache-parent/pull/63#discussion_r788361219.
> I propose to add a new rule with name {{banDependencyManagementScope}}.
> Probably scope {{import}} should be accepted though, because it is a special
> case.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[GitHub] [maven-assembly-plugin] dependabot[bot] opened a new pull request, #77: Bump maven-archiver from 3.5.2 to 3.6.0
dependabot[bot] opened a new pull request, #77: URL: https://github.com/apache/maven-assembly-plugin/pull/77 Bumps [maven-archiver](https://github.com/apache/maven-archiver) from 3.5.2 to 3.6.0. Commits https://github.com/apache/maven-archiver/commit/66780f233e9ab3fdee660103222ce0947cf0b379";>66780f2 [maven-release-plugin] prepare release maven-archiver-3.6.0 https://github.com/apache/maven-archiver/commit/2ceaefdc7050b12949e8a200c33c4bbc7fa1b213";>2ceaefd [MSHARED-1088] Update Plexus IO 3.4.0 and Plexus Archiver 4.4.0 (https://github-redirect.dependabot.com/apache/maven-archiver/issues/25";>#25) https://github.com/apache/maven-archiver/commit/03153b544edebeed2d11d8b7a135337394d97205";>03153b5 [MSHARED-1067] Improve Reproducible Builds methods https://github.com/apache/maven-archiver/commit/cd79d3959afce50e90b3bcc5cd7d7b88aee98df6";>cd79d39 [MSHARED-1066] Upgrade Plexus Archiver to 4.3.0 https://github.com/apache/maven-archiver/commit/6f74e5e363191337b7984988d861efb0a3c4b304";>6f74e5e [MSHARED-1082] - Update Plexus IO to 3.3.1 https://github.com/apache/maven-archiver/commit/96859f234edcefcecb77c1482d99d7b0b4f5e1ef";>96859f2 [MSHARED-1081] Drop m-shared-utils (https://github-redirect.dependabot.com/apache/maven-archiver/issues/23";>#23) https://github.com/apache/maven-archiver/commit/922e510bdb940689cf666e22771eb4c516cb8c04";>922e510 ignore more... https://github.com/apache/maven-archiver/commit/ea2396bda35a8f7c0c958691bfebf0561f9d464b";>ea2396b [MSHARED-1003] Require Maven 3.2.5+ https://github.com/apache/maven-archiver/commit/c9d80f54ea9b21b2c7818d9f0895a43c6cb3acf4";>c9d80f5 [MSHARED-991] small code cleanup and javadoc:fix https://github.com/apache/maven-archiver/commit/7769e4e00770918a4f0fca5c0be53ea689db8fb3";>7769e4e Bump junit to 5.8.3 Additional commits viewable in https://github.com/apache/maven-archiver/compare/maven-archiver-3.5.2...maven-archiver-3.6.0";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-archetype] dependabot[bot] opened a new pull request, #112: Bump aether-api from 1.7 to 1.13.1
dependabot[bot] opened a new pull request, #112: URL: https://github.com/apache/maven-archetype/pull/112 Bumps [aether-api](https://github.com/sonatype/sonatype-aether) from 1.7 to 1.13.1. Commits https://github.com/sonatype/sonatype-aether/commit/50983e14b99ff694cbb150612352c621b3d7d695";>50983e1 [maven-release-plugin] prepare release aether-1.13.1 https://github.com/sonatype/sonatype-aether/commit/2edd0b8c2ee12cad48b718d3d4d11f991d868f2b";>2edd0b8 [maven-release-plugin] prepare for next development iteration https://github.com/sonatype/sonatype-aether/commit/2277471fc6fade88e66f1c637d90073cd4235831";>2277471 [maven-release-plugin] prepare release aether-1.13.1 https://github.com/sonatype/sonatype-aether/commit/bce194c4e13451ef3806401a338ab3d7ffe798e8";>bce194c o Declared content length for checksums to avoid chunked transfer encoding wh... https://github.com/sonatype/sonatype-aether/commit/7c6ea371877c3fae2cb645bee254df8505e975da";>7c6ea37 o Updated readme to mention Eclipse resources where appropriate https://github.com/sonatype/sonatype-aether/commit/a7aaf6318cd8b47ff2704bcdc9660b8d5b2d1fb6";>a7aaf63 [AETHER-127] Ordering implemented by GenericVersionScheme is not well-defined https://github.com/sonatype/sonatype-aether/commit/c249b3fe643312e6951dcdea586eeac849727626";>c249b3f o Fixed code to obey API contract with regard to null handling https://github.com/sonatype/sonatype-aether/commit/0c2020c338c65ba2bc2dfe8e0f472b7b658f9345";>0c2020c o Extended docs https://github.com/sonatype/sonatype-aether/commit/24f08a84528fea2e2055ab91f6c7fe8a06d0ca83";>24f08a8 o Improved docs https://github.com/sonatype/sonatype-aether/commit/b077ffd62364398a2d7ca4fec94e88cc7cd0bdc7";>b077ffd o Fixed typos Additional commits viewable in https://github.com/sonatype/sonatype-aether/compare/aether-1.7...aether-1.13.1";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-release] dependabot[bot] opened a new pull request, #141: Bump wagonVersion from 3.5.1 to 3.5.2
dependabot[bot] opened a new pull request, #141: URL: https://github.com/apache/maven-release/pull/141 Bumps `wagonVersion` from 3.5.1 to 3.5.2. Updates `wagon-provider-api` from 3.5.1 to 3.5.2 Commits https://github.com/apache/maven-wagon/commit/8331ee26ffb3b5770c4e01ac3ed38d321c9158b1";>8331ee2 [maven-release-plugin] prepare release wagon-3.5.2 https://github.com/apache/maven-wagon/commit/88e8574c69d83e6a658fcd2ad10f3f80926b8840";>88e8574 [WAGON-629] Properly handle authentication scenarios with MKCOL https://github.com/apache/maven-wagon/commit/17529c6232a02ee836107bae11a9b5eb6778afb1";>17529c6 [WAGON-628] Default connect timeout not set when no HttpMethodConfiguration i... https://github.com/apache/maven-wagon/commit/d7f336745a6fec7c3697e47b17f46b9ae996d305";>d7f3367 [WAGON-627] Maven deploy fails with 401 Unauthorized when using £ in password https://github.com/apache/maven-wagon/commit/8e5a4b698b77b5272405a1678ef87e24aba2f4a2";>8e5a4b6 Drop findbugs from site reporting https://github.com/apache/maven-wagon/commit/c1ab05d476413d6d31cf5d98ffdaadee65aa956c";>c1ab05d Use shared GitHub Actions https://github.com/apache/maven-wagon/commit/c4be92b1749341cedb936ce2292136367e0d0869";>c4be92b [maven-release-plugin] prepare for next development iteration See full diff in https://github.com/apache/maven-wagon/compare/wagon-3.5.1...wagon-3.5.2";>compare view Updates `wagon-http` from 3.5.1 to 3.5.2 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-jlink-plugin] dependabot[bot] closed pull request #87: Bump maven-archiver from 3.5.1 to 3.5.2
dependabot[bot] closed pull request #87: Bump maven-archiver from 3.5.1 to 3.5.2 URL: https://github.com/apache/maven-jlink-plugin/pull/87 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-jlink-plugin] dependabot[bot] opened a new pull request, #114: Bump maven-archiver from 3.5.1 to 3.6.0
dependabot[bot] opened a new pull request, #114: URL: https://github.com/apache/maven-jlink-plugin/pull/114 Bumps [maven-archiver](https://github.com/apache/maven-archiver) from 3.5.1 to 3.6.0. Commits https://github.com/apache/maven-archiver/commit/66780f233e9ab3fdee660103222ce0947cf0b379";>66780f2 [maven-release-plugin] prepare release maven-archiver-3.6.0 https://github.com/apache/maven-archiver/commit/2ceaefdc7050b12949e8a200c33c4bbc7fa1b213";>2ceaefd [MSHARED-1088] Update Plexus IO 3.4.0 and Plexus Archiver 4.4.0 (https://github-redirect.dependabot.com/apache/maven-archiver/issues/25";>#25) https://github.com/apache/maven-archiver/commit/03153b544edebeed2d11d8b7a135337394d97205";>03153b5 [MSHARED-1067] Improve Reproducible Builds methods https://github.com/apache/maven-archiver/commit/cd79d3959afce50e90b3bcc5cd7d7b88aee98df6";>cd79d39 [MSHARED-1066] Upgrade Plexus Archiver to 4.3.0 https://github.com/apache/maven-archiver/commit/6f74e5e363191337b7984988d861efb0a3c4b304";>6f74e5e [MSHARED-1082] - Update Plexus IO to 3.3.1 https://github.com/apache/maven-archiver/commit/96859f234edcefcecb77c1482d99d7b0b4f5e1ef";>96859f2 [MSHARED-1081] Drop m-shared-utils (https://github-redirect.dependabot.com/apache/maven-archiver/issues/23";>#23) https://github.com/apache/maven-archiver/commit/922e510bdb940689cf666e22771eb4c516cb8c04";>922e510 ignore more... https://github.com/apache/maven-archiver/commit/ea2396bda35a8f7c0c958691bfebf0561f9d464b";>ea2396b [MSHARED-1003] Require Maven 3.2.5+ https://github.com/apache/maven-archiver/commit/c9d80f54ea9b21b2c7818d9f0895a43c6cb3acf4";>c9d80f5 [MSHARED-991] small code cleanup and javadoc:fix https://github.com/apache/maven-archiver/commit/7769e4e00770918a4f0fca5c0be53ea689db8fb3";>7769e4e Bump junit to 5.8.3 Additional commits viewable in https://github.com/apache/maven-archiver/compare/maven-archiver-3.5.1...maven-archiver-3.6.0";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-jlink-plugin] dependabot[bot] commented on pull request #87: Bump maven-archiver from 3.5.1 to 3.5.2
dependabot[bot] commented on PR #87: URL: https://github.com/apache/maven-jlink-plugin/pull/87#issuecomment-1166813874 Superseded by #114. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-indexer] dependabot[bot] opened a new pull request, #224: Bump wagon.version from 3.5.1 to 3.5.2
dependabot[bot] opened a new pull request, #224: URL: https://github.com/apache/maven-indexer/pull/224 Bumps `wagon.version` from 3.5.1 to 3.5.2. Updates `wagon-provider-api` from 3.5.1 to 3.5.2 Commits https://github.com/apache/maven-wagon/commit/8331ee26ffb3b5770c4e01ac3ed38d321c9158b1";>8331ee2 [maven-release-plugin] prepare release wagon-3.5.2 https://github.com/apache/maven-wagon/commit/88e8574c69d83e6a658fcd2ad10f3f80926b8840";>88e8574 [WAGON-629] Properly handle authentication scenarios with MKCOL https://github.com/apache/maven-wagon/commit/17529c6232a02ee836107bae11a9b5eb6778afb1";>17529c6 [WAGON-628] Default connect timeout not set when no HttpMethodConfiguration i... https://github.com/apache/maven-wagon/commit/d7f336745a6fec7c3697e47b17f46b9ae996d305";>d7f3367 [WAGON-627] Maven deploy fails with 401 Unauthorized when using £ in password https://github.com/apache/maven-wagon/commit/8e5a4b698b77b5272405a1678ef87e24aba2f4a2";>8e5a4b6 Drop findbugs from site reporting https://github.com/apache/maven-wagon/commit/c1ab05d476413d6d31cf5d98ffdaadee65aa956c";>c1ab05d Use shared GitHub Actions https://github.com/apache/maven-wagon/commit/c4be92b1749341cedb936ce2292136367e0d0869";>c4be92b [maven-release-plugin] prepare for next development iteration See full diff in https://github.com/apache/maven-wagon/compare/wagon-3.5.1...wagon-3.5.2";>compare view Updates `wagon-http` from 3.5.1 to 3.5.2 Updates `wagon-http-lightweight` from 3.5.1 to 3.5.2 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-site-plugin] dependabot[bot] opened a new pull request, #92: Bump maven-archiver from 3.5.2 to 3.6.0
