[GitHub] [maven-checkstyle-plugin] dependabot[bot] opened a new pull request, #83: Bump maven-project-info-reports-plugin from 3.3.0 to 3.4.0
dependabot[bot] opened a new pull request, #83: URL: https://github.com/apache/maven-checkstyle-plugin/pull/83 Bumps [maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.3.0 to 3.4.0. Commits https://github.com/apache/maven-project-info-reports-plugin/commit/85082c4989caa0119a36c26f81af9374c544a1e0;>85082c4 [maven-release-plugin] prepare release maven-project-info-reports-plugin-3.4.0 https://github.com/apache/maven-project-info-reports-plugin/commit/90f65c278974570de088b2bb58852a001739cea8;>90f65c2 [MPIR-422] Stop overriding AbstractMavenReport#execute() https://github.com/apache/maven-project-info-reports-plugin/commit/91d0efec3c94f1ad4f58913b5060a0237c66b3c0;>91d0efe [MPIR-421] Make all ITs with site.xml use an explicit skin https://github.com/apache/maven-project-info-reports-plugin/commit/384637630e36619ade5a8999ea01dc006b125058;>3846376 [MPIR-420] Uprade dependencies https://github.com/apache/maven-project-info-reports-plugin/commit/eeb81c8660fabecc5465b5ba514402737933f55c;>eeb81c8 [MPIR-407] Provide a way to map license names https://github.com/apache/maven-project-info-reports-plugin/commit/9430070ae3545ea15dff9cbcce649de33b89260e;>9430070 [MPIR-418] Add some i18n properties for zh_CH completely https://github.com/apache/maven-project-info-reports-plugin/commit/1c669e756fd33b115736347a795aadd87d9767f3;>1c669e7 [maven-release-plugin] prepare for next development iteration See full diff in https://github.com/apache/maven-project-info-reports-plugin/compare/maven-project-info-reports-plugin-3.3.0...maven-project-info-reports-plugin-3.4.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-project-info-reports-plugin=maven=3.3.0=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-help-plugin] dependabot[bot] opened a new pull request, #67: Bump maven-project-info-reports-plugin from 3.3.0 to 3.4.0
dependabot[bot] opened a new pull request, #67: URL: https://github.com/apache/maven-help-plugin/pull/67 Bumps [maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.3.0 to 3.4.0. Commits https://github.com/apache/maven-project-info-reports-plugin/commit/85082c4989caa0119a36c26f81af9374c544a1e0;>85082c4 [maven-release-plugin] prepare release maven-project-info-reports-plugin-3.4.0 https://github.com/apache/maven-project-info-reports-plugin/commit/90f65c278974570de088b2bb58852a001739cea8;>90f65c2 [MPIR-422] Stop overriding AbstractMavenReport#execute() https://github.com/apache/maven-project-info-reports-plugin/commit/91d0efec3c94f1ad4f58913b5060a0237c66b3c0;>91d0efe [MPIR-421] Make all ITs with site.xml use an explicit skin https://github.com/apache/maven-project-info-reports-plugin/commit/384637630e36619ade5a8999ea01dc006b125058;>3846376 [MPIR-420] Uprade dependencies https://github.com/apache/maven-project-info-reports-plugin/commit/eeb81c8660fabecc5465b5ba514402737933f55c;>eeb81c8 [MPIR-407] Provide a way to map license names https://github.com/apache/maven-project-info-reports-plugin/commit/9430070ae3545ea15dff9cbcce649de33b89260e;>9430070 [MPIR-418] Add some i18n properties for zh_CH completely https://github.com/apache/maven-project-info-reports-plugin/commit/1c669e756fd33b115736347a795aadd87d9767f3;>1c669e7 [maven-release-plugin] prepare for next development iteration See full diff in https://github.com/apache/maven-project-info-reports-plugin/compare/maven-project-info-reports-plugin-3.3.0...maven-project-info-reports-plugin-3.4.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-project-info-reports-plugin=maven=3.3.0=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-jlink-plugin] dependabot[bot] closed pull request #107: Bump maven-project-info-reports-plugin from 3.1.2 to 3.3.0
dependabot[bot] closed pull request #107: Bump maven-project-info-reports-plugin from 3.1.2 to 3.3.0 URL: https://github.com/apache/maven-jlink-plugin/pull/107 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-jlink-plugin] dependabot[bot] commented on pull request #107: Bump maven-project-info-reports-plugin from 3.1.2 to 3.3.0
dependabot[bot] commented on PR #107: URL: https://github.com/apache/maven-jlink-plugin/pull/107#issuecomment-1186739566 Superseded by #115. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-jlink-plugin] dependabot[bot] opened a new pull request, #115: Bump maven-project-info-reports-plugin from 3.1.2 to 3.4.0
dependabot[bot] opened a new pull request, #115: URL: https://github.com/apache/maven-jlink-plugin/pull/115 Bumps [maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.1.2 to 3.4.0. Commits https://github.com/apache/maven-project-info-reports-plugin/commit/85082c4989caa0119a36c26f81af9374c544a1e0;>85082c4 [maven-release-plugin] prepare release maven-project-info-reports-plugin-3.4.0 https://github.com/apache/maven-project-info-reports-plugin/commit/90f65c278974570de088b2bb58852a001739cea8;>90f65c2 [MPIR-422] Stop overriding AbstractMavenReport#execute() https://github.com/apache/maven-project-info-reports-plugin/commit/91d0efec3c94f1ad4f58913b5060a0237c66b3c0;>91d0efe [MPIR-421] Make all ITs with site.xml use an explicit skin https://github.com/apache/maven-project-info-reports-plugin/commit/384637630e36619ade5a8999ea01dc006b125058;>3846376 [MPIR-420] Uprade dependencies https://github.com/apache/maven-project-info-reports-plugin/commit/eeb81c8660fabecc5465b5ba514402737933f55c;>eeb81c8 [MPIR-407] Provide a way to map license names https://github.com/apache/maven-project-info-reports-plugin/commit/9430070ae3545ea15dff9cbcce649de33b89260e;>9430070 [MPIR-418] Add some i18n properties for zh_CH completely https://github.com/apache/maven-project-info-reports-plugin/commit/1c669e756fd33b115736347a795aadd87d9767f3;>1c669e7 [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven-project-info-reports-plugin/commit/563a0b261722719f9bf6ead946f3d5e30ef611c8;>563a0b2 [maven-release-plugin] prepare release maven-project-info-reports-plugin-3.3.0 https://github.com/apache/maven-project-info-reports-plugin/commit/9549763fbbdea2ee504412b06c2df1d14c25cb4a;>9549763 [MPIR-416] Upgrade maven-dependency-tree to 3.1.0 https://github.com/apache/maven-project-info-reports-plugin/commit/eab4f24d5cfc44aa91f62bde51e5f8001b36334f;>eab4f24 [MPIR-417] Upgrade Parent to 36 Additional commits viewable in https://github.com/apache/maven-project-info-reports-plugin/compare/maven-project-info-reports-plugin-3.1.2...maven-project-info-reports-plugin-3.4.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-project-info-reports-plugin=maven=3.1.2=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-apache-parent] dependabot[bot] opened a new pull request, #94: Bump maven-project-info-reports-plugin from 3.3.0 to 3.4.0
dependabot[bot] opened a new pull request, #94: URL: https://github.com/apache/maven-apache-parent/pull/94 Bumps [maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.3.0 to 3.4.0. Commits https://github.com/apache/maven-project-info-reports-plugin/commit/85082c4989caa0119a36c26f81af9374c544a1e0;>85082c4 [maven-release-plugin] prepare release maven-project-info-reports-plugin-3.4.0 https://github.com/apache/maven-project-info-reports-plugin/commit/90f65c278974570de088b2bb58852a001739cea8;>90f65c2 [MPIR-422] Stop overriding AbstractMavenReport#execute() https://github.com/apache/maven-project-info-reports-plugin/commit/91d0efec3c94f1ad4f58913b5060a0237c66b3c0;>91d0efe [MPIR-421] Make all ITs with site.xml use an explicit skin https://github.com/apache/maven-project-info-reports-plugin/commit/384637630e36619ade5a8999ea01dc006b125058;>3846376 [MPIR-420] Uprade dependencies https://github.com/apache/maven-project-info-reports-plugin/commit/eeb81c8660fabecc5465b5ba514402737933f55c;>eeb81c8 [MPIR-407] Provide a way to map license names https://github.com/apache/maven-project-info-reports-plugin/commit/9430070ae3545ea15dff9cbcce649de33b89260e;>9430070 [MPIR-418] Add some i18n properties for zh_CH completely https://github.com/apache/maven-project-info-reports-plugin/commit/1c669e756fd33b115736347a795aadd87d9767f3;>1c669e7 [maven-release-plugin] prepare for next development iteration See full diff in https://github.com/apache/maven-project-info-reports-plugin/compare/maven-project-info-reports-plugin-3.3.0...maven-project-info-reports-plugin-3.4.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-project-info-reports-plugin=maven=3.3.0=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven] michael-o commented on pull request #767: [MNG-7511] Ensure the degreeOfConcurrency is a positive number in MavenExecutionRequest
michael-o commented on PR #767: URL: https://github.com/apache/maven/pull/767#issuecomment-1186618300 @kwart Added a commit on top: * Using `C` not at the end was never documented, so it is undefined behavior. Thus, don't rely on * Change of exception: Well, it is CLI, not for embedding into an IDE or so. For the user on the CLI it does not matter. WDYT? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-7511) Ensure the degreeOfConcurrency is a positive number in MavenExecutionRequest