dependabot[bot] opened a new pull request, #92: URL: https://github.com/apache/maven-site-plugin/pull/92 Bumps [maven-archiver](https://github.com/apache/maven-archiver) from 3.5.2 to 3.6.0. Commits https://github.com/apache/maven-archiver/commit/66780f233e9ab3fdee660103222ce0947cf0b379";>66780f2 [maven-release-plugin] prepare release maven-archiver-3.6.0 https://github.com/apache/maven-archiver/commit/2ceaefdc7050b12949e8a200c33c4bbc7fa1b213";>2ceaefd [MSHARED-1088] Update Plexus IO 3.4.0 and Plexus Archiver 4.4.0 (https://github-redirect.dependabot.com/apache/maven-archiver/issues/25";>#25) https://github.com/apache/maven-archiver/commit/03153b544edebeed2d11d8b7a135337394d97205";>03153b5 [MSHARED-1067] Improve Reproducible Builds methods https://github.com/apache/maven-archiver/commit/cd79d3959afce50e90b3bcc5cd7d7b88aee98df6";>cd79d39 [MSHARED-1066] Upgrade Plexus Archiver to 4.3.0 https://github.com/apache/maven-archiver/commit/6f74e5e363191337b7984988d861efb0a3c4b304";>6f74e5e [MSHARED-1082] - Update Plexus IO to 3.3.1 https://github.com/apache/maven-archiver/commit/96859f234edcefcecb77c1482d99d7b0b4f5e1ef";>96859f2 [MSHARED-1081] Drop m-shared-utils (https://github-redirect.dependabot.com/apache/maven-archiver/issues/23";>#23) https://github.com/apache/maven-archiver/commit/922e510bdb940689cf666e22771eb4c516cb8c04";>922e510 ignore more... https://github.com/apache/maven-archiver/commit/ea2396bda35a8f7c0c958691bfebf0561f9d464b";>ea2396b [MSHARED-1003] Require Maven 3.2.5+ https://github.com/apache/maven-archiver/commit/c9d80f54ea9b21b2c7818d9f0895a43c6cb3acf4";>c9d80f5 [MSHARED-991] small code cleanup and javadoc:fix https://github.com/apache/maven-archiver/commit/7769e4e00770918a4f0fca5c0be53ea689db8fb3";>7769e4e Bump junit to 5.8.3 Additional commits viewable in https://github.com/apache/maven-archiver/compare/maven-archiver-3.5.2...maven-archiver-3.6.0";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-site-plugin] dependabot[bot] opened a new pull request, #91: Bump wagonVersion from 3.5.1 to 3.5.2
dependabot[bot] opened a new pull request, #91: URL: https://github.com/apache/maven-site-plugin/pull/91 Bumps `wagonVersion` from 3.5.1 to 3.5.2. Updates `wagon-provider-api` from 3.5.1 to 3.5.2 Commits https://github.com/apache/maven-wagon/commit/8331ee26ffb3b5770c4e01ac3ed38d321c9158b1";>8331ee2 [maven-release-plugin] prepare release wagon-3.5.2 https://github.com/apache/maven-wagon/commit/88e8574c69d83e6a658fcd2ad10f3f80926b8840";>88e8574 [WAGON-629] Properly handle authentication scenarios with MKCOL https://github.com/apache/maven-wagon/commit/17529c6232a02ee836107bae11a9b5eb6778afb1";>17529c6 [WAGON-628] Default connect timeout not set when no HttpMethodConfiguration i... https://github.com/apache/maven-wagon/commit/d7f336745a6fec7c3697e47b17f46b9ae996d305";>d7f3367 [WAGON-627] Maven deploy fails with 401 Unauthorized when using £ in password https://github.com/apache/maven-wagon/commit/8e5a4b698b77b5272405a1678ef87e24aba2f4a2";>8e5a4b6 Drop findbugs from site reporting https://github.com/apache/maven-wagon/commit/c1ab05d476413d6d31cf5d98ffdaadee65aa956c";>c1ab05d Use shared GitHub Actions https://github.com/apache/maven-wagon/commit/c4be92b1749341cedb936ce2292136367e0d0869";>c4be92b [maven-release-plugin] prepare for next development iteration See full diff in https://github.com/apache/maven-wagon/compare/wagon-3.5.1...wagon-3.5.2";>compare view Updates `wagon-webdav-jackrabbit` from 3.5.1 to 3.5.2 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MENFORCER-425) Clarify class loading for custom Enforcer rules
[ https://issues.apache.org/jira/browse/MENFORCER-425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558925#comment-17558925 ] Hudson commented on MENFORCER-425: -- Build succeeded in Jenkins: Maven » Maven TLP » maven-enforcer » master #49 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-enforcer/job/master/49/ > Clarify class loading for custom Enforcer rules > > > Key: MENFORCER-425 > URL: https://issues.apache.org/jira/browse/MENFORCER-425 > Project: Maven Enforcer Plugin > Issue Type: Improvement > Components: Documentation >Reporter: Konrad Windszus >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: next-release > > > Currently the documentation at > https://maven.apache.org/enforcer/enforcer-api/writing-a-custom-rule.html#writing-a-custom-rule > has an example leveraging the default (i.e. compile) scope for all > dependencies. > IMHO custom rules share the classloader with the embedding m-enforcer-p and > therefore don't need "compile" scope for any of the dependencies which are > always loaded by m-enforcer-p (compare with MPLUGIN-370). Those dependencies > are > https://github.com/apache/maven-enforcer/blob/master/maven-enforcer-plugin/pom.xml#L63-L70. > That should be mentioned in the documentation for custom rules as well. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (MENFORCER-424) Maven enforcer rule which checks that all dependencies in dependencyManagement don't have an explicit scope set
[
https://issues.apache.org/jira/browse/MENFORCER-424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558924#comment-17558924
]
Slawomir Jaranowski commented on MENFORCER-424:
---
One case when I use scope in {{dependencyManagement}} is when I want to change
scope for transitive dependency.
> Maven enforcer rule which checks that all dependencies in
> dependencyManagement don't have an explicit scope set
> ---
>
> Key: MENFORCER-424
> URL: https://issues.apache.org/jira/browse/MENFORCER-424
> Project: Maven Enforcer Plugin
> Issue Type: New Feature
> Components: Standard Rules
>Reporter: Konrad Windszus
>Priority: Major
>
> Setting the scope in the dependencyManagement is an anti-pattern and may lead
> to surprising results during classpath creation. Compare also with the
> discussion in
> https://github.com/apache/maven-apache-parent/pull/63#discussion_r788361219.
> I propose to add a new rule with name {{banDependencyManagementScope}}.
> Probably scope {{import}} should be accepted though, because it is a special
> case.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Updated] (MENFORCER-425) Clarify class loading for custom Enforcer rules
[ https://issues.apache.org/jira/browse/MENFORCER-425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MENFORCER-425: -- Fix Version/s: next-release > Clarify class loading for custom Enforcer rules > > > Key: MENFORCER-425 > URL: https://issues.apache.org/jira/browse/MENFORCER-425 > Project: Maven Enforcer Plugin > Issue Type: Improvement > Components: Documentation >Reporter: Konrad Windszus >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: next-release > > > Currently the documentation at > https://maven.apache.org/enforcer/enforcer-api/writing-a-custom-rule.html#writing-a-custom-rule > has an example leveraging the default (i.e. compile) scope for all > dependencies. > IMHO custom rules share the classloader with the embedding m-enforcer-p and > therefore don't need "compile" scope for any of the dependencies which are > always loaded by m-enforcer-p (compare with MPLUGIN-370). Those dependencies > are > https://github.com/apache/maven-enforcer/blob/master/maven-enforcer-plugin/pom.xml#L63-L70. > That should be mentioned in the documentation for custom rules as well. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Closed] (MENFORCER-425) Clarify class loading for custom Enforcer rules
[ https://issues.apache.org/jira/browse/MENFORCER-425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski closed MENFORCER-425. - Assignee: Slawomir Jaranowski Resolution: Fixed > Clarify class loading for custom Enforcer rules > > > Key: MENFORCER-425 > URL: https://issues.apache.org/jira/browse/MENFORCER-425 > Project: Maven Enforcer Plugin > Issue Type: Improvement > Components: Documentation >Reporter: Konrad Windszus >Assignee: Slawomir Jaranowski >Priority: Major > > Currently the documentation at > https://maven.apache.org/enforcer/enforcer-api/writing-a-custom-rule.html#writing-a-custom-rule > has an example leveraging the default (i.e. compile) scope for all > dependencies. > IMHO custom rules share the classloader with the embedding m-enforcer-p and > therefore don't need "compile" scope for any of the dependencies which are > always loaded by m-enforcer-p (compare with MPLUGIN-370). Those dependencies > are > https://github.com/apache/maven-enforcer/blob/master/maven-enforcer-plugin/pom.xml#L63-L70. > That should be mentioned in the documentation for custom rules as well. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[GitHub] [maven-enforcer] slawekjaranowski merged pull request #167: [MENFORCER-425] clarify class loading of custom rules
slawekjaranowski merged PR #167: URL: https://github.com/apache/maven-enforcer/pull/167 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MENFORCER-425) Clarify class loading for custom Enforcer rules
[
https://issues.apache.org/jira/browse/MENFORCER-425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558923#comment-17558923
]
Slawomir Jaranowski commented on MENFORCER-425:
---
Right - I did exactly change in {{extra-enforcer-rules}}
https://github.com/apache/maven-enforcer/pull/167
> Clarify class loading for custom Enforcer rules
>
>
> Key: MENFORCER-425
> URL: https://issues.apache.org/jira/browse/MENFORCER-425
> Project: Maven Enforcer Plugin
> Issue Type: Improvement
> Components: Documentation
>Reporter: Konrad Windszus
>Priority: Major
>
> Currently the documentation at
> https://maven.apache.org/enforcer/enforcer-api/writing-a-custom-rule.html#writing-a-custom-rule
> has an example leveraging the default (i.e. compile) scope for all
> dependencies.