[ https://issues.apache.org/jira/browse/MNG-7511?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567748#comment-17567748 ] ASF GitHub Bot commented on MNG-7511: - michael-o commented on PR #767: URL: https://github.com/apache/maven/pull/767#issuecomment-1186618300 @kwart Added a commit on top: * Using `C` not at the end was never documented, so it is undefined behavior. Thus, don't rely on * Change of exception: Well, it is CLI, not for embedding into an IDE or so. For the user on the CLI it does not matter. WDYT? > Ensure the degreeOfConcurrency is a positive number in MavenExecutionRequest > > > Key: MNG-7511 > URL: https://issues.apache.org/jira/browse/MNG-7511 > Project: Maven > Issue Type: Bug > Components: Core >Affects Versions: 3.8.6 >Reporter: Josef Cacek >Assignee: Michael Osipov >Priority: Major > > The {{degreeOfConcurrency}} should always be a positive number, otherwise > builds might fail. > In Hazelcast we build with threads set to {{-T 0.5C}} in > [{{.mvn/maven.config}}|https://github.com/hazelcast/hazelcast/blob/v5.1.2/.mvn/maven.config]. > This is fine until we run the build on a single CPU machine. It fails then > with {{IllegalArgumentException}} as the computed {{degreeOfConcurrency == > 0}}. > Stacktrace from Maven 3.6.3: > {code} > [ERROR] IllegalArgumentException > java.lang.IllegalArgumentException > at java.util.concurrent.ThreadPoolExecutor. > (ThreadPoolExecutor.java:1293) > at java.util.concurrent.ThreadPoolExecutor. > (ThreadPoolExecutor.java:1215) > at java.util.concurrent.Executors.newFixedThreadPool (Executors.java:155) > at > org.apache.maven.lifecycle.internal.builder.multithreaded.MultiThreadedBuilder.build > (MultiThreadedBuilder.java:88) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:128) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke > (NativeMethodAccessorImpl.java:62) > at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke (Method.java:566) > at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced > (Launcher.java:282) > at org.codehaus.plexus.classworlds.launcher.Launcher.launch > (Launcher.java:225) > at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode > (Launcher.java:406) > at org.codehaus.plexus.classworlds.launcher.Launcher.main > (Launcher.java:347) > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (MNG-7515) Cannot see a dependency tree for apache-maven module
[ https://issues.apache.org/jira/browse/MNG-7515?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov reassigned MNG-7515: --- Assignee: Michael Osipov > Cannot see a dependency tree for apache-maven module > > > Key: MNG-7515 > URL: https://issues.apache.org/jira/browse/MNG-7515 > Project: Maven > Issue Type: Bug >Affects Versions: 3.8.6 >Reporter: Rafael Chaves >Assignee: Michael Osipov >Priority: Minor > > The {{apache-maven}} module configures maven-dependency-plugin under the > {{}} element, which prevents that plug-in from being used with custom > configuration from the command-line. > > {noformat} > mvn org.apache.maven.plugins:maven-dependency-plugin:3.3.0:list -f > apache-maven > [INFO] Scanning for projects... > [INFO] > [INFO] ---< org.apache.maven:apache-maven > > > [INFO] Building Apache Maven Distribution 3.6.3 > [INFO] [ pom > ]- > [INFO] > [INFO] --- maven-dependency-plugin:3.3.0:list (default-cli) @ apache-maven --- > [INFO] > [INFO] The following files have been resolved: > [INFO] org.fusesource.jansi:jansi:jar:1.17.1:compile -- module jansi (auto) > [INFO] > [INFO] > > [INFO] BUILD SUCCESS > [INFO] > > [INFO] Total time: 0.483 s > [INFO] Finished at: 2022-07-14T16:55:57-03:00 > [INFO] > {noformat} > The `dependency:tree` goal under debug mode shows something interesting: > {noformat} > [DEBUG] + Filtering dependency tree by artifact include patterns: > [META-INF/native/**]{noformat} > Turns out the apache-maven module configures the dependency plugin in a way > that prevents it from being used from the command-line: > > {noformat} > > > org.apache.maven.plugins > maven-dependency-plugin > > jansi > META-INF/native/** > > > > unpack-jansi-native > > unpack-dependencies > > > > {noformat} > > Moving the configuration element to under the {{}} element avoids > the issue: > {noformat} > mvn org.apache.maven.plugins:maven-dependency-plugin:3.3.0:list -f > apache-maven > [INFO] Scanning for projects... > [INFO] > [INFO] ---< org.apache.maven:apache-maven > > > [INFO] Building Apache Maven Distribution 3.6.3 > [INFO] [ pom > ]- > [INFO] > [INFO] --- maven-dependency-plugin:3.3.0:list (default-cli) @ apache-maven --- > [INFO] > [INFO] The following files have been resolved: > [INFO]org.apache.maven:maven-embedder:jar:3.6.3:compile -- module > maven.embedder (auto) > [INFO]org.apache.maven:maven-settings:jar:3.6.3:compile -- module > maven.settings (auto) > [INFO]org.apache.maven:maven-settings-builder:jar:3.6.3:compile -- module > maven.settings.builder (auto) > [INFO]org.apache.maven:maven-plugin-api:jar:3.6.3:compile -- module > maven.plugin.api (auto) > [INFO]org.apache.maven:maven-model:jar:3.6.3:compile -- module > maven.model (auto) > [INFO]org.apache.maven:maven-model-builder:jar:3.6.3:compile -- module > maven.model.builder (auto) > [INFO]org.apache.maven:maven-builder-support:jar:3.6.3:compile -- module > maven.builder.support (auto) > [INFO]org.apache.maven.resolver:maven-resolver-api:jar:1.4.1:compile -- > module org.apache.maven.resolver [auto] > [INFO]org.apache.maven.resolver:maven-resolver-util:jar:1.4.1:compile -- > module org.apache.maven.resolver.util [auto] > [INFO]org.apache.maven.shared:maven-shared-utils:jar:3.2.1:compile -- > module maven.shared.utils (auto) > [INFO]commons-io:commons-io:jar:2.5:compile -- module commons.io (auto) > [INFO]com.google.inject:guice:jar:no_aop:4.2.1:compile -- module > com.google.guice [auto] > [INFO]com.google.guava:guava:jar:25.1-android:compile -- module > com.google.common [auto] > [INFO]javax.inject:javax.inject:jar:1:compile -- module javax.inject > (auto) > [INFO]javax.annotation:jsr250-api:jar:1.0:compile -- module jsr250.api > (auto) > [INFO]org.codehaus.plexus:plexus-utils:jar:3.2.1:compile -- module > plexus.utils (auto) > [INFO]org.codehaus.plexus:plexus-classworlds:jar:2.6.0:compile -- module > plexus.classworlds (auto) > [INFO]org.sonatype.plexus:plexus-sec-dispatcher:jar:1.4:compile -- module > plexus.sec.dispatcher (auto) > [INFO]org.sonatype.plexus:plexus-cipher:jar:1.7:compile -- module > plexus.cipher (auto) >
[jira] [Commented] (MNG-7515) Cannot see a dependency tree for apache-maven module
[ https://issues.apache.org/jira/browse/MNG-7515?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567744#comment-17567744 ] Michael Osipov commented on MNG-7515: - ...I was hit by this today as well. {{mvn dependency:tree}} does not work too. > Cannot see a dependency tree for apache-maven module > > > Key: MNG-7515 > URL: https://issues.apache.org/jira/browse/MNG-7515 > Project: Maven > Issue Type: Bug >Affects Versions: 3.8.6 >Reporter: Rafael Chaves >Priority: Minor > > The {{apache-maven}} module configures maven-dependency-plugin under the > {{}} element, which prevents that plug-in from being used with custom > configuration from the command-line. > > {noformat} > mvn org.apache.maven.plugins:maven-dependency-plugin:3.3.0:list -f > apache-maven > [INFO] Scanning for projects... > [INFO] > [INFO] ---< org.apache.maven:apache-maven > > > [INFO] Building Apache Maven Distribution 3.6.3 > [INFO] [ pom > ]- > [INFO] > [INFO] --- maven-dependency-plugin:3.3.0:list (default-cli) @ apache-maven --- > [INFO] > [INFO] The following files have been resolved: > [INFO] org.fusesource.jansi:jansi:jar:1.17.1:compile -- module jansi (auto) > [INFO] > [INFO] > > [INFO] BUILD SUCCESS > [INFO] > > [INFO] Total time: 0.483 s > [INFO] Finished at: 2022-07-14T16:55:57-03:00 > [INFO] > {noformat} > The `dependency:tree` goal under debug mode shows something interesting: > {noformat} > [DEBUG] + Filtering dependency tree by artifact include patterns: > [META-INF/native/**]{noformat} > Turns out the apache-maven module configures the dependency plugin in a way > that prevents it from being used from the command-line: > > {noformat} > > > org.apache.maven.plugins > maven-dependency-plugin > > jansi > META-INF/native/** > > > > unpack-jansi-native > > unpack-dependencies > > > > {noformat} > > Moving the configuration element to under the {{}} element avoids > the issue: > {noformat} > mvn org.apache.maven.plugins:maven-dependency-plugin:3.3.0:list -f > apache-maven > [INFO] Scanning for projects... > [INFO] > [INFO] ---< org.apache.maven:apache-maven > > > [INFO] Building Apache Maven Distribution 3.6.3 > [INFO] [ pom > ]- > [INFO] > [INFO] --- maven-dependency-plugin:3.3.0:list (default-cli) @ apache-maven --- > [INFO] > [INFO] The following files have been resolved: > [INFO]org.apache.maven:maven-embedder:jar:3.6.3:compile -- module > maven.embedder (auto) > [INFO]org.apache.maven:maven-settings:jar:3.6.3:compile -- module > maven.settings (auto) > [INFO]org.apache.maven:maven-settings-builder:jar:3.6.3:compile -- module > maven.settings.builder (auto) > [INFO]org.apache.maven:maven-plugin-api:jar:3.6.3:compile -- module > maven.plugin.api (auto) > [INFO]org.apache.maven:maven-model:jar:3.6.3:compile -- module > maven.model (auto) > [INFO]org.apache.maven:maven-model-builder:jar:3.6.3:compile -- module > maven.model.builder (auto) > [INFO]org.apache.maven:maven-builder-support:jar:3.6.3:compile -- module > maven.builder.support (auto) > [INFO]org.apache.maven.resolver:maven-resolver-api:jar:1.4.1:compile -- > module org.apache.maven.resolver [auto] > [INFO]org.apache.maven.resolver:maven-resolver-util:jar:1.4.1:compile -- > module org.apache.maven.resolver.util [auto] > [INFO]org.apache.maven.shared:maven-shared-utils:jar:3.2.1:compile -- > module maven.shared.utils (auto) > [INFO]commons-io:commons-io:jar:2.5:compile -- module commons.io (auto) > [INFO]com.google.inject:guice:jar:no_aop:4.2.1:compile -- module > com.google.guice [auto] > [INFO]com.google.guava:guava:jar:25.1-android:compile -- module > com.google.common [auto] > [INFO]javax.inject:javax.inject:jar:1:compile -- module javax.inject > (auto) > [INFO]javax.annotation:jsr250-api:jar:1.0:compile -- module jsr250.api > (auto) > [INFO]org.codehaus.plexus:plexus-utils:jar:3.2.1:compile -- module > plexus.utils (auto) > [INFO]org.codehaus.plexus:plexus-classworlds:jar:2.6.0:compile -- module > plexus.classworlds (auto) > [INFO]org.sonatype.plexus:plexus-sec-dispatcher:jar:1.4:compile -- module > plexus.sec.dispatcher (auto) > [INFO]
[jira] [Commented] (MNG-7511) Ensure the degreeOfConcurrency is a positive number in MavenExecutionRequest
[ https://issues.apache.org/jira/browse/MNG-7511?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567738#comment-17567738 ] ASF GitHub Bot commented on MNG-7511: - michael-o commented on PR #767: URL: https://github.com/apache/maven/pull/767#issuecomment-1186597152 Picking this up...A breaking change in Maven 4 is fully acceptable. > Ensure the degreeOfConcurrency is a positive number in MavenExecutionRequest > > > Key: MNG-7511 > URL: https://issues.apache.org/jira/browse/MNG-7511 > Project: Maven > Issue Type: Bug > Components: Core >Affects Versions: 3.8.6 >Reporter: Josef Cacek >Assignee: Michael Osipov >Priority: Major > > The {{degreeOfConcurrency}} should always be a positive number, otherwise > builds might fail. > In Hazelcast we build with threads set to {{-T 0.5C}} in > [{{.mvn/maven.config}}|https://github.com/hazelcast/hazelcast/blob/v5.1.2/.mvn/maven.config]. > This is fine until we run the build on a single CPU machine. It fails then > with {{IllegalArgumentException}} as the computed {{degreeOfConcurrency == > 0}}. > Stacktrace from Maven 3.6.3: > {code} > [ERROR] IllegalArgumentException > java.lang.IllegalArgumentException > at java.util.concurrent.ThreadPoolExecutor. > (ThreadPoolExecutor.java:1293) > at java.util.concurrent.ThreadPoolExecutor. > (ThreadPoolExecutor.java:1215) > at java.util.concurrent.Executors.newFixedThreadPool (Executors.java:155) > at > org.apache.maven.lifecycle.internal.builder.multithreaded.MultiThreadedBuilder.build > (MultiThreadedBuilder.java:88) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:128) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke > (NativeMethodAccessorImpl.java:62) > at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke (Method.java:566) > at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced > (Launcher.java:282) > at org.codehaus.plexus.classworlds.launcher.Launcher.launch > (Launcher.java:225) > at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode > (Launcher.java:406) > at org.codehaus.plexus.classworlds.launcher.Launcher.main > (Launcher.java:347) > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven] michael-o commented on pull request #767: [MNG-7511] Ensure the degreeOfConcurrency is a positive number in MavenExecutionRequest
michael-o commented on PR #767: URL: https://github.com/apache/maven/pull/767#issuecomment-1186597152 Picking this up...A breaking change in Maven 4 is fully acceptable. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven] michael-o opened a new pull request, #769: Clean up dependency warnings by dependency:analyze
michael-o opened a new pull request, #769: URL: https://github.com/apache/maven/pull/769 Following this checklist to help us incorporate your contribution quickly and easily: - [ ] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/MNG) filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes. - [ ] Each commit in the pull request should have a meaningful subject line and body. - [ ] Format the pull request title like `[MNG-XXX] SUMMARY`, where you replace `MNG-XXX` and `SUMMARY` with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message. - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [ ] Run `mvn clean verify` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically. - [ ] You have run the [Core IT][core-its] successfully. If your pull request is about ~20 lines of code you don't need to sign an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure please ask on the developers list. To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) you have to acknowledge this by using the following check-box. - [ ] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) - [ ] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf). [core-its]: https://maven.apache.org/core-its/core-it-suite/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MSHADE-385) Support for Multi-Release-JARs
[ https://issues.apache.org/jira/browse/MSHADE-385?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567694#comment-17567694 ] Lucas Theisen commented on MSHADE-385: -- [~romain.manni-bucau], yeah, i just ran across [this StackOverflow|https://stackoverflow.com/a/54713830/516433] that showed the exact location: {code:xml} org.apache.maven.plugins maven-shade-plugin 3.2.1 package shade foo.bar.Generate true {code} which the [previous comment hinted at|https://issues.apache.org/jira/browse/MSHADE-385?focusedCommentId=17313924=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17313924], but i couldn't confirm the exact location and the documentation does not explicitly mention. I even tried looking in [the source|https://github.com/apache/maven-shade-plugin/blob/maven-shade-plugin-3.3.0/src/main/java/org/apache/maven/plugins/shade/resource/ManifestResourceTransformer.java] for the {{ManifestResourceTransformer}} but that doesn't appear to support the option. Anyway, I just tested and it _does_ work, it is apparently just an _undocumented_ option that I cannot find the source code that deals with it. > Support for Multi-Release-JARs > -- > > Key: MSHADE-385 > URL: https://issues.apache.org/jira/browse/MSHADE-385 > Project: Maven Shade Plugin > Issue Type: New Feature >Affects Versions: 3.3.0 >Reporter: Markus Karg >Priority: Major > > Maven Shade Plugin currently is unable to deal with multi-release JARs, hence > it always (and only) picks the lowest commen nominator (fallback) class. > > Actually the plugin should instead produce a multi-release JAR, hence pick > all class versions. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MINSTALL-160) generatePom=true with 3.0.0-M1 does not generate minimal POM but copies existing one
[ https://issues.apache.org/jira/browse/MINSTALL-160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamás Cservenák updated MINSTALL-160: - Affects Version/s: 3.0.0 3.0.0-M2 > generatePom=true with 3.0.0-M1 does not generate minimal POM but copies > existing one > > > Key: MINSTALL-160 > URL: https://issues.apache.org/jira/browse/MINSTALL-160 > Project: Maven Install Plugin > Issue Type: Bug > Components: install:install-file >Affects Versions: 3.0.0-M1, 3.0.0, 3.0.0-M2 >Reporter: Václav Haisman >Priority: Major > Fix For: 3.0.1 > > > I am using install:install-file with generatePom=true to install JAR with > minimal POM file. This has stopped working with 3.0.0-M1. With 3.0.0-M1, it > copeis existing project pom.xml instead of generating a minimal one. > > This is easily reproducible with minimal project: > {code:java} > > http://maven.apache.org/POM/4.0.0; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > http://maven.apache.org/xsd/maven-4.0.0.xsd;> > 4.0.0 > maven.install.plugin.issue > maven.install.plugin.issue > 1.0-SNAPSHOT > jar > maven.install.plugin.issue > > 1.6 > 1.6 > > > > > > maven-install-plugin > > 3.0.0-M1 > > > > > > > maven-install-plugin > > > default-install > none > install > > > custom-install > install > > install-file > > > > ${project.build.directory}/${project.artifactId}-${project.version}.${project.packaging} > true > > > > > > > > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSHARED-1104) Pattern w/ 4 elements may be GATV or GATC
[ https://issues.apache.org/jira/browse/MSHARED-1104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567691#comment-17567691 ] Hudson commented on MSHARED-1104: - Build succeeded in Jenkins: Maven » Maven TLP » maven-common-artifact-filters » master #15 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-common-artifact-filters/job/master/15/ > Pattern w/ 4 elements may be GATV or GATC > - > > Key: MSHARED-1104 > URL: https://issues.apache.org/jira/browse/MSHARED-1104 > Project: Maven Shared Components > Issue Type: Bug > Components: maven-common-artifact-filters >Affects Versions: maven-common-artifact-filters-3.3.0 >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > Fix For: maven-common-artifact-filters-3.3.1 > > > Currently pattern having 4 tokens (X:Y:Z:Q) are parsed as GATV patterns by > PatternIncludesArtifactFilter. > Seems older code (before rewrite) recognized these patterns as both GATV and > GATC. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (MSHARED-1104) Pattern w/ 4 elements may be GATV or GATC
[ https://issues.apache.org/jira/browse/MSHARED-1104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamás Cservenák resolved MSHARED-1104. -- Resolution: Fixed > Pattern w/ 4 elements may be GATV or GATC > - > > Key: MSHARED-1104 > URL: https://issues.apache.org/jira/browse/MSHARED-1104 > Project: Maven Shared Components > Issue Type: Bug > Components: maven-common-artifact-filters >Affects Versions: maven-common-artifact-filters-3.3.0 >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > Fix For: maven-common-artifact-filters-3.3.1 > > > Currently pattern having 4 tokens (X:Y:Z:Q) are parsed as GATV patterns by > PatternIncludesArtifactFilter. > Seems older code (before rewrite) recognized these patterns as both GATV and > GATC. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MSHARED-1104) Pattern w/ 4 elements may be GATV or GATC