> IMHO custom rules share the classloader with the embedding m-enforcer-p and
> therefore don't need "compile" scope for any of the dependencies which are
> always loaded by m-enforcer-p (compare with MPLUGIN-370). Those dependencies
> are
> https://github.com/apache/maven-enforcer/blob/master/maven-enforcer-plugin/pom.xml#L63-L70.
> That should be mentioned in the documentation for custom rules as well.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Commented] (MNG-7468) Unsupported plugins parameters in configuration should be verified
[
https://issues.apache.org/jira/browse/MNG-7468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558922#comment-17558922
]
Slawomir Jaranowski commented on MNG-7468:
--
This one will be ok for me:
{code:java}
[WARNING] Parameter 'invalidXml' is unknown for plugin
'maven-it-plugin-configuration:2.1-SNAPSHOT' when configuring 'touch (default)'
{code}
I suppose that warning will be printed for all execution, multiple times.
> Unsupported plugins parameters in configuration should be verified
> --
>
> Key: MNG-7468
> URL: https://issues.apache.org/jira/browse/MNG-7468
> Project: Maven
> Issue Type: New Feature
> Components: Plugins and Lifecycle
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
> Currently we can provide any xml tags in plugin configuration even if plugin
> Mojo doesn't support specific parameters.
> eg we can have:
> {code:xml}
>
> example-maven-plugin
> 1.1.1
>
>
>
>
> {code}
> With example configuration Mojo is executed without any warning.
> Simply if parameters is not supported - build should break with some of
> invalid plugin configuration exception ...
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[GitHub] [maven-pmd-plugin] slachiewicz merged pull request #72: Bump commons-lang3 from 3.8.1 to 3.12.0
slachiewicz merged PR #72: URL: https://github.com/apache/maven-pmd-plugin/pull/72 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-pmd-plugin] dependabot[bot] opened a new pull request, #77: Bump maven-shared-utils from 3.3.3 to 3.3.4
dependabot[bot] opened a new pull request, #77: URL: https://github.com/apache/maven-pmd-plugin/pull/77 Bumps [maven-shared-utils](https://github.com/apache/maven-shared-utils) from 3.3.3 to 3.3.4. Commits https://github.com/apache/maven-shared-utils/commit/17091d82508deb9b7067f3434ba16f660ffc5023";>17091d8 [maven-release-plugin] prepare release maven-shared-utils-3.3.4 https://github.com/apache/maven-shared-utils/commit/9f40037bfb04d54dd997a9ab837390045c9a4348";>9f40037 [NOJIRA] Javadoc cleanup in preparation of release https://github.com/apache/maven-shared-utils/commit/4e93c5621ef45c7cf6a03d96ca7a3c45ac4e2062";>4e93c56 [SUREFIRE-1556] fail fast on empty element names (https://github-redirect.dependabot.com/apache/maven-shared-utils/issues/11";>#11) https://github.com/apache/maven-shared-utils/commit/1461e4de42c324a71decfefe0c51a6f80f05f9e2";>1461e4d Revert "remove unused plexus dependency" https://github.com/apache/maven-shared-utils/commit/8f31df7af9383d278fc5513729e1bdcf254fd997";>8f31df7 update to JUnit 4.13.2 https://github.com/apache/maven-shared-utils/commit/5097ceefd24fc83e005bdfa4e254975b025733ad";>5097cee remove unused plexus dependency https://github.com/apache/maven-shared-utils/commit/b4577c968a84be979e31347d0525f3714724bcd5";>b4577c9 Merge pull request https://github-redirect.dependabot.com/apache/maven-shared-utils/issues/70";>#70 from gnodet/MSHARED-965-help https://github.com/apache/maven-shared-utils/commit/eb4f6355d772739094bcf8edce5d7da894ca8be5";>eb4f635 Merge pull request https://github-redirect.dependabot.com/apache/maven-shared-utils/issues/67";>#67 from gnodet/MNG-6380 https://github.com/apache/maven-shared-utils/commit/0bb44cdc9541beeb9c78927c663d16b6d737eb09";>0bb44cd [MNG-6380] Use the new jansi AnsiMode to control the whether ansi sequences a... https://github.com/apache/maven-shared-utils/commit/f94bb250dcddcddadc610aa7cc28d7b07a9697ed";>f94bb25 [MNG-6915] Add a helper method to get the terminal width Additional commits viewable in https://github.com/apache/maven-shared-utils/compare/maven-shared-utils-3.3.3...maven-shared-utils-3.3.4";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-pmd-plugin] dependabot[bot] opened a new pull request, #76: Bump maven-common-artifact-filters from 3.2.0 to 3.3.0
dependabot[bot] opened a new pull request, #76: URL: https://github.com/apache/maven-pmd-plugin/pull/76 Bumps [maven-common-artifact-filters](https://github.com/apache/maven-common-artifact-filters) from 3.2.0 to 3.3.0. Commits https://github.com/apache/maven-common-artifact-filters/commit/ae01a994907a39e7391e2f431bca3c5314890bdd";>ae01a99 [maven-release-plugin] prepare release maven-common-artifact-filters-3.3.0 https://github.com/apache/maven-common-artifact-filters/commit/0c6674fae7cf110c4a12d0f0f80e93d61f0be391";>0c6674f [MSHARED-1077] Bugfix for classifier in pattern (https://github-redirect.dependabot.com/apache/maven-common-artifact-filters/issues/26";>#26) https://github.com/apache/maven-common-artifact-filters/commit/72981e4288c4c314e7d78061bd6220141ef1d9ba";>72981e4 [MSHARED-1078] Update parent POM and drop maven-shared-utils (https://github-redirect.dependabot.com/apache/maven-common-artifact-filters/issues/27";>#27) https://github.com/apache/maven-common-artifact-filters/commit/6ba230d1de6b05b4827db9bdcb4113f5d6832277";>6ba230d Shared GitHub actions v2 https://github.com/apache/maven-common-artifact-filters/commit/26796743072eaba1e7e928f3b158cb8b1bbdb000";>2679674 [MSHARED-1017] null passed to DependencyFilter in EclipseAetherFilterTransfor... https://github.com/apache/maven-common-artifact-filters/commit/6236b1b42647b674a5e97f44b35fc2964c132262";>6236b1b (doc) use shared worflow for gha https://github.com/apache/maven-common-artifact-filters/commit/0569dc9386958477116afb5db28469be94538350";>0569dc9 update CI url https://github.com/apache/maven-common-artifact-filters/commit/36e992b580dfdff8ee2c23d1196c77b074c6888f";>36e992b Dependency scopes cleanup https://github.com/apache/maven-common-artifact-filters/commit/54e333058d75a4792ede57635e2abc128e113b1a";>54e3330 Update resolver to latest Java7 version. https://github.com/apache/maven-common-artifact-filters/commit/7c83ef433c29c7360edba9df11061b4bf5b833a5";>7c83ef4 [MSHARED-988] Remove CP duplicates Additional commits viewable in https://github.com/apache/maven-common-artifact-filters/compare/maven-common-artifact-filters-3.2.0...maven-common-artifact-filters-3.3.0";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-pmd-plugin] slachiewicz merged pull request #56: Bump plexus-resources from 1.1.0 to 1.2.0
slachiewicz merged PR #56: URL: https://github.com/apache/maven-pmd-plugin/pull/56 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-pmd-plugin] dependabot[bot] commented on pull request #74: Bump pmdVersion from 6.46.0 to 6.47.0
dependabot[bot] commented on PR #74: URL: https://github.com/apache/maven-pmd-plugin/pull/74#issuecomment-1166627676 OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-pmd-plugin] slachiewicz closed pull request #74: Bump pmdVersion from 6.46.0 to 6.47.0
slachiewicz closed pull request #74: Bump pmdVersion from 6.46.0 to 6.47.0 URL: https://github.com/apache/maven-pmd-plugin/pull/74 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MPMD-210) Ability to add password protected SVN URL as rule set in the tag
[ https://issues.apache.org/jira/browse/MPMD-210?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MPMD-210. - Resolution: Auto Closed > Ability to add password protected SVN URL as rule set in the tag > -- > > Key: MPMD-210 > URL: https://issues.apache.org/jira/browse/MPMD-210 > Project: Maven PMD Plugin > Issue Type: Improvement > Components: PMD >Affects Versions: 3.4 >Reporter: Ross Humphrey >Priority: Trivial > > When using the following maven snippet: > > org.apache.maven.plugins > maven-pmd-plugin > > 1.5 > 2 > > > http://somesubversionrepository/RuleSet.xml > > > > PMD connects to the subversion repo using 'anonymous' access. 'Anonymous' > access has since been disabled and thus the above ruleset could not be pulled > from the directory. It would be good to have to the ability to authenticate > against a subversion repo to pull a ruleset -- This message was sent by Atlassian Jira (v8.20.7#820007)
[GitHub] [maven-pmd-plugin] dependabot[bot] opened a new pull request, #75: Bump maven-artifact-transfer from 0.11.0 to 0.13.1