[ https://issues.apache.org/jira/browse/MSHARED-1104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamás Cservenák closed MSHARED-1104. > Pattern w/ 4 elements may be GATV or GATC > - > > Key: MSHARED-1104 > URL: https://issues.apache.org/jira/browse/MSHARED-1104 > Project: Maven Shared Components > Issue Type: Bug > Components: maven-common-artifact-filters >Affects Versions: maven-common-artifact-filters-3.3.0 >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > Fix For: maven-common-artifact-filters-3.3.1 > > > Currently pattern having 4 tokens (X:Y:Z:Q) are parsed as GATV patterns by > PatternIncludesArtifactFilter. > Seems older code (before rewrite) recognized these patterns as both GATV and > GATC. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-common-artifact-filters] cstamas merged pull request #29: [MSHARED-1104] Four element pattern may be GATV or GATC
cstamas merged PR #29: URL: https://github.com/apache/maven-common-artifact-filters/pull/29 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MRRESOURCES-118) Require Maven 3.2.5
[ https://issues.apache.org/jira/browse/MRRESOURCES-118?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov updated MRRESOURCES-118: --- Summary: Require Maven 3.2.5 (was: Require Maven 3.2.0) > Require Maven 3.2.5 > --- > > Key: MRRESOURCES-118 > URL: https://issues.apache.org/jira/browse/MRRESOURCES-118 > Project: Maven Remote Resources Plugin > Issue Type: Improvement >Reporter: Guillaume Nodet >Assignee: Guillaume Nodet >Priority: Major > Fix For: 3.0.0 > > > Upgrading to maven 3.1.1 is not really possible as the > {{ProjectArtifactFactory}} has been introduced in 3.2.x branch and is > required in order to get rid of the deprecated > {{MavenProject.createArtifacts(xxx)}} method. > The {{ModelInheritanceAssembler}} and {{ModelUtils}} have been imported from > {{maven-compat}} in order to not depend on that deprecated jar. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-common-artifact-filters] cstamas commented on a diff in pull request #29: [MSHARED-1104] Four element pattern may be GATV or GATC
cstamas commented on code in PR #29: URL: https://github.com/apache/maven-common-artifact-filters/pull/29#discussion_r922863901 ## src/main/java/org/apache/maven/shared/artifact/filter/PatternIncludesArtifactFilter.java: ## @@ -481,15 +475,22 @@ else if ( ANY.equals( tokens[1] ) ) } } -private static Pattern toPattern( final String token, final Coordinate coordinate ) +private static Pattern toPattern( final String token, final Coordinate... coordinate ) Review Comment: fixed ## src/main/java/org/apache/maven/shared/artifact/filter/PatternIncludesArtifactFilter.java: ## @@ -481,15 +475,22 @@ else if ( ANY.equals( tokens[1] ) ) } } -private static Pattern toPattern( final String token, final Coordinate coordinate ) +private static Pattern toPattern( final String token, final Coordinate... coordinate ) +{ +return toPattern( token, token, coordinate ); +} + +private static Pattern toPattern( final String pattern, final String token, final Coordinate... coordinate ) Review Comment: fixed -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MRAR-87) Upgrade Maven to 3.3.9
[ https://issues.apache.org/jira/browse/MRAR-87?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567689#comment-17567689 ] Hudson commented on MRAR-87: Build succeeded in Jenkins: Maven » Maven TLP » maven-rar-plugin » master #9 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-rar-plugin/job/master/9/ > Upgrade Maven to 3.3.9 > -- > > Key: MRAR-87 > URL: https://issues.apache.org/jira/browse/MRAR-87 > Project: Maven RAR Plugin > Issue Type: Dependency upgrade >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > Fix For: 3.0.0 > > > Update changes: > * up required Maven to 3.3.9+ (as between 3.2.5 and 3.3.9 there was a > breakage in maven re plugin lifecycle mappings) > * make maven bits provided scope > * update dependencies -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MRAR-87) Upgrade Maven to 3.3.9
[ https://issues.apache.org/jira/browse/MRAR-87?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamás Cservenák closed MRAR-87. --- Resolution: Fixed > Upgrade Maven to 3.3.9 > -- > > Key: MRAR-87 > URL: https://issues.apache.org/jira/browse/MRAR-87 > Project: Maven RAR Plugin > Issue Type: Dependency upgrade >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > Fix For: 3.0.0 > > > Update changes: > * up required Maven to 3.3.9+ (as between 3.2.5 and 3.3.9 there was a > breakage in maven re plugin lifecycle mappings) > * make maven bits provided scope > * update dependencies -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-rar-plugin] cstamas merged pull request #3: [MRAR-87] Upgrade to Maven 3.3.9 and drop legacy
cstamas merged PR #3: URL: https://github.com/apache/maven-rar-plugin/pull/3 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MRRESOURCES-119) Update plugin dependencies
[ https://issues.apache.org/jira/browse/MRRESOURCES-119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567685#comment-17567685 ] Hudson commented on MRRESOURCES-119: Build unstable in Jenkins: Maven » Maven TLP » maven-remote-resources-plugin » master #11 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-remote-resources-plugin/job/master/11/ > Update plugin dependencies > -- > > Key: MRRESOURCES-119 > URL: https://issues.apache.org/jira/browse/MRRESOURCES-119 > Project: Maven Remote Resources Plugin > Issue Type: Task >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > Fix For: 3.0.0 > > > Update relevant bits: > * parent POM 36 > * set proper scopes for maven bits > * update deps > * keep Java7 level > * prepare for first 3.x release of this plugin -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-remote-resources-plugin] dependabot[bot] opened a new pull request, #7: Bump commons-io from 2.6 to 2.7
dependabot[bot] opened a new pull request, #7: URL: https://github.com/apache/maven-remote-resources-plugin/pull/7 Bumps commons-io from 2.6 to 2.7. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.6=2.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-remote-resources-plugin/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MRRESOURCES-119) Update plugin dependencies
[ https://issues.apache.org/jira/browse/MRRESOURCES-119?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamás Cservenák closed MRRESOURCES-119. --- > Update plugin dependencies > -- > > Key: MRRESOURCES-119 > URL: https://issues.apache.org/jira/browse/MRRESOURCES-119 > Project: Maven Remote Resources Plugin > Issue Type: Task >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > Fix For: 3.0.0 > > > Update relevant bits: > * parent POM 36 > * set proper scopes for maven bits > * update deps > * keep Java7 level > * prepare for first 3.x release of this plugin -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (MRRESOURCES-119) Update plugin dependencies
[ https://issues.apache.org/jira/browse/MRRESOURCES-119?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamás Cservenák resolved MRRESOURCES-119. - Resolution: Fixed > Update plugin dependencies > -- > > Key: MRRESOURCES-119 > URL: https://issues.apache.org/jira/browse/MRRESOURCES-119 > Project: Maven Remote Resources Plugin > Issue Type: Task >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > Fix For: 3.0.0 > > > Update relevant bits: > * parent POM 36 > * set proper scopes for maven bits > * update deps > * keep Java7 level > * prepare for first 3.x release of this plugin -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MRRESOURCES-102) Filtering of non-.vm files
[ https://issues.apache.org/jira/browse/MRRESOURCES-102?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamás Cservenák updated MRRESOURCES-102: Fix Version/s: (was: 3.0.0) > Filtering of non-.vm files > -- > > Key: MRRESOURCES-102 > URL: https://issues.apache.org/jira/browse/MRRESOURCES-102 > Project: Maven Remote Resources Plugin > Issue Type: New Feature >Affects Versions: 1.5 >Reporter: Falko Modler >Priority: Major > > It would be a very welcomed addition if the plugin would also filter > non-verlocity (.vm) files. > See also: MRRESOURCES-83 > Renaming the files in question to *.vm is not an option for me because: > - MRRESOURCES-94 > - the module _providing_ the file(s) also needs them _without_ .vm suffix > (fixing this would require some other plugin) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-remote-resources-plugin] cstamas merged pull request #6: [MRRESOURCES-119] Update plugin to 3.x
cstamas merged PR #6: URL: https://github.com/apache/maven-remote-resources-plugin/pull/6 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-7513) Address commons-io_commons-io vulnerability found in maven latest version
[ https://issues.apache.org/jira/browse/MNG-7513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567683#comment-17567683 ] Michael Osipov commented on MNG-7513: - [~slachiewicz], we do as a transitive dep: {noformat} [INFO] +- org.apache.maven.shared:maven-shared-utils:jar:3.3.4:compile [INFO] | \- commons-io:commons-io:jar:2.6:compile {noformat} and the only thing used from Maven Shared Utils are message colorization stuff. We can take a look at all relevant code in MSU and likely exclude Commons IO. > Address commons-io_commons-io vulnerability found in maven latest version > - > > Key: MNG-7513 > URL: https://issues.apache.org/jira/browse/MNG-7513 > Project: Maven > Issue Type: Task >Affects Versions: 3.8.6 >Reporter: Polu Ram Charan Teja >Priority: Major > > In the maven latest version 3.8.6 one dependency is identified with known > vulnerabilities in commons-io-2.6.jar CVE-2021-29425. so please suggest if > you have plan to upgrade commons-io to latest version as we are getting > impacted due to security checks -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSHADE-385) Support for Multi-Release-JARs
[ https://issues.apache.org/jira/browse/MSHADE-385?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567680#comment-17567680 ] Romain Manni-Bucau commented on MSHADE-385: --- Hi [~lucastheisen] , did you set it in manifest entries? > Support for Multi-Release-JARs > -- > > Key: MSHADE-385 > URL: https://issues.apache.org/jira/browse/MSHADE-385 > Project: Maven Shade Plugin > Issue Type: New Feature >Affects Versions: 3.3.0 >Reporter: Markus Karg >Priority: Major > > Maven Shade Plugin currently is unable to deal with multi-release JARs, hence > it always (and only) picks the lowest commen nominator (fallback) class. > > Actually the plugin should instead produce a multi-release JAR, hence pick > all class versions. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7513) Address commons-io_commons-io vulnerability found in maven latest version
[ https://issues.apache.org/jira/browse/MNG-7513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567676#comment-17567676 ] Sylwester Lachiewicz commented on MNG-7513: --- we do not deliver commons-io.jar with maven dist. Could you specify what exactly dependency pull this commons-io (maybe screenshot with dependency tree?) > Address commons-io_commons-io vulnerability found in maven latest version > - > > Key: MNG-7513 > URL: https://issues.apache.org/jira/browse/MNG-7513 > Project: Maven > Issue Type: Task >Affects Versions: 3.8.6 >Reporter: Polu Ram Charan Teja >Priority: Major > > In the maven latest version 3.8.6 one dependency is identified with known > vulnerabilities in commons-io-2.6.jar CVE-2021-29425. so please suggest if > you have plan to upgrade commons-io to latest version as we are getting > impacted due to security checks -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSHADE-385) Support for Multi-Release-JARs
[ https://issues.apache.org/jira/browse/MSHADE-385?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567674#comment-17567674 ] Lucas Theisen commented on MSHADE-385: -- Maybe i am missing something, but i do not see a {{Multi-Release}} option in the [{{ManifestResourceTransformer}} configuration documentation|https://maven.apache.org/plugins/maven-shade-plugin/examples/resource-transformers.html#ManifestResourceTransformer]. Is this a case of missing documentation, or an unpublished feature, or am i must looking in the wrong place? > Support for Multi-Release-JARs > -- > > Key: MSHADE-385 > URL: https://issues.apache.org/jira/browse/MSHADE-385 > Project: Maven Shade Plugin > Issue Type: New Feature >Affects Versions: 3.3.0 >Reporter: Markus Karg >Priority: Major > > Maven Shade Plugin currently is unable to deal with multi-release JARs, hence > it always (and only) picks the lowest commen nominator (fallback) class. > > Actually the plugin should instead produce a multi-release JAR, hence pick > all class versions. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SCM-945) Support OpenSSH private keys with maven-scm-provider-jgit
[ https://issues.apache.org/jira/browse/SCM-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567669#comment-17567669 ] ASF GitHub Bot commented on SCM-945: michael-o commented on PR #153: URL: https://github.com/apache/maven-scm/pull/153#issuecomment-1186543728 > > I mean that you can now supply an expliclt key which wasn't supported by now > > This is not part of this PR either. I will provide one for that separately. Sorry, I guess my brain really working today. Please continue m I'll try to catch up tomorrow. > Support OpenSSH private keys with maven-scm-provider-jgit > - > > Key: SCM-945 > URL: https://issues.apache.org/jira/browse/SCM-945 > Project: Maven SCM > Issue Type: Bug > Components: maven-scm-provider-jgit >Affects Versions: 1.11.2 >Reporter: Konrad Windszus >Assignee: Michael Osipov >Priority: Major > > For SSH based authentication with private keys in the OpenSSH format the > following error is being emitted: {{invalid privatekey: ...}} > This is due to the use of JGit 4.5.4 > (https://github.com/apache/maven-scm/blob/c5eb2c187568809e0dc0ea9ac83031f1dcb5ad1a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/pom.xml#L53) > which used JSch which lacks support for those private keys. JGit 5.2 comes > with a new SSH implementation > (https://bugs.eclipse.org/bugs/show_bug.cgi?id=520927) and should by that > also support OpenSSH private keys. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-scm] michael-o commented on pull request #153: [SCM-945] Update to JGit 5.13.1 leveraging Apache Mina SSHD
michael-o commented on PR #153: URL: https://github.com/apache/maven-scm/pull/153#issuecomment-1186543728 > > I mean that you can now supply an expliclt key which wasn't supported by now > > This is not part of this PR either. I will provide one for that separately. Sorry, I guess my brain really working today. Please continue m I'll try to catch up tomorrow. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MGPG-83) Require Maven 3.2.5+
[ https://issues.apache.org/jira/browse/MGPG-83?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567665#comment-17567665 ] Hudson commented on MGPG-83: Build succeeded in Jenkins: Maven » Maven TLP » maven-gpg-plugin » master #16 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-gpg-plugin/job/master/16/ > Require Maven 3.2.5+ > > > Key: MGPG-83 > URL: https://issues.apache.org/jira/browse/MGPG-83 > Project: Maven GPG Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SCM-945) Support OpenSSH private keys with maven-scm-provider-jgit
[ https://issues.apache.org/jira/browse/SCM-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567659#comment-17567659 ] ASF GitHub Bot commented on SCM-945: kwin commented on PR #153: URL: https://github.com/apache/maven-scm/pull/153#issuecomment-1186541689 > I mean that you can now supply an expliclt key which wasn't supported by now This is not part of this PR either. I will provide one for that separately. > Support OpenSSH private keys with maven-scm-provider-jgit > - > > Key: SCM-945 > URL: https://issues.apache.org/jira/browse/SCM-945 > Project: Maven SCM > Issue Type: Bug > Components: maven-scm-provider-jgit >Affects Versions: 1.11.2 >Reporter: Konrad Windszus >Assignee: Michael Osipov >Priority: Major > > For SSH based authentication with private keys in the OpenSSH format the > following error is being emitted: {{invalid privatekey: ...}} > This is due to the use of JGit 4.5.4 > (https://github.com/apache/maven-scm/blob/c5eb2c187568809e0dc0ea9ac83031f1dcb5ad1a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/pom.xml#L53) > which used JSch which lacks support for those private keys. JGit 5.2 comes > with a new SSH implementation > (https://bugs.eclipse.org/bugs/show_bug.cgi?id=520927) and should by that > also support OpenSSH private keys. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MGPG-89) Upgrade parent POM to version 36
[ https://issues.apache.org/jira/browse/MGPG-89?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567661#comment-17567661 ] Hudson commented on MGPG-89: Build succeeded in Jenkins: Maven » Maven TLP » maven-gpg-plugin » master #15 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-gpg-plugin/job/master/15/ > Upgrade parent POM to version 36 > > > Key: MGPG-89 > URL: https://issues.apache.org/jira/browse/MGPG-89 > Project: Maven GPG Plugin > Issue Type: Task >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.1.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-scm] kwin commented on pull request #153: [SCM-945] Update to JGit 5.13.1 leveraging Apache Mina SSHD
kwin commented on PR #153: URL: https://github.com/apache/maven-scm/pull/153#issuecomment-1186541689 > I mean that you can now supply an expliclt key which wasn't supported by now This is not part of this PR either. I will provide one for that separately. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MGPG-89) Upgrade parent POM to version 36
[ https://issues.apache.org/jira/browse/MGPG-89?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MGPG-89. Resolution: Fixed > Upgrade parent POM to version 36 > > > Key: MGPG-89 > URL: https://issues.apache.org/jira/browse/MGPG-89 > Project: Maven GPG Plugin > Issue Type: Task >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.1.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-gpg-plugin] dependabot[bot] commented on pull request #20: Bump maven-resolver-util from 1.4.1 to 1.8.1
dependabot[bot] commented on PR #20: URL: https://github.com/apache/maven-gpg-plugin/pull/20#issuecomment-1186540274 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gpg-plugin] slachiewicz closed pull request #20: Bump maven-resolver-util from 1.4.1 to 1.8.1
slachiewicz closed pull request #20: Bump maven-resolver-util from 1.4.1 to 1.8.1 URL: https://github.com/apache/maven-gpg-plugin/pull/20 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gpg-plugin] dependabot[bot] commented on pull request #21: Bump maven-plugins from 34 to 36
dependabot[bot] commented on PR #21: URL: https://github.com/apache/maven-gpg-plugin/pull/21#issuecomment-1186540214 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gpg-plugin] slachiewicz closed pull request #21: Bump maven-plugins from 34 to 36
slachiewicz closed pull request #21: Bump maven-plugins from 34 to 36 URL: https://github.com/apache/maven-gpg-plugin/pull/21 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dist-tool] dependabot[bot] commented on pull request #8: Bump maven-project-info-reports-plugin from 3.1.1 to 3.4.0
dependabot[bot] commented on PR #8: URL: https://github.com/apache/maven-dist-tool/pull/8#issuecomment-1186536435 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dist-tool] slachiewicz closed pull request #8: Bump maven-project-info-reports-plugin from 3.1.1 to 3.4.0