dependabot[bot] opened a new pull request, #75: URL: https://github.com/apache/maven-pmd-plugin/pull/75 Bumps [maven-artifact-transfer](https://github.com/apache/maven-artifact-transfer) from 0.11.0 to 0.13.1. Commits https://github.com/apache/maven-artifact-transfer/commit/ee4b1f50504d9538ea447e0d987a44e9e89e8dc1";>ee4b1f5 [maven-release-plugin] prepare release maven-artifact-transfer-0.13.1 https://github.com/apache/maven-artifact-transfer/commit/410ab39c0101f29c44d8d3b054241de90a4ba8be";>410ab39 Bump groovy from 3.0.6 to 3.0.7 https://github.com/apache/maven-artifact-transfer/commit/998d32016d8c949a72949f927fdd88a298b8f4b9";>998d320 Bump groovy from 3.0.4 to 3.0.6 https://github.com/apache/maven-artifact-transfer/commit/7f8251e01a7169232df6c1ad9b8d0d2b0ce3495a";>7f8251e Bump junit from 4.13 to 4.13.1 https://github.com/apache/maven-artifact-transfer/commit/dfb1e61c4f5db6fe167b3d879a37ab5e25c8475c";>dfb1e61 Quick fixes for problems reported by the IDE https://github.com/apache/maven-artifact-transfer/commit/0e1b8787b324b40376844280078fea8b5bcdb1f7";>0e1b878 Drop unused dependency commons-codec https://github.com/apache/maven-artifact-transfer/commit/a87ec073ea6a7e97bda97af54b96a6b7223b6dbb";>a87ec07 Bump groovy from 3.0.3 to 3.0.4 https://github.com/apache/maven-artifact-transfer/commit/f2b0b25be400ca1174b1af79488ded26b9bfe720";>f2b0b25 Run integration tests only with Java 8, 11 and 15 https://github.com/apache/maven-artifact-transfer/commit/64442121574513ab899efc408c9c9291df1071c7";>6444212 Remove unnecessary file causing Animal Sniffer to fail build https://github.com/apache/maven-artifact-transfer/commit/92a6791223c6af78b1c402c0d20bd9234499ea6e";>92a6791 update ASF CI url Additional commits viewable in https://github.com/apache/maven-artifact-transfer/compare/maven-artifact-transfer-0.11.0...maven-artifact-transfer-0.13.1";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-pmd-plugin] dependabot[bot] opened a new pull request, #74: Bump pmdVersion from 6.46.0 to 6.47.0
dependabot[bot] opened a new pull request, #74: URL: https://github.com/apache/maven-pmd-plugin/pull/74 Bumps `pmdVersion` from 6.46.0 to 6.47.0. Updates `pmd-core` from 6.46.0 to 6.47.0 Release notes Sourced from https://github.com/pmd/pmd/releases";>pmd-core's releases. PMD 6.47.0 (25-June-2022) 25-June-2022 - 6.47.0 The PMD team is pleased to announce PMD 6.47.0. This is a minor release. Table Of Contents https://github.com/pmd/pmd/blob/HEAD/#fixed-issues";>Fixed Issues https://github.com/pmd/pmd/blob/HEAD/#api-changes";>API Changes https://github.com/pmd/pmd/blob/HEAD/#external-contributions";>External Contributions https://github.com/pmd/pmd/blob/HEAD/#stats";>Stats Fixed Issues core https://github-redirect.dependabot.com/pmd/pmd/issues/3999";>#3999: [cli] All files are analyzed despite parameter --file-list https://github-redirect.dependabot.com/pmd/pmd/issues/4009";>#4009: [core] Cannot build PMD with Temurin 17 java-bestpractices https://github-redirect.dependabot.com/pmd/pmd/issues/3824";>#3824: [java] UnusedPrivateField: Do not flag fields annotated with @Version https://github-redirect.dependabot.com/pmd/pmd/issues/3825";>#3825: [java] UnusedPrivateField: Do not flag fields annotated with @Id or @EmbeddedId java-design https://github-redirect.dependabot.com/pmd/pmd/issues/3823";>#3823: [java] ImmutableField: Do not flag fields in @Entity https://github-redirect.dependabot.com/pmd/pmd/issues/3981";>#3981: [java] ImmutableField reports fields annotated with @Value (Spring) https://github-redirect.dependabot.com/pmd/pmd/issues/3998";>#3998: [java] ImmutableField reports fields annotated with @Captor (Mockito) https://github-redirect.dependabot.com/pmd/pmd/issues/4004";>#4004: [java] ImmutableField reports fields annotated with @GwtMock (GwtMockito) and @Spy (Mockito) https://github-redirect.dependabot.com/pmd/pmd/issues/4008";>#4008: [java] ImmutableField not reporting fields that are only initialized in the declaration https://github-redirect.dependabot.com/pmd/pmd/issues/4011";>#4011: [java] ImmutableField: Do not flag fields annotated with @Inject https://github-redirect.dependabot.com/pmd/pmd/issues/4020";>#4020: [java] ImmutableField reports fields annotated with @FindBy and @FindBys (Selenium) java-errorprone https://github-redirect.dependabot.com/pmd/pmd/issues/3936";>#3936: [java] AvoidFieldNameMatchingMethodName should consider enum class https://github-redirect.dependabot.com/pmd/pmd/issues/3937";>#3937: [java] AvoidDuplicateLiterals - uncompilable test cases API Changes No changes. External Contributions https://github-redirect.dependabot.com/pmd/pmd/pull/3985";>#3985: [java] Fix false negative problem about Enum in AvoidFieldNameMatchingMethodName https://github-redirect.dependabot.com/pmd/pmd/issues/3936";>#3936 - https://github.com/Scrsloota";>@Scrsloota https://github-redirect.dependabot.com/pmd/pmd/pull/3993";>#3993: [java] AvoidDuplicateLiterals - Add the method "buz" definition to test cases - https://github.com/dalizi007";>@dalizi007 https://github-redirect.dependabot.com/pmd/pmd/pull/4002";>#4002: [java] ImmutableField - Ignore fields annotated with @Value (Spring) or @Captor (Mockito) - https://github.com/jjlharrison";>@jjlharrison https://github-redirect.dependabot.com/pmd/pmd/pull/4003";>#4003: [java] UnusedPrivateField - Ignore fields annotated with @Id/@EmbeddedId/@Version (JPA) or @Mock/@Spy/@MockBean (Mockito/Spring) - https://github.com/jjlharrison";>@jjlharrison https://github-redirect.dependabot.com/pmd/pmd/pull/4006";>#4006: [doc] Fix eclipse plugin update site URL - https://github.com/shiomiyan";>@shiomiyan https://github-redirect.dependabot.com/pmd/pmd/pull/4010";>#4010: [core] Bump kotlin to version 1.7.0 - https://github.com/maikelsteneker";>@maikelsteneker Stats 45 commits 23 closed tickets & PRs Days since last release: 27 Commits https://github.com/pmd/pmd/commit/07eb3d2d8081d787c60abdfe74c46af24772a3ce";>07eb3d2 [maven-release-plugin] prepare release pmd_releases/6.47.0 https://github.com/pmd/pmd/commit/cf90c2141f07ff0400fc413ed1f4db60391b6cd1";>cf90c21 Prepare pmd release 6.47.0 https://github.com/pmd/pmd/commit/ed6cd9ae39f3bc3a8bf68251aeed3128d01b5311";>ed6cd9a [doc] Update release notes - escape @ to not mention people on github https://github.com/pmd/pmd/commit/25eb9d885b9bc6760a022c507d7d5eafffc0d2f2";>25eb9d8 Merge pull request https://github-redirect.dependabot.com/pmd/pmd/issues/4005";>#4005 from adangel:sonatype-lift-issues https://github.com/pmd/pmd/commit/bde5a0c191a4076e24c28541a2cea9a807a20a9c";>bde5a0c Merge pull request https://github-redirect.dependabot.com/pmd/pmd/issues/4003";>#4003 from jjlharrison:master https://github.com/pmd/pmd/commit/18dd7f
[GitHub] [maven-pmd-plugin] slachiewicz merged pull request #54: Bump animal-sniffer-maven-plugin from 1.16 to 1.21
slachiewicz merged PR #54: URL: https://github.com/apache/maven-pmd-plugin/pull/54 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-7501) display relative path to pom.xml
[
https://issues.apache.org/jira/browse/MNG-7501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558908#comment-17558908
]
Hudson commented on MNG-7501:
-
Build succeeded in Jenkins: Maven » Maven TLP » maven » master #63
See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/master/63/
> display relative path to pom.xml
>
>
> Key: MNG-7501
> URL: https://issues.apache.org/jira/browse/MNG-7501
> Project: Maven
> Issue Type: Improvement
> Components: Command Line
>Affects Versions: 3.8.6
>Reporter: Herve Boutemy
>Assignee: Herve Boutemy
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
> when building large multi-module project, when a failure happens in the
> middle of the build, it's not easy to even identify where the module is
> located in the source tree: Maven displays the module name, but not the path
> to pom.xml. Then often we have to read output log of goals that have run
> hoping to find a hint
> it would be nice to have by default the path to the pom.xml displayed during
> Maven run.
> I see 2 options:
> 1. either in the module build header:
> {noformat}
> [INFO] --< org.apache.maven.its.plugins:maven-it-plugin-dependency-resolution
> >--
> [INFO] Building Maven IT Plugin :: Dependency Resolution 2.1-SNAPSHOT
> [31/78]
> [INFO]
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> [INFO] [ maven-plugin
> ]
> {noformat}
> 2. or in each goal execution line during the module build:
> {noformat}
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @
> maven-it-plugin-dependency-resolution
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> ---
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Commented] (MNG-6965) Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their classpath
[
https://issues.apache.org/jira/browse/MNG-6965?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558909#comment-17558909
]
Hudson commented on MNG-6965:
-
Build succeeded in Jenkins: Maven » Maven TLP » maven » master #63
See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/master/63/
> Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their
> classpath
>
>
> Key: MNG-6965
> URL: https://issues.apache.org/jira/browse/MNG-6965
> Project: Maven
> Issue Type: Bug
> Components: Plugins and Lifecycle
>Affects Versions: 3.6.0, 3.6.3
> Environment: Win7, Win10, at least one variant of Linux (not sure
> which)
>Reporter: Mark Nolan
>Assignee: Sylwester Lachiewicz
>Priority: Major
> Labels: archetype
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
> Attachments: pom.xml
>
>
> A simple minimal archetype pom following the manual pages downloads
> plexus-utils 1.1, even though it is not (apparently) declared anywhere. This
> version is banned at my organization (edited to add: due to vulnerabilities),
> meaning such a pom always fails.