slachiewicz closed pull request #8: Bump maven-project-info-reports-plugin from 3.1.1 to 3.4.0 URL: https://github.com/apache/maven-dist-tool/pull/8 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dist-tool] slachiewicz closed pull request #7: Bump maven-reporting-impl from 3.0.0 to 3.1.0
slachiewicz closed pull request #7: Bump maven-reporting-impl from 3.0.0 to 3.1.0 URL: https://github.com/apache/maven-dist-tool/pull/7 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dist-tool] dependabot[bot] commented on pull request #7: Bump maven-reporting-impl from 3.0.0 to 3.1.0
dependabot[bot] commented on PR #7: URL: https://github.com/apache/maven-dist-tool/pull/7#issuecomment-1186536402 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dist-tool] dependabot[bot] commented on pull request #6: Bump maven-plugin-plugin from 3.6.2 to 3.6.4
dependabot[bot] commented on PR #6: URL: https://github.com/apache/maven-dist-tool/pull/6#issuecomment-1186536348 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dist-tool] slachiewicz closed pull request #6: Bump maven-plugin-plugin from 3.6.2 to 3.6.4
slachiewicz closed pull request #6: Bump maven-plugin-plugin from 3.6.2 to 3.6.4 URL: https://github.com/apache/maven-dist-tool/pull/6 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dist-tool] slachiewicz closed pull request #5: Bump mvnversion from 3.0.5 to 3.3.9
slachiewicz closed pull request #5: Bump mvnversion from 3.0.5 to 3.3.9 URL: https://github.com/apache/maven-dist-tool/pull/5 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dist-tool] dependabot[bot] commented on pull request #5: Bump mvnversion from 3.0.5 to 3.3.9
dependabot[bot] commented on PR #5: URL: https://github.com/apache/maven-dist-tool/pull/5#issuecomment-1186536296 OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dist-tool] dependabot[bot] closed pull request #4: Bump jsoup from 1.13.1 to 1.14.2
dependabot[bot] closed pull request #4: Bump jsoup from 1.13.1 to 1.14.2 URL: https://github.com/apache/maven-dist-tool/pull/4 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dist-tool] dependabot[bot] commented on pull request #4: Bump jsoup from 1.13.1 to 1.14.2
dependabot[bot] commented on PR #4: URL: https://github.com/apache/maven-dist-tool/pull/4#issuecomment-1186534464 Superseded by #9. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dist-tool] dependabot[bot] opened a new pull request, #9: Bump jsoup from 1.13.1 to 1.15.2
dependabot[bot] opened a new pull request, #9: URL: https://github.com/apache/maven-dist-tool/pull/9 Bumps [jsoup](https://github.com/jhy/jsoup) from 1.13.1 to 1.15.2. Release notes Sourced from https://github.com/jhy/jsoup/releases;>jsoup's releases. jsoup 1.15.2 is out now with a bunch of https://jsoup.org/news/release-1.15.2;>improvements and bug fixes. jsoup 1.15.1 is out now with a bunch of https://jsoup.org/news/release-1.15.1;>improvements and bug fixes. jsoup 1.14.3 jsoup 1.14.3 is out now, adding native XPath selector support, improved \template support, and also includes a bunch of bug fixes, improvements, and performance enhancements. See the https://jsoup.org/news/release-1.14.3;>release announcement for the full changelog. jsoup 1.14.2 Caught by the fuzz! jsoup 1.14.2 is out now, and includes a set of parser bug fixes and improvements for handling rough HTML and XML, as identified by the Jazzer JVM fuzzer. This release also includes other fixes and improvements. See the https://jsoup.org/news/release-1.14.2;>release announcement for the full changelog. jsoup 1.14.1 jsoup 1.14.1 is out now, with simple request session management, increased parse robustness, and a ton of other improvements, speed-ups, and bug fixes. See the full https://jsoup.org/news/release-1.14.1;>announcement for all the details on what's changed. Changelog Sourced from https://github.com/jhy/jsoup/blob/master/CHANGES;>jsoup's changelog. jsoup changelog Release 1.15.3 [PENDING] Improvement: the Cleaner will preserve the source position of cleaned elements, if source tracking is enabled in the original parse. *** Release 1.15.2 [2022-Jul-04] Improvement: added the ability to track the position (line, column, index) in the original input source from where a given node was parsed. Accessible via Node.sourceRange() and Element.endSourceRange(). https://github-redirect.dependabot.com/jhy/jsoup/pull/1790;>jhy/jsoup#1790 Improvement: added Element.firstElementChild(), Element.lastElementChild(), Node.firstChild(), Node.lastChild(), as convenient accessors to those child nodes and elements. Improvement: added Element.expectFirst(cssQuery), which is just like Element.selectFirst(), but instead of returning a null if there is no match, will throw an IllegalArgumentException. This is useful if you want to simply abort processing if an expected match is not found. Improvement: when pretty-printing HTML, doctypes are emitted on a newline if there is a preceding comment. https://github-redirect.dependabot.com/jhy/jsoup/pull/1664;>jhy/jsoup#1664 Improvement: when pretty-printing, trim the leading and trailing spaces of textnodes in block tags when possible, so that they are indented correctly. https://github-redirect.dependabot.com/jhy/jsoup/issues/1798;>jhy/jsoup#1798 Improvement: in Element#selectXpath(), disable namespace awareness. This makes it possible to always select elements by their simple local name, regardless of whether an xmlns attribute was set. https://github-redirect.dependabot.com/jhy/jsoup/issues/1801;>jhy/jsoup#1801 Bugfix: when using the readToByteBuffer method, such as in Connection.Response.body(), if the document has not already been parsed and must be read fully, and there is any maximum buffer size being applied, only the default internal buffer size is read. https://github-redirect.dependabot.com/jhy/jsoup/issues/1774;>jhy/jsoup#1774 Bugfix: when serializing HTML, newlines in elements descending from a pre tag were incorrectly skipped. That caused what should have been preformatted output to instead be a run of text. https://github-redirect.dependabot.com/jhy/jsoup/issues/1776;>jhy/jsoup#1776 Bugfix: when pretty-print serializing HTML, newlines separating phrasing content (e.g. a tag within a tag would be incorrectly skipped, instead of normalized to a space. Additionally, improved space normalization between other end of line occurences, and whitespace handling after a closing https://github-redirect.dependabot.com/jhy/jsoup/issues/1787;>jhy/jsoup#1787 *** Release 1.15.1 [2022-May-15] Change: removed previously deprecated methods and classes (including org.jsoup.safety.Whitelist; use org.jsoup.safety.Safelist instead). Improvement: when converting jsoup Documents to W3C Documents in W3CDom, preserve HTML valid attribute names if the input document is using the HTML syntax. (Previously, would always coerce using the more restrictive XML syntax.) https://github-redirect.dependabot.com/jhy/jsoup/pull/1648;>jhy/jsoup#1648 ... (truncated) Commits https://github.com/jhy/jsoup/commit/d9566b5340487cd319660b553af11b60f5c8060a;>d9566b5 [maven-release-plugin]
[GitHub] [maven-dist-tool] dependabot[bot] opened a new pull request, #8: Bump maven-project-info-reports-plugin from 3.1.1 to 3.4.0
dependabot[bot] opened a new pull request, #8: URL: https://github.com/apache/maven-dist-tool/pull/8 Bumps [maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.1.1 to 3.4.0. Commits https://github.com/apache/maven-project-info-reports-plugin/commit/85082c4989caa0119a36c26f81af9374c544a1e0;>85082c4 [maven-release-plugin] prepare release maven-project-info-reports-plugin-3.4.0 https://github.com/apache/maven-project-info-reports-plugin/commit/90f65c278974570de088b2bb58852a001739cea8;>90f65c2 [MPIR-422] Stop overriding AbstractMavenReport#execute() https://github.com/apache/maven-project-info-reports-plugin/commit/91d0efec3c94f1ad4f58913b5060a0237c66b3c0;>91d0efe [MPIR-421] Make all ITs with site.xml use an explicit skin https://github.com/apache/maven-project-info-reports-plugin/commit/384637630e36619ade5a8999ea01dc006b125058;>3846376 [MPIR-420] Uprade dependencies https://github.com/apache/maven-project-info-reports-plugin/commit/eeb81c8660fabecc5465b5ba514402737933f55c;>eeb81c8 [MPIR-407] Provide a way to map license names https://github.com/apache/maven-project-info-reports-plugin/commit/9430070ae3545ea15dff9cbcce649de33b89260e;>9430070 [MPIR-418] Add some i18n properties for zh_CH completely https://github.com/apache/maven-project-info-reports-plugin/commit/1c669e756fd33b115736347a795aadd87d9767f3;>1c669e7 [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven-project-info-reports-plugin/commit/563a0b261722719f9bf6ead946f3d5e30ef611c8;>563a0b2 [maven-release-plugin] prepare release maven-project-info-reports-plugin-3.3.0 https://github.com/apache/maven-project-info-reports-plugin/commit/9549763fbbdea2ee504412b06c2df1d14c25cb4a;>9549763 [MPIR-416] Upgrade maven-dependency-tree to 3.1.0 https://github.com/apache/maven-project-info-reports-plugin/commit/eab4f24d5cfc44aa91f62bde51e5f8001b36334f;>eab4f24 [MPIR-417] Upgrade Parent to 36 Additional commits viewable in https://github.com/apache/maven-project-info-reports-plugin/compare/maven-project-info-reports-plugin-3.1.1...maven-project-info-reports-plugin-3.4.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-project-info-reports-plugin=maven=3.1.1=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dist-tool] dependabot[bot] opened a new pull request, #7: Bump maven-reporting-impl from 3.0.0 to 3.1.0