>
> {code:xml}
> http://maven.apache.org/POM/4.0.0";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> http://maven.apache.org/xsd/maven-4.0.0.xsd";>
> 4.0.0
> test
> test
> 0.0.1-SNAPSHOT
> maven-archetype
> test
>
>
>
> org.apache.maven.archetype
> archetype-packaging
> 3.1.2
>
>
>
>
>
> org.apache.maven.plugins
> maven-archetype-plugin
> 3.1.2
>
>
>
>
>
> {code}
> Running any goal, such as mvn -X clean, produces the following before the
> goal is executed:
> {code}
> [DEBUG] Dependency collection stats: {ConflictMarker.analyzeTime=952800,
> ConflictMarker.markTime=586900, ConflictMarker.nodeCount=1,
> ConflictIdSorter.graphTime=549200, ConflictIdSorter.topsortTime=586700,
> ConflictIdSorter.conflictIdCount=1, ConflictIdSorter.conflictIdCycleCount=0,
> ConflictResolver.totalTime=3313100, ConflictResolver.conflictItemCount=1,
> DefaultDependencyCollector.collectTime=66890900,
> DefaultDependencyCollector.transformTime=8523500}
> [DEBUG] org.apache.maven.archetype:archetype-packaging:jar:3.1.2:
> [DEBUG]org.codehaus.plexus:plexus-utils:jar:1.1:runtime
> {code}
>
> As far as I can see, there is no declared dependency on plexus-utils:1.1.
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] (MNG-7501) display relative path to pom.xml
[ https://issues.apache.org/jira/browse/MNG-7501 ]
Herve Boutemy deleted comment on MNG-7501:
was (Author: hudson):
Build unstable in Jenkins: Maven » Maven TLP » maven » PR-756 #2
See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/PR-756/2/
> display relative path to pom.xml
>
>
> Key: MNG-7501
> URL: https://issues.apache.org/jira/browse/MNG-7501
> Project: Maven
> Issue Type: Improvement
> Components: Command Line
>Affects Versions: 3.8.6
>Reporter: Herve Boutemy
>Assignee: Herve Boutemy
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
> when building large multi-module project, when a failure happens in the
> middle of the build, it's not easy to even identify where the module is
> located in the source tree: Maven displays the module name, but not the path
> to pom.xml. Then often we have to read output log of goals that have run
> hoping to find a hint
> it would be nice to have by default the path to the pom.xml displayed during
> Maven run.
> I see 2 options:
> 1. either in the module build header:
> {noformat}
> [INFO] --< org.apache.maven.its.plugins:maven-it-plugin-dependency-resolution
> >--
> [INFO] Building Maven IT Plugin :: Dependency Resolution 2.1-SNAPSHOT
> [31/78]
> [INFO]
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> [INFO] [ maven-plugin
> ]
> {noformat}
> 2. or in each goal execution line during the module build:
> {noformat}
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @
> maven-it-plugin-dependency-resolution
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> ---
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] (MNG-7501) display relative path to pom.xml
[ https://issues.apache.org/jira/browse/MNG-7501 ]
Herve Boutemy deleted comment on MNG-7501:
was (Author: hudson):
Build succeeded in Jenkins: Maven » Maven TLP » maven » PR-756 #7
See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/PR-756/7/
> display relative path to pom.xml
>
>
> Key: MNG-7501
> URL: https://issues.apache.org/jira/browse/MNG-7501
> Project: Maven
> Issue Type: Improvement
> Components: Command Line
>Affects Versions: 3.8.6
>Reporter: Herve Boutemy
>Assignee: Herve Boutemy
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
> when building large multi-module project, when a failure happens in the
> middle of the build, it's not easy to even identify where the module is
> located in the source tree: Maven displays the module name, but not the path
> to pom.xml. Then often we have to read output log of goals that have run
> hoping to find a hint
> it would be nice to have by default the path to the pom.xml displayed during
> Maven run.
> I see 2 options:
> 1. either in the module build header:
> {noformat}
> [INFO] --< org.apache.maven.its.plugins:maven-it-plugin-dependency-resolution
> >--
> [INFO] Building Maven IT Plugin :: Dependency Resolution 2.1-SNAPSHOT
> [31/78]
> [INFO]
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> [INFO] [ maven-plugin
> ]
> {noformat}
> 2. or in each goal execution line during the module build:
> {noformat}
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @
> maven-it-plugin-dependency-resolution
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> ---
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Closed] (MNG-7501) display relative path to pom.xml
[
https://issues.apache.org/jira/browse/MNG-7501?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Herve Boutemy closed MNG-7501.
--
Assignee: Herve Boutemy
Resolution: Fixed
done:
- in
https://github.com/apache/maven/commit/c9a3e0e45b0a6e7eca29d150443b04c9c99f3813
for Maven 3.9.x
- in
https://github.com/apache/maven/commit/4e88d62ab23a2cef8b1ec8af479353bc4d86fe25
for master / Maven 4
> display relative path to pom.xml
>
>
> Key: MNG-7501
> URL: https://issues.apache.org/jira/browse/MNG-7501
> Project: Maven
> Issue Type: Improvement
> Components: Command Line
>Affects Versions: 3.8.6
>Reporter: Herve Boutemy
>Assignee: Herve Boutemy
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
> when building large multi-module project, when a failure happens in the
> middle of the build, it's not easy to even identify where the module is
> located in the source tree: Maven displays the module name, but not the path
> to pom.xml. Then often we have to read output log of goals that have run
> hoping to find a hint
> it would be nice to have by default the path to the pom.xml displayed during
> Maven run.
> I see 2 options:
> 1. either in the module build header:
> {noformat}
> [INFO] --< org.apache.maven.its.plugins:maven-it-plugin-dependency-resolution
> >--
> [INFO] Building Maven IT Plugin :: Dependency Resolution 2.1-SNAPSHOT
> [31/78]
> [INFO]
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> [INFO] [ maven-plugin
> ]
> {noformat}
> 2. or in each goal execution line during the module build:
> {noformat}
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @
> maven-it-plugin-dependency-resolution
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> ---
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] (MNG-7501) display relative path to pom.xml
[ https://issues.apache.org/jira/browse/MNG-7501 ]
Herve Boutemy deleted comment on MNG-7501:
was (Author: hudson):
Build succeeded in Jenkins: Maven » Maven TLP » maven » maven-3.9.x #51
See
https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/maven-3.9.x/51/
> display relative path to pom.xml
>
>
> Key: MNG-7501
> URL: https://issues.apache.org/jira/browse/MNG-7501
> Project: Maven
> Issue Type: Improvement
> Components: Command Line
>Affects Versions: 3.8.6
>Reporter: Herve Boutemy
>Assignee: Herve Boutemy
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
> when building large multi-module project, when a failure happens in the
> middle of the build, it's not easy to even identify where the module is
> located in the source tree: Maven displays the module name, but not the path
> to pom.xml. Then often we have to read output log of goals that have run
> hoping to find a hint
> it would be nice to have by default the path to the pom.xml displayed during
> Maven run.
> I see 2 options:
> 1. either in the module build header:
> {noformat}
> [INFO] --< org.apache.maven.its.plugins:maven-it-plugin-dependency-resolution
> >--
> [INFO] Building Maven IT Plugin :: Dependency Resolution 2.1-SNAPSHOT
> [31/78]
> [INFO]
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> [INFO] [ maven-plugin
> ]
> {noformat}
> 2. or in each goal execution line during the module build:
> {noformat}
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @
> maven-it-plugin-dependency-resolution
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> ---
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Commented] (MNG-7468) Unsupported plugins parameters in configuration should be verified
[
https://issues.apache.org/jira/browse/MNG-7468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558906#comment-17558906
]
Herve Boutemy commented on MNG-7468:
thanks [~sjaranowski]: I overlooked the second step checking parameter of other
goals of the plugin, and didn't have a look at ITs that perfectly check
everything
the warning message makes me feel uncomfortable:
{noformat}[WARNING] Parameter 'invalidXml' is unknown for plugin
'maven-it-plugin-configuration:2.1-SNAPSHOT:touch (default)'{noformat}
it says parameter is invalid for plugin xxx, but xxx does not describe a plugin
but an execution of a goal
what do you think about
{noformat}[WARNING] Parameter 'invalidXml' is unknown for plugin
'maven-it-plugin-configuration:2.1-SNAPSHOT' when configuring 'touch
(default)'{noformat}
?
or even just
{noformat}[WARNING] Parameter 'invalidXml' is unknown for plugin
'maven-it-plugin-configuration:2.1-SNAPSHOT'{noformat}
?
and what if there are multiple executions? Is the warning displayed multiple
times?
> Unsupported plugins parameters in configuration should be verified
> --
>
> Key: MNG-7468
> URL: https://issues.apache.org/jira/browse/MNG-7468
> Project: Maven
> Issue Type: New Feature
> Components: Plugins and Lifecycle
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
> Currently we can provide any xml tags in plugin configuration even if plugin
> Mojo doesn't support specific parameters.
> eg we can have:
> {code:xml}
>
> example-maven-plugin
> 1.1.1
>
>
>
>
> {code}
> With example configuration Mojo is executed without any warning.
> Simply if parameters is not supported - build should break with some of
> invalid plugin configuration exception ...
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Commented] (MNG-7501) display relative path to pom.xml
[
https://issues.apache.org/jira/browse/MNG-7501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558905#comment-17558905
]
Hudson commented on MNG-7501:
-
Build succeeded in Jenkins: Maven » Maven TLP » maven » maven-3.9.x #51
See
https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/maven-3.9.x/51/
> display relative path to pom.xml
>
>
> Key: MNG-7501
> URL: https://issues.apache.org/jira/browse/MNG-7501
> Project: Maven
> Issue Type: Improvement
> Components: Command Line
>Affects Versions: 3.8.6
>Reporter: Herve Boutemy
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
> when building large multi-module project, when a failure happens in the
> middle of the build, it's not easy to even identify where the module is
> located in the source tree: Maven displays the module name, but not the path
> to pom.xml. Then often we have to read output log of goals that have run
> hoping to find a hint
> it would be nice to have by default the path to the pom.xml displayed during
> Maven run.
> I see 2 options:
> 1. either in the module build header:
> {noformat}
> [INFO] --< org.apache.maven.its.plugins:maven-it-plugin-dependency-resolution
> >--
> [INFO] Building Maven IT Plugin :: Dependency Resolution 2.1-SNAPSHOT
> [31/78]
> [INFO]
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> [INFO] [ maven-plugin
> ]
> {noformat}
> 2. or in each goal execution line during the module build:
> {noformat}
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @
> maven-it-plugin-dependency-resolution
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> ---
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Updated] (MNG-7501) display relative path to pom.xml
[
https://issues.apache.org/jira/browse/MNG-7501?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Herve Boutemy updated MNG-7501:
---
Fix Version/s: 3.9.0
4.0.0-alpha-1
4.0.0
(was: 3.9.0-candidate)
> display relative path to pom.xml
>
>
> Key: MNG-7501
> URL: https://issues.apache.org/jira/browse/MNG-7501
> Project: Maven
> Issue Type: Improvement
> Components: Command Line
>Affects Versions: 3.8.6
>Reporter: Herve Boutemy
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
> when building large multi-module project, when a failure happens in the
> middle of the build, it's not easy to even identify where the module is
> located in the source tree: Maven displays the module name, but not the path
> to pom.xml. Then often we have to read output log of goals that have run
> hoping to find a hint
> it would be nice to have by default the path to the pom.xml displayed during
> Maven run.
> I see 2 options:
> 1. either in the module build header:
> {noformat}
> [INFO] --< org.apache.maven.its.plugins:maven-it-plugin-dependency-resolution
> >--
> [INFO] Building Maven IT Plugin :: Dependency Resolution 2.1-SNAPSHOT
> [31/78]
> [INFO]
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> [INFO] [ maven-plugin
> ]
> {noformat}
> 2. or in each goal execution line during the module build:
> {noformat}
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @
> maven-it-plugin-dependency-resolution
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> ---
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Commented] (MNG-7501) display relative path to pom.xml
[
https://issues.apache.org/jira/browse/MNG-7501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558904#comment-17558904
]
ASF GitHub Bot commented on MNG-7501:
-
hboutemy merged PR #756:
URL: https://github.com/apache/maven/pull/756
> display relative path to pom.xml
>
>
> Key: MNG-7501
> URL: https://issues.apache.org/jira/browse/MNG-7501
> Project: Maven
> Issue Type: Improvement
> Components: Command Line
>Affects Versions: 3.8.6
>Reporter: Herve Boutemy
>Priority: Major
> Fix For: 3.9.0-candidate
>
>
> when building large multi-module project, when a failure happens in the
> middle of the build, it's not easy to even identify where the module is
> located in the source tree: Maven displays the module name, but not the path
> to pom.xml. Then often we have to read output log of goals that have run
> hoping to find a hint
> it would be nice to have by default the path to the pom.xml displayed during
> Maven run.
> I see 2 options:
> 1. either in the module build header:
> {noformat}
> [INFO] --< org.apache.maven.its.plugins:maven-it-plugin-dependency-resolution
> >--
> [INFO] Building Maven IT Plugin :: Dependency Resolution 2.1-SNAPSHOT
> [31/78]
> [INFO]
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> [INFO] [ maven-plugin
> ]
> {noformat}
> 2. or in each goal execution line during the module build:
> {noformat}
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @
> maven-it-plugin-dependency-resolution
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> ---
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[GitHub] [maven] hboutemy merged pull request #756: MNG-7501 display relative path to pom.xml
hboutemy merged PR #756: URL: https://github.com/apache/maven/pull/756 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-javadoc-plugin] slawekjaranowski commented on pull request #98: use setup-java cache, more jdk
slawekjaranowski commented on PR #98: URL: https://github.com/apache/maven-javadoc-plugin/pull/98#issuecomment-1166565846 Not valid - shared action is used now. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-javadoc-plugin] slawekjaranowski closed pull request #98: use setup-java cache, more jdk
slawekjaranowski closed pull request #98: use setup-java cache, more jdk URL: https://github.com/apache/maven-javadoc-plugin/pull/98 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-7302) Replace construction of FileInputStream and FileOutputStream objects with Files NIO APIs.
[
https://issues.apache.org/jira/browse/MNG-7302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558896#comment-17558896
]
ASF GitHub Bot commented on MNG-7302:
-
slachiewicz commented on code in PR #587:
URL: https://github.com/apache/maven/pull/587#discussion_r906832179
##
maven-compat/src/test/java/org/apache/maven/artifact/AbstractArtifactComponentTestCase.java:
##
@@ -271,7 +271,7 @@ protected void createArtifact( Artifact artifact,
ArtifactRepository repository
{
artifactFile.getParentFile().mkdirs();
}
-try ( Writer writer = new OutputStreamWriter( new FileOutputStream(
artifactFile ), StandardCharsets.ISO_8859_1) )
+try ( Writer writer = new OutputStreamWriter( Files.newOutputStream(
artifactFile.toPath() ), StandardCharsets.ISO_8859_1) )
Review Comment:
IntelliJ suggests with comment: _The streams created using Files methods are
usually more efficient than those created by stream constructors._
> Replace construction of FileInputStream and FileOutputStream objects with
> Files NIO APIs.
> -
>
> Key: MNG-7302
> URL: https://issues.apache.org/jira/browse/MNG-7302
> Project: Maven
> Issue Type: Sub-task
>Reporter: Arturo Bernal
>Priority: Minor
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[GitHub] [maven] slachiewicz commented on a diff in pull request #587: [MNG-7302] - Replace construction of FileInputStream and FileOutputStream objects with Files NIO APIs.
slachiewicz commented on code in PR #587:
URL: https://github.com/apache/maven/pull/587#discussion_r906832179
##
maven-compat/src/test/java/org/apache/maven/artifact/AbstractArtifactComponentTestCase.java:
##
@@ -271,7 +271,7 @@ protected void createArtifact( Artifact artifact,
ArtifactRepository repository
{
artifactFile.getParentFile().mkdirs();
}
-try ( Writer writer = new OutputStreamWriter( new FileOutputStream(
artifactFile ), StandardCharsets.ISO_8859_1) )
+try ( Writer writer = new OutputStreamWriter( Files.newOutputStream(
artifactFile.toPath() ), StandardCharsets.ISO_8859_1) )
Review Comment:
IntelliJ suggests with comment: _The streams created using Files methods are
usually more efficient than those created by stream constructors._
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [maven] slachiewicz closed pull request #760: chore: Set permissions for GitHub actions
slachiewicz closed pull request #760: chore: Set permissions for GitHub actions URL: https://github.com/apache/maven/pull/760 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven] slachiewicz commented on pull request #760: chore: Set permissions for GitHub actions
slachiewicz commented on PR #760: URL: https://github.com/apache/maven/pull/760#issuecomment-1166554120 duplicate of #745 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-7501) display relative path to pom.xml
[
https://issues.apache.org/jira/browse/MNG-7501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558894#comment-17558894
]
Hudson commented on MNG-7501:
-
Build succeeded in Jenkins: Maven » Maven TLP » maven » PR-756 #7
See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/PR-756/7/
> display relative path to pom.xml
>
>
> Key: MNG-7501
> URL: https://issues.apache.org/jira/browse/MNG-7501
> Project: Maven
> Issue Type: Improvement
> Components: Command Line
>Affects Versions: 3.8.6
>Reporter: Herve Boutemy
>Priority: Major
> Fix For: 3.9.0-candidate
>
>
> when building large multi-module project, when a failure happens in the
> middle of the build, it's not easy to even identify where the module is
> located in the source tree: Maven displays the module name, but not the path
> to pom.xml. Then often we have to read output log of goals that have run
> hoping to find a hint
> it would be nice to have by default the path to the pom.xml displayed during
> Maven run.
> I see 2 options:
> 1. either in the module build header:
> {noformat}
> [INFO] --< org.apache.maven.its.plugins:maven-it-plugin-dependency-resolution
> >--
> [INFO] Building Maven IT Plugin :: Dependency Resolution 2.1-SNAPSHOT
> [31/78]
> [INFO]
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> [INFO] [ maven-plugin
> ]
> {noformat}
> 2. or in each goal execution line during the module build:
> {noformat}
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @
> maven-it-plugin-dependency-resolution
> core-it-support/core-it-plugins/maven-it-plugin-dependency-resolution/pom.xml
> ---
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Commented] (MNG-6965) Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their classpath
[
https://issues.apache.org/jira/browse/MNG-6965?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558893#comment-17558893
]
Hudson commented on MNG-6965:
-
Build succeeded in Jenkins: Maven » Maven TLP » maven » PR-756 #7
See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/PR-756/7/
> Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their
> classpath
>
>
> Key: MNG-6965
> URL: https://issues.apache.org/jira/browse/MNG-6965
> Project: Maven
> Issue Type: Bug
> Components: Plugins and Lifecycle
>Affects Versions: 3.6.0, 3.6.3
> Environment: Win7, Win10, at least one variant of Linux (not sure
> which)
>Reporter: Mark Nolan
>Assignee: Sylwester Lachiewicz
>Priority: Major
> Labels: archetype
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
> Attachments: pom.xml
>
>
> A simple minimal archetype pom following the manual pages downloads
> plexus-utils 1.1, even though it is not (apparently) declared anywhere. This
> version is banned at my organization (edited to add: due to vulnerabilities),
> meaning such a pom always fails.
>
> {code:xml}
> http://maven.apache.org/POM/4.0.0";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> http://maven.apache.org/xsd/maven-4.0.0.xsd";>
> 4.0.0
> test
> test
> 0.0.1-SNAPSHOT
> maven-archetype
> test
>
>
>
> org.apache.maven.archetype
> archetype-packaging
> 3.1.2
>
>
>
>
>
> org.apache.maven.plugins
> maven-archetype-plugin
> 3.1.2
>
>
>
>
>
> {code}
> Running any goal, such as mvn -X clean, produces the following before the
> goal is executed:
> {code}
> [DEBUG] Dependency collection stats: {ConflictMarker.analyzeTime=952800,
> ConflictMarker.markTime=586900, ConflictMarker.nodeCount=1,
> ConflictIdSorter.graphTime=549200, ConflictIdSorter.topsortTime=586700,
> ConflictIdSorter.conflictIdCount=1, ConflictIdSorter.conflictIdCycleCount=0,
> ConflictResolver.totalTime=3313100, ConflictResolver.conflictItemCount=1,
> DefaultDependencyCollector.collectTime=66890900,
> DefaultDependencyCollector.transformTime=8523500}
> [DEBUG] org.apache.maven.archetype:archetype-packaging:jar:3.1.2:
> [DEBUG]org.codehaus.plexus:plexus-utils:jar:1.1:runtime
> {code}
>
> As far as I can see, there is no declared dependency on plexus-utils:1.1.
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Commented] (MNG-7504) Warning about unknown reportPlugins parameters for m-site-p are always generated
[
https://issues.apache.org/jira/browse/MNG-7504?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558892#comment-17558892
]
Hudson commented on MNG-7504:
-
Build succeeded in Jenkins: Maven » Maven TLP » maven » PR-756 #7
See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/PR-756/7/
> Warning about unknown reportPlugins parameters for m-site-p are always
> generated
>
>
> Key: MNG-7504
> URL: https://issues.apache.org/jira/browse/MNG-7504
> Project: Maven
> Issue Type: Bug
>Affects Versions: 3.9.0, 4.0.0
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.9.0
>
>
> In {{m-site-p 3.7}} configuration parameter {{reportPlugins}} was removed
> MSITE-792
> After MNG-7468 unknown parameter is detected and warning is generated.