dependabot[bot] opened a new pull request, #7: URL: https://github.com/apache/maven-dist-tool/pull/7 Bumps [maven-reporting-impl](https://github.com/apache/maven-reporting-impl) from 3.0.0 to 3.1.0. Commits https://github.com/apache/maven-reporting-impl/commit/7f2f24fa712e06c07f3249ded7c8b6d04c559d17;>7f2f24f [maven-release-plugin] prepare release maven-reporting-impl-3.1.0 https://github.com/apache/maven-reporting-impl/commit/ddaac1486d58af185b2d065e09616e5704d5dd32;>ddaac14 Update plugins in 'use-as-site-report' IT https://github.com/apache/maven-reporting-impl/commit/6b019596a05295eb4cc32d83fd8d7e169fc4deee;>6b01959 [MSHARED-1028] Upgrade Maven Reporting API to 3.1.0 https://github.com/apache/maven-reporting-impl/commit/b3b09afb4007ca3d76a89508a468f96eff03c804;>b3b09af [MSHARED-1027] Update Doxia to 1.11.1 and Doxia Sitetools to 1.11.1 https://github.com/apache/maven-reporting-impl/commit/6554ad35fb05b17d283e4bdfb81226c1d5e701f0;>6554ad3 Remove old Maven 2 profile https://github.com/apache/maven-reporting-impl/commit/b39d1623a8ef9aea62178ab153b0eb45700582c8;>b39d162 Revert Prepare for Doxia 2.0.0 https://github.com/apache/maven-reporting-impl/commit/26f9664b4b2542438fa95c9feb229b26d7329e53;>26f9664 Prepare for Doxia 2.0.0 https://github.com/apache/maven-reporting-impl/commit/9050da0e7c2defed851621b62c0160b52716ba11;>9050da0 update CI url https://github.com/apache/maven-reporting-impl/commit/e75769bc8a8a3a7b70c60a489a6c659acc45aff9;>e75769b Bump junit from 4.13 to 4.13.1 https://github.com/apache/maven-reporting-impl/commit/e5b314f649012e587682604eb17214084c046928;>e5b314f Merge pull request https://github-redirect.dependabot.com/apache/maven-reporting-impl/issues/2;>#2 from apache/elharo-patch-1 Additional commits viewable in https://github.com/apache/maven-reporting-impl/compare/maven-reporting-impl-3.0.0...maven-reporting-impl-3.1.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.reporting:maven-reporting-impl=maven=3.0.0=3.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dist-tool] dependabot[bot] opened a new pull request, #6: Bump maven-plugin-plugin from 3.6.2 to 3.6.4
dependabot[bot] opened a new pull request, #6: URL: https://github.com/apache/maven-dist-tool/pull/6 Bumps [maven-plugin-plugin](https://github.com/apache/maven-plugin-tools) from 3.6.2 to 3.6.4. Commits https://github.com/apache/maven-plugin-tools/commit/33eb6d9df8be0e9cd0ac9b684741382b3d0e0fc7;>33eb6d9 [maven-release-plugin] prepare release maven-plugin-tools-3.6.4 https://github.com/apache/maven-plugin-tools/commit/c8ddcdcb10d342a5a5e2f38245bb569af5730c7c;>c8ddcdc [MPLUGIN-387] Bump Ant to 1.9.16 https://github.com/apache/maven-plugin-tools/commit/f14830dba00667fc661a520557fcdff6a8b0d1ad;>f14830d [MPLUGIN-387] Bump xmlunit to 1.6 https://github.com/apache/maven-plugin-tools/commit/036fdebb5cdbab68d79550cc6a0991f2a96ce4c8;>036fdeb [MPLUGIN-387] Bump plexus-compiler-manager to 2.8.8 https://github.com/apache/maven-plugin-tools/commit/d296e04045026716f1fba5d296a0dd4330cc7f92;>d296e04 [MPLUGIN-387] Switch from fest-assert to AssertJ 2.9.1 https://github.com/apache/maven-plugin-tools/commit/9ff352cc5680fe4e672dd99d0ff9160fc51a1317;>9ff352c [MPLUGIN-387] Bump plexus-archiver to 4.2.5 https://github.com/apache/maven-plugin-tools/commit/f6461047666e7c2dc0103042088825fd6a16a8ab;>f646104 [MPLUGIN-387] Upgrade BeanShell to 2.0b6 https://github.com/apache/maven-plugin-tools/commit/db1803198a77a40917a533e70ece7f066b783bf1;>db18031 [MPLUGIN-387] Bump junit to 4.13.2 https://github.com/apache/maven-plugin-tools/commit/c7ae057613aab21957197f93d33d6c0e2eb55bf8;>c7ae057 Added Dependabot configuration https://github.com/apache/maven-plugin-tools/commit/86d870fbc4a3aa1cd3b8da8a2fde015e5e8dfe43;>86d870f [MPLUGIN-387] Upgrade Doxia/Doxia Tools to 1.11.1 Additional commits viewable in https://github.com/apache/maven-plugin-tools/compare/maven-plugin-tools-3.6.2...maven-plugin-tools-3.6.4;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-plugin-plugin=maven=3.6.2=3.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dist-tool] dependabot[bot] opened a new pull request, #5: Bump mvnversion from 3.0.5 to 3.3.9
dependabot[bot] opened a new pull request, #5: URL: https://github.com/apache/maven-dist-tool/pull/5 Bumps `mvnversion` from 3.0.5 to 3.3.9. Updates `maven-plugin-api` from 3.0.5 to 3.3.9 Commits https://github.com/apache/maven/commit/bb52d8502b132ec0a5a3f4c09453c07478323dc5;>bb52d85 [maven-release-plugin] prepare release maven-3.3.9 https://github.com/apache/maven/commit/cf2f373ddb38215f7122f743d381ead7e346ed2d;>cf2f373 [MNG-5882] Nonportable shell constructs cause bin/mvn errors on Debian https://github.com/apache/maven/commit/1953284925616e691fb881c5e3fa8fbdd1830385;>1953284 [MNG-5840] A regression had crept in and was missed as the intergration tests... https://github.com/apache/maven/commit/2f7daeff5802174c7b4ff8a4d2ac019b6406d03b;>2f7daef [MNG-5871] refactoring: improved empty urls handling https://github.com/apache/maven/commit/406a46fd83e9b620d34e5f49cc132e06a3a00898;>406a46f [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/cdd15915eb4b74ccab621e51aff9ada4f455a627;>cdd1591 [maven-release-plugin] prepare release maven-3.3.8 https://github.com/apache/maven/commit/f684761dee739b4ec8a7e6db5a0a6a0b809e66c9;>f684761 Fix for urls being empty in the POM and causing an out of bounds exception https://github.com/apache/maven/commit/508d97ec87526d5e308df0857c21546b4024801f;>508d97e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/d48a49b3539e66e073e35cc6a5137a94d16465f2;>d48a49b [maven-release-plugin] prepare release maven-3.3.7 https://github.com/apache/maven/commit/b6c9bee1b60ff8ad142651052fb7729cfd206be3;>b6c9bee [MNG-5915] Upgrade Wagon version to 2.10 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.0.5...maven-3.3.9;>compare view Updates `maven-core` from 3.0.5 to 3.3.9 Commits https://github.com/apache/maven/commit/bb52d8502b132ec0a5a3f4c09453c07478323dc5;>bb52d85 [maven-release-plugin] prepare release maven-3.3.9 https://github.com/apache/maven/commit/cf2f373ddb38215f7122f743d381ead7e346ed2d;>cf2f373 [MNG-5882] Nonportable shell constructs cause bin/mvn errors on Debian https://github.com/apache/maven/commit/1953284925616e691fb881c5e3fa8fbdd1830385;>1953284 [MNG-5840] A regression had crept in and was missed as the intergration tests... https://github.com/apache/maven/commit/2f7daeff5802174c7b4ff8a4d2ac019b6406d03b;>2f7daef [MNG-5871] refactoring: improved empty urls handling https://github.com/apache/maven/commit/406a46fd83e9b620d34e5f49cc132e06a3a00898;>406a46f [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/cdd15915eb4b74ccab621e51aff9ada4f455a627;>cdd1591 [maven-release-plugin] prepare release maven-3.3.8 https://github.com/apache/maven/commit/f684761dee739b4ec8a7e6db5a0a6a0b809e66c9;>f684761 Fix for urls being empty in the POM and causing an out of bounds exception https://github.com/apache/maven/commit/508d97ec87526d5e308df0857c21546b4024801f;>508d97e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/d48a49b3539e66e073e35cc6a5137a94d16465f2;>d48a49b [maven-release-plugin] prepare release maven-3.3.7 https://github.com/apache/maven/commit/b6c9bee1b60ff8ad142651052fb7729cfd206be3;>b6c9bee [MNG-5915] Upgrade Wagon version to 2.10 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.0.5...maven-3.3.9;>compare view Updates `maven-compat` from 3.0.5 to 3.3.9 Commits https://github.com/apache/maven/commit/bb52d8502b132ec0a5a3f4c09453c07478323dc5;>bb52d85 [maven-release-plugin] prepare release maven-3.3.9 https://github.com/apache/maven/commit/cf2f373ddb38215f7122f743d381ead7e346ed2d;>cf2f373 [MNG-5882] Nonportable shell constructs cause bin/mvn errors on Debian https://github.com/apache/maven/commit/1953284925616e691fb881c5e3fa8fbdd1830385;>1953284 [MNG-5840] A regression had crept in and was missed as the intergration tests... https://github.com/apache/maven/commit/2f7daeff5802174c7b4ff8a4d2ac019b6406d03b;>2f7daef [MNG-5871] refactoring: improved empty urls handling https://github.com/apache/maven/commit/406a46fd83e9b620d34e5f49cc132e06a3a00898;>406a46f [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/cdd15915eb4b74ccab621e51aff9ada4f455a627;>cdd1591 [maven-release-plugin] prepare release maven-3.3.8 https://github.com/apache/maven/commit/f684761dee739b4ec8a7e6db5a0a6a0b809e66c9;>f684761 Fix for urls being empty in the POM and causing an out of bounds exception https://github.com/apache/maven/commit/508d97ec87526d5e308df0857c21546b4024801f;>508d97e [maven-release-plugin] prepare for next development iteration
[jira] [Updated] (MGPG-89) Upgrade parent POM to version 36
[ https://issues.apache.org/jira/browse/MGPG-89?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz updated MGPG-89: - Fix Version/s: 3.1.0 > Upgrade parent POM to version 36 > > > Key: MGPG-89 > URL: https://issues.apache.org/jira/browse/MGPG-89 > Project: Maven GPG Plugin > Issue Type: Task >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.1.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MGPG-89) Upgrade parent POM to version 36
Sylwester Lachiewicz created MGPG-89: Summary: Upgrade parent POM to version 36 Key: MGPG-89 URL: https://issues.apache.org/jira/browse/MGPG-89 Project: Maven GPG Plugin Issue Type: Task Reporter: Sylwester Lachiewicz -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-gpg-plugin] slachiewicz merged pull request #24: Bump plexus-utils from 3.3.0 to 3.4.2
slachiewicz merged PR #24: URL: https://github.com/apache/maven-gpg-plugin/pull/24 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gpg-plugin] dependabot[bot] commented on pull request #18: Bump mavenVersion from 3.0 to 3.8.6
dependabot[bot] commented on PR #18: URL: https://github.com/apache/maven-gpg-plugin/pull/18#issuecomment-1186527077 OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gpg-plugin] slachiewicz closed pull request #18: Bump mavenVersion from 3.0 to 3.8.6