> We have service {{org.apache.maven.model.plugin.DefaultReportingConverter}}
> which always add configuration for m-site-p with unsupported parameter
> {{reportPlugins}}.
> Configuration is added when project contains reporting sections.
> Possible solution
> - drop service - easy to implement but with impact on m-site-p < 3.7
> - detect m-site-p version in project - complicated
> - don't print warning about {{reportPlugins}} for {{m-site-p}} - easy but
> workaround
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[GitHub] [maven-javadoc-plugin] slachiewicz commented on pull request #148: Bump mrm-maven-plugin from 1.2.0 to 1.4.0
slachiewicz commented on PR #148: URL: https://github.com/apache/maven-javadoc-plugin/pull/148#issuecomment-1166549343 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-javadoc-plugin] slachiewicz commented on pull request #137: Bump plexus-java from 1.1.0 to 1.1.1
slachiewicz commented on PR #137: URL: https://github.com/apache/maven-javadoc-plugin/pull/137#issuecomment-1166549261 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-javadoc-plugin] slachiewicz commented on pull request #136: Bump maven-plugin-plugin from 3.6.1 to 3.6.4
slachiewicz commented on PR #136: URL: https://github.com/apache/maven-javadoc-plugin/pull/136#issuecomment-1166549166 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-javadoc-plugin] slachiewicz commented on pull request #98: use setup-java cache, more jdk
slachiewicz commented on PR #98: URL: https://github.com/apache/maven-javadoc-plugin/pull/98#issuecomment-1166549061 is this still valid? if yes, please rebase it -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-pmd-plugin] slachiewicz commented on pull request #54: Bump animal-sniffer-maven-plugin from 1.16 to 1.21
slachiewicz commented on PR #54: URL: https://github.com/apache/maven-pmd-plugin/pull/54#issuecomment-1166548436 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-pmd-plugin] slachiewicz commented on pull request #56: Bump plexus-resources from 1.1.0 to 1.2.0
slachiewicz commented on PR #56: URL: https://github.com/apache/maven-pmd-plugin/pull/56#issuecomment-1166548387 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-pmd-plugin] slachiewicz commented on pull request #57: Bump wiremock from 1.49 to 2.27.2
slachiewicz commented on PR #57: URL: https://github.com/apache/maven-pmd-plugin/pull/57#issuecomment-1166548346 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-pmd-plugin] slachiewicz commented on pull request #72: Bump commons-lang3 from 3.8.1 to 3.12.0
slachiewicz commented on PR #72: URL: https://github.com/apache/maven-pmd-plugin/pull/72#issuecomment-1166548295 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-assembly-plugin] dependabot[bot] commented on pull request #76: Bump plexus-io from 3.3.1 to 3.4.0
dependabot[bot] commented on PR #76: URL: https://github.com/apache/maven-assembly-plugin/pull/76#issuecomment-1166546781 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-assembly-plugin] slachiewicz closed pull request #76: Bump plexus-io from 3.3.1 to 3.4.0
slachiewicz closed pull request #76: Bump plexus-io from 3.3.1 to 3.4.0 URL: https://github.com/apache/maven-assembly-plugin/pull/76 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-assembly-plugin] dependabot[bot] commented on pull request #75: Bump plexus-archiver from 4.2.7 to 4.4.0
dependabot[bot] commented on PR #75: URL: https://github.com/apache/maven-assembly-plugin/pull/75#issuecomment-1166546751 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-assembly-plugin] slachiewicz closed pull request #75: Bump plexus-archiver from 4.2.7 to 4.4.0
slachiewicz closed pull request #75: Bump plexus-archiver from 4.2.7 to 4.4.0 URL: https://github.com/apache/maven-assembly-plugin/pull/75 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-archetype] slachiewicz closed pull request #100: Bump mavenVersion from 3.0 to 3.8.4
slachiewicz closed pull request #100: Bump mavenVersion from 3.0 to 3.8.4 URL: https://github.com/apache/maven-archetype/pull/100 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-archetype] dependabot[bot] commented on pull request #100: Bump mavenVersion from 3.0 to 3.8.4
dependabot[bot] commented on PR #100: URL: https://github.com/apache/maven-archetype/pull/100#issuecomment-1166546534 OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-6965) Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their classpath
[
https://issues.apache.org/jira/browse/MNG-6965?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=1755#comment-1755
]
Hudson commented on MNG-6965:
-
Build unstable in Jenkins: Maven » Maven TLP » maven » PR-756 #6
See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/PR-756/6/
> Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their
> classpath
>
>
> Key: MNG-6965
> URL: https://issues.apache.org/jira/browse/MNG-6965
> Project: Maven
> Issue Type: Bug
> Components: Plugins and Lifecycle
>Affects Versions: 3.6.0, 3.6.3
> Environment: Win7, Win10, at least one variant of Linux (not sure
> which)
>Reporter: Mark Nolan
>Assignee: Sylwester Lachiewicz
>Priority: Major
> Labels: archetype
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
> Attachments: pom.xml
>
>
> A simple minimal archetype pom following the manual pages downloads
> plexus-utils 1.1, even though it is not (apparently) declared anywhere. This
> version is banned at my organization (edited to add: due to vulnerabilities),
> meaning such a pom always fails.
>
> {code:xml}
> http://maven.apache.org/POM/4.0.0";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> http://maven.apache.org/xsd/maven-4.0.0.xsd";>
> 4.0.0
> test
> test
> 0.0.1-SNAPSHOT
> maven-archetype
> test
>
>
>
> org.apache.maven.archetype
> archetype-packaging
> 3.1.2
>
>
>
>
>
> org.apache.maven.plugins
> maven-archetype-plugin
> 3.1.2
>
>
>
>
>
> {code}
> Running any goal, such as mvn -X clean, produces the following before the
> goal is executed:
> {code}
> [DEBUG] Dependency collection stats: {ConflictMarker.analyzeTime=952800,
> ConflictMarker.markTime=586900, ConflictMarker.nodeCount=1,
> ConflictIdSorter.graphTime=549200, ConflictIdSorter.topsortTime=586700,
> ConflictIdSorter.conflictIdCount=1, ConflictIdSorter.conflictIdCycleCount=0,
> ConflictResolver.totalTime=3313100, ConflictResolver.conflictItemCount=1,
> DefaultDependencyCollector.collectTime=66890900,
> DefaultDependencyCollector.transformTime=8523500}
> [DEBUG] org.apache.maven.archetype:archetype-packaging:jar:3.1.2:
> [DEBUG]org.codehaus.plexus:plexus-utils:jar:1.1:runtime
> {code}
>
> As far as I can see, there is no declared dependency on plexus-utils:1.1.
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] (MNG-6965) Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their classpath
[ https://issues.apache.org/jira/browse/MNG-6965 ]
Herve Boutemy deleted comment on MNG-6965:
was (Author: hudson):
Build succeeded in Jenkins: Maven » Maven TLP » maven » MNG-6965 #17
See
https://ci-builds.apache.org/job/Maven/job/maven-box/job/maven/job/MNG-6965/17/
> Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their
> classpath
>
>
> Key: MNG-6965
> URL: https://issues.apache.org/jira/browse/MNG-6965
> Project: Maven
> Issue Type: Bug
> Components: Plugins and Lifecycle
>Affects Versions: 3.6.0, 3.6.3
> Environment: Win7, Win10, at least one variant of Linux (not sure
> which)
>Reporter: Mark Nolan
>Assignee: Sylwester Lachiewicz
>Priority: Major
> Labels: archetype
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
> Attachments: pom.xml
>
>
> A simple minimal archetype pom following the manual pages downloads
> plexus-utils 1.1, even though it is not (apparently) declared anywhere. This
> version is banned at my organization (edited to add: due to vulnerabilities),
> meaning such a pom always fails.
>
> {code:xml}
> http://maven.apache.org/POM/4.0.0";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> http://maven.apache.org/xsd/maven-4.0.0.xsd";>
> 4.0.0
> test
> test
> 0.0.1-SNAPSHOT
> maven-archetype
> test
>
>
>
> org.apache.maven.archetype
> archetype-packaging
> 3.1.2
>
>
>
>
>
> org.apache.maven.plugins
> maven-archetype-plugin
> 3.1.2
>
>
>
>
>
> {code}
> Running any goal, such as mvn -X clean, produces the following before the
> goal is executed:
> {code}
> [DEBUG] Dependency collection stats: {ConflictMarker.analyzeTime=952800,
> ConflictMarker.markTime=586900, ConflictMarker.nodeCount=1,
> ConflictIdSorter.graphTime=549200, ConflictIdSorter.topsortTime=586700,
> ConflictIdSorter.conflictIdCount=1, ConflictIdSorter.conflictIdCycleCount=0,
> ConflictResolver.totalTime=3313100, ConflictResolver.conflictItemCount=1,
> DefaultDependencyCollector.collectTime=66890900,
> DefaultDependencyCollector.transformTime=8523500}
> [DEBUG] org.apache.maven.archetype:archetype-packaging:jar:3.1.2:
> [DEBUG]org.codehaus.plexus:plexus-utils:jar:1.1:runtime
> {code}
>
> As far as I can see, there is no declared dependency on plexus-utils:1.1.
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] (MNG-6965) Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their classpath
[ https://issues.apache.org/jira/browse/MNG-6965 ]
Herve Boutemy deleted comment on MNG-6965:
was (Author: hudson):
Build unstable in Jenkins: Maven » Maven TLP » maven » MNG-6965 #15
See
https://ci-builds.apache.org/job/Maven/job/maven-box/job/maven/job/MNG-6965/15/
> Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their
> classpath
>
>
> Key: MNG-6965
> URL: https://issues.apache.org/jira/browse/MNG-6965
> Project: Maven
> Issue Type: Bug
> Components: Plugins and Lifecycle
>Affects Versions: 3.6.0, 3.6.3
> Environment: Win7, Win10, at least one variant of Linux (not sure
> which)
>Reporter: Mark Nolan
>Assignee: Sylwester Lachiewicz
>Priority: Major
> Labels: archetype
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
> Attachments: pom.xml
>
>
> A simple minimal archetype pom following the manual pages downloads
> plexus-utils 1.1, even though it is not (apparently) declared anywhere. This
> version is banned at my organization (edited to add: due to vulnerabilities),
> meaning such a pom always fails.
>
> {code:xml}
> http://maven.apache.org/POM/4.0.0";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> http://maven.apache.org/xsd/maven-4.0.0.xsd";>
> 4.0.0
> test
> test
> 0.0.1-SNAPSHOT
> maven-archetype
> test
>
>
>
> org.apache.maven.archetype
> archetype-packaging
> 3.1.2
>
>
>
>
>
> org.apache.maven.plugins
> maven-archetype-plugin
> 3.1.2
>
>
>
>
>
> {code}
> Running any goal, such as mvn -X clean, produces the following before the
> goal is executed:
> {code}
> [DEBUG] Dependency collection stats: {ConflictMarker.analyzeTime=952800,
> ConflictMarker.markTime=586900, ConflictMarker.nodeCount=1,
> ConflictIdSorter.graphTime=549200, ConflictIdSorter.topsortTime=586700,
> ConflictIdSorter.conflictIdCount=1, ConflictIdSorter.conflictIdCycleCount=0,
> ConflictResolver.totalTime=3313100, ConflictResolver.conflictItemCount=1,
> DefaultDependencyCollector.collectTime=66890900,
> DefaultDependencyCollector.transformTime=8523500}
> [DEBUG] org.apache.maven.archetype:archetype-packaging:jar:3.1.2:
> [DEBUG]org.codehaus.plexus:plexus-utils:jar:1.1:runtime
> {code}
>
> As far as I can see, there is no declared dependency on plexus-utils:1.1.
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Commented] (MNG-7401) Make MavenSession#getCurrentProject() using a thread local
[ https://issues.apache.org/jira/browse/MNG-7401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558865#comment-17558865 ] ASF GitHub Bot commented on MNG-7401: - michael-o commented on PR #743: URL: https://github.com/apache/maven/pull/743#issuecomment-1166493359 > I can write one for [MNG-7474](https://issues.apache.org/jira/browse/MNG-7474). [MNG-7401](https://issues.apache.org/jira/browse/MNG-7401) is an internal behavior and would require a junit test rather than an IT imho. I guess so that would be best > Make MavenSession#getCurrentProject() using a thread local > -- > > Key: MNG-7401 > URL: https://issues.apache.org/jira/browse/MNG-7401 > Project: Maven > Issue Type: Improvement >Reporter: Christoph Läubrich >Assignee: Guillaume Nodet >Priority: Major > Fix For: 3.9.0, waiting-for-feedback > > > I noticed that a session is often cloned due to change the current project > for a while. > As this works for everyone passing down the session, consumers of the "upper > session" (e.g. a SessionScoped Component) would never see this if they are > (indirectly) called and e.g. use Session#getCurrentProject(). > I wonder if MavenSession could simply use a ThreadLocal for the > currentProject (that is shared accross all cloned sessions), that way one > would always get the correct value. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[GitHub] [maven] michael-o commented on pull request #743: [3.9.x] [MNG-7401] [MNG-7474] Keep a single maven session and fix session scope
michael-o commented on PR #743: URL: https://github.com/apache/maven/pull/743#issuecomment-1166493359 > I can write one for [MNG-7474](https://issues.apache.org/jira/browse/MNG-7474). [MNG-7401](https://issues.apache.org/jira/browse/MNG-7401) is an internal behavior and would require a junit test rather than an IT imho. I guess so that would be best -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] (MNG-6965) Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their classpath
[ https://issues.apache.org/jira/browse/MNG-6965 ]
Herve Boutemy deleted comment on MNG-6965:
was (Author: hudson):
Build succeeded in Jenkins: Maven » Maven TLP » maven » PR-762 #3
See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/PR-762/3/
> Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their
> classpath
>
>
> Key: MNG-6965
> URL: https://issues.apache.org/jira/browse/MNG-6965
> Project: Maven
> Issue Type: Bug
> Components: Plugins and Lifecycle
>Affects Versions: 3.6.0, 3.6.3
> Environment: Win7, Win10, at least one variant of Linux (not sure
> which)
>Reporter: Mark Nolan
>Assignee: Sylwester Lachiewicz
>Priority: Major
> Labels: archetype
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
> Attachments: pom.xml
>
>
> A simple minimal archetype pom following the manual pages downloads
> plexus-utils 1.1, even though it is not (apparently) declared anywhere. This
> version is banned at my organization (edited to add: due to vulnerabilities),
> meaning such a pom always fails.
>
> {code:xml}
> http://maven.apache.org/POM/4.0.0";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> http://maven.apache.org/xsd/maven-4.0.0.xsd";>
> 4.0.0
> test
> test
> 0.0.1-SNAPSHOT
> maven-archetype
> test
>
>
>
> org.apache.maven.archetype
> archetype-packaging
> 3.1.2
>
>
>
>
>
> org.apache.maven.plugins
> maven-archetype-plugin
> 3.1.2
>
>
>
>
>
> {code}
> Running any goal, such as mvn -X clean, produces the following before the
> goal is executed:
> {code}
> [DEBUG] Dependency collection stats: {ConflictMarker.analyzeTime=952800,
> ConflictMarker.markTime=586900, ConflictMarker.nodeCount=1,
> ConflictIdSorter.graphTime=549200, ConflictIdSorter.topsortTime=586700,
> ConflictIdSorter.conflictIdCount=1, ConflictIdSorter.conflictIdCycleCount=0,
> ConflictResolver.totalTime=3313100, ConflictResolver.conflictItemCount=1,
> DefaultDependencyCollector.collectTime=66890900,
> DefaultDependencyCollector.transformTime=8523500}
> [DEBUG] org.apache.maven.archetype:archetype-packaging:jar:3.1.2:
> [DEBUG]org.codehaus.plexus:plexus-utils:jar:1.1:runtime
> {code}
>
> As far as I can see, there is no declared dependency on plexus-utils:1.1.
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] (MNG-6965) Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their classpath
[ https://issues.apache.org/jira/browse/MNG-6965 ]
Herve Boutemy deleted comment on MNG-6965:
was (Author: hudson):
Build succeeded in Jenkins: Maven » Maven TLP » maven » maven-3.9.x #50
See
https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/maven-3.9.x/50/
> Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their
> classpath
>
>
> Key: MNG-6965
> URL: https://issues.apache.org/jira/browse/MNG-6965
> Project: Maven
> Issue Type: Bug
> Components: Plugins and Lifecycle
>Affects Versions: 3.6.0, 3.6.3
> Environment: Win7, Win10, at least one variant of Linux (not sure
> which)
>Reporter: Mark Nolan
>Assignee: Sylwester Lachiewicz
>Priority: Major
> Labels: archetype
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
> Attachments: pom.xml
>
>
> A simple minimal archetype pom following the manual pages downloads
> plexus-utils 1.1, even though it is not (apparently) declared anywhere. This
> version is banned at my organization (edited to add: due to vulnerabilities),
> meaning such a pom always fails.
>
> {code:xml}
> http://maven.apache.org/POM/4.0.0";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> http://maven.apache.org/xsd/maven-4.0.0.xsd";>
> 4.0.0
> test
> test
> 0.0.1-SNAPSHOT
> maven-archetype
> test
>
>
>
> org.apache.maven.archetype
> archetype-packaging
> 3.1.2
>
>
>
>
>
> org.apache.maven.plugins
> maven-archetype-plugin
> 3.1.2
>
>
>
>
>
> {code}
> Running any goal, such as mvn -X clean, produces the following before the
> goal is executed:
> {code}
> [DEBUG] Dependency collection stats: {ConflictMarker.analyzeTime=952800,
> ConflictMarker.markTime=586900, ConflictMarker.nodeCount=1,
> ConflictIdSorter.graphTime=549200, ConflictIdSorter.topsortTime=586700,
> ConflictIdSorter.conflictIdCount=1, ConflictIdSorter.conflictIdCycleCount=0,
> ConflictResolver.totalTime=3313100, ConflictResolver.conflictItemCount=1,
> DefaultDependencyCollector.collectTime=66890900,
> DefaultDependencyCollector.transformTime=8523500}
> [DEBUG] org.apache.maven.archetype:archetype-packaging:jar:3.1.2:
> [DEBUG]org.codehaus.plexus:plexus-utils:jar:1.1:runtime
> {code}
>
> As far as I can see, there is no declared dependency on plexus-utils:1.1.
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] (MNG-6965) Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their classpath
[ https://issues.apache.org/jira/browse/MNG-6965 ]
Herve Boutemy deleted comment on MNG-6965:
was (Author: hudson):
Build failed in Jenkins: Maven » Maven TLP » maven » maven-3.9.x #49
See
https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/maven-3.9.x/49/
> Extensions suddenly have org.codehaus.plexus:plexus-utils:jar:1.1 on their
> classpath
>
>
> Key: MNG-6965
> URL: https://issues.apache.org/jira/browse/MNG-6965
> Project: Maven
> Issue Type: Bug
> Components: Plugins and Lifecycle
>Affects Versions: 3.6.0, 3.6.3
> Environment: Win7, Win10, at least one variant of Linux (not sure
> which)
>Reporter: Mark Nolan
>Assignee: Sylwester Lachiewicz
>Priority: Major
> Labels: archetype
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
> Attachments: pom.xml
>
>
> A simple minimal archetype pom following the manual pages downloads
> plexus-utils 1.1, even though it is not (apparently) declared anywhere. This
> version is banned at my organization (edited to add: due to vulnerabilities),
> meaning such a pom always fails.
>
> {code:xml}
> http://maven.apache.org/POM/4.0.0";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> http://maven.apache.org/xsd/maven-4.0.0.xsd";>
> 4.0.0
> test
> test
> 0.0.1-SNAPSHOT
> maven-archetype
> test
>
>
>
> org.apache.maven.archetype
> archetype-packaging
> 3.1.2
>
>
>
>
>
> org.apache.maven.plugins
> maven-archetype-plugin
> 3.1.2
>
>
>
>
>
> {code}
> Running any goal, such as mvn -X clean, produces the following before the
> goal is executed:
> {code}
> [DEBUG] Dependency collection stats: {ConflictMarker.analyzeTime=952800,
> ConflictMarker.markTime=586900, ConflictMarker.nodeCount=1,
> ConflictIdSorter.graphTime=549200, ConflictIdSorter.topsortTime=586700,
> ConflictIdSorter.conflictIdCount=1, ConflictIdSorter.conflictIdCycleCount=0,
> ConflictResolver.totalTime=3313100, ConflictResolver.conflictItemCount=1,
> DefaultDependencyCollector.collectTime=66890900,
> DefaultDependencyCollector.transformTime=8523500}
> [DEBUG] org.apache.maven.archetype:archetype-packaging:jar:3.1.2:
> [DEBUG]org.codehaus.plexus:plexus-utils:jar:1.1:runtime
> {code}
>
> As far as I can see, there is no declared dependency on plexus-utils:1.1.
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