slachiewicz closed pull request #18: Bump mavenVersion from 3.0 to 3.8.6 URL: https://github.com/apache/maven-gpg-plugin/pull/18 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gpg-plugin] slachiewicz merged pull request #23: Bump maven-invoker from 3.1.0 to 3.2.0
slachiewicz merged PR #23: URL: https://github.com/apache/maven-gpg-plugin/pull/23 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MGPG-86) NullPointerException when gpg executable cannot be found
[ https://issues.apache.org/jira/browse/MGPG-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567648#comment-17567648 ] Hudson commented on MGPG-86: Build failed in Jenkins: Maven » Maven TLP » maven-gpg-plugin » master #11 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-gpg-plugin/job/master/11/ > NullPointerException when gpg executable cannot be found > > > Key: MGPG-86 > URL: https://issues.apache.org/jira/browse/MGPG-86 > Project: Maven GPG Plugin > Issue Type: Bug >Affects Versions: 1.5, 1.6, 3.0.1 > Environment: linux, macos >Reporter: Chas Honton >Assignee: Sylwester Lachiewicz >Priority: Major > Fix For: 3.1.0 > > > {noformat} > [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign (sign-artifacts) on > project git-tag-maven-plugin: Execution sign-artifacts of goal > org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign failed.: > NullPointerException -> [Help 1] > org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute > goal org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign (sign-artifacts) on > project git-tag-maven-plugin: Execution sign-artifacts of goal > org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign failed. > at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute > (MojoExecutor.java:306) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:211) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:165) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:157) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:121) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:81) > at > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > (SingleThreadedBuilder.java:56) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:127) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:294) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:196) > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke > (NativeMethodAccessorImpl.java:62) > at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke (Method.java:566) > at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced > (Launcher.java:282) > at org.codehaus.plexus.classworlds.launcher.Launcher.launch > (Launcher.java:225) > at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode > (Launcher.java:406) > at org.codehaus.plexus.classworlds.launcher.Launcher.main > (Launcher.java:347) > Caused by: org.apache.maven.plugin.PluginExecutionException: Execution > sign-artifacts of goal org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign > failed. > at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo > (DefaultBuildPluginManager.java:148) > at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute > (MojoExecutor.java:301) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:211) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:165) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:157) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:121) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:81) > at > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > (SingleThreadedBuilder.java:56) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:127) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:294) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:196) > at
[GitHub] [maven-gpg-plugin] slachiewicz merged pull request #22: Bump maven-shade-plugin from 3.2.2 to 3.3.0
slachiewicz merged PR #22: URL: https://github.com/apache/maven-gpg-plugin/pull/22 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gpg-plugin] dependabot[bot] closed pull request #19: Bump maven-artifact-transfer from 0.12.0 to 0.13.1
dependabot[bot] closed pull request #19: Bump maven-artifact-transfer from 0.12.0 to 0.13.1 URL: https://github.com/apache/maven-gpg-plugin/pull/19 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gpg-plugin] dependabot[bot] commented on pull request #19: Bump maven-artifact-transfer from 0.12.0 to 0.13.1
dependabot[bot] commented on PR #19: URL: https://github.com/apache/maven-gpg-plugin/pull/19#issuecomment-1186526489 Looks like org.apache.maven.shared:maven-artifact-transfer is up-to-date now, so this is no longer needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gpg-plugin] slachiewicz commented on pull request #19: Bump maven-artifact-transfer from 0.12.0 to 0.13.1
slachiewicz commented on PR #19: URL: https://github.com/apache/maven-gpg-plugin/pull/19#issuecomment-1186526294 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MGPG-87) NullPointerException when gpg not installed
[ https://issues.apache.org/jira/browse/MGPG-87?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MGPG-87. Resolution: Duplicate > NullPointerException when gpg not installed > --- > > Key: MGPG-87 > URL: https://issues.apache.org/jira/browse/MGPG-87 > Project: Maven GPG Plugin > Issue Type: Bug >Affects Versions: 3.0.1 >Reporter: Dave Wichers >Priority: Major > Fix For: 3.1.0 > > > If you don't have gpg installed at all, you get the exception below when > trying to use the mvn-gpg-plugin: > Can you please update this to explain what the problem is and not throw an > Exception? For example, "gpg must be installed to use this plugin." > For other errors, error messages like: "no gpg.keyname/passphrase found in > settings.xml", or no gpg key specified in settings.xml, or whatever, to help > explain what the actual problem is. > {*}Caused by{*}: java.lang.NullPointerException > *at* org.apache.maven.plugins.gpg.GpgSigner.generateSignatureForFile > ({*}GpgSigner.java:73{*}) > *at* > org.apache.maven.plugins.gpg.AbstractGpgSigner.generateSignatureForArtifact > ({*}AbstractGpgSigner.java:203{*}) > *at* org.apache.maven.plugins.gpg.GpgSignAttachedMojo.execute > ({*}GpgSignAttachedMojo.java:143{*}) > *at* org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo > ({*}DefaultBuildPluginManager.java:137{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 > ({*}MojoExecutor.java:370{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.doExecute > ({*}MojoExecutor.java:351{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.execute > ({*}MojoExecutor.java:215{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.execute > ({*}MojoExecutor.java:171{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.execute > ({*}MojoExecutor.java:163{*}) > *at* > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > ({*}LifecycleModuleBuilder.java:117{*}) > *at* > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > ({*}LifecycleModuleBuilder.java:81{*}) > *at* > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > ({*}SingleThreadedBuilder.java:56{*}) > *at* org.apache.maven.lifecycle.internal.LifecycleStarter.execute > ({*}LifecycleStarter.java:128{*}) > *at* org.apache.maven.DefaultMaven.doExecute ({*}DefaultMaven.java:294{*}) > *at* org.apache.maven.DefaultMaven.doExecute ({*}DefaultMaven.java:192{*}) > *at* org.apache.maven.DefaultMaven.execute ({*}DefaultMaven.java:105{*}) > *at* org.apache.maven.cli.MavenCli.execute ({*}MavenCli.java:960{*}) > ... -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (MGPG-87) NullPointerException when gpg not installed
[ https://issues.apache.org/jira/browse/MGPG-87?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz reassigned MGPG-87: Assignee: Sylwester Lachiewicz > NullPointerException when gpg not installed > --- > > Key: MGPG-87 > URL: https://issues.apache.org/jira/browse/MGPG-87 > Project: Maven GPG Plugin > Issue Type: Bug >Affects Versions: 3.0.1 >Reporter: Dave Wichers >Assignee: Sylwester Lachiewicz >Priority: Major > Fix For: 3.1.0 > > > If you don't have gpg installed at all, you get the exception below when > trying to use the mvn-gpg-plugin: > Can you please update this to explain what the problem is and not throw an > Exception? For example, "gpg must be installed to use this plugin." > For other errors, error messages like: "no gpg.keyname/passphrase found in > settings.xml", or no gpg key specified in settings.xml, or whatever, to help > explain what the actual problem is. > {*}Caused by{*}: java.lang.NullPointerException > *at* org.apache.maven.plugins.gpg.GpgSigner.generateSignatureForFile > ({*}GpgSigner.java:73{*}) > *at* > org.apache.maven.plugins.gpg.AbstractGpgSigner.generateSignatureForArtifact > ({*}AbstractGpgSigner.java:203{*}) > *at* org.apache.maven.plugins.gpg.GpgSignAttachedMojo.execute > ({*}GpgSignAttachedMojo.java:143{*}) > *at* org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo > ({*}DefaultBuildPluginManager.java:137{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 > ({*}MojoExecutor.java:370{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.doExecute > ({*}MojoExecutor.java:351{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.execute > ({*}MojoExecutor.java:215{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.execute > ({*}MojoExecutor.java:171{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.execute > ({*}MojoExecutor.java:163{*}) > *at* > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > ({*}LifecycleModuleBuilder.java:117{*}) > *at* > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > ({*}LifecycleModuleBuilder.java:81{*}) > *at* > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > ({*}SingleThreadedBuilder.java:56{*}) > *at* org.apache.maven.lifecycle.internal.LifecycleStarter.execute > ({*}LifecycleStarter.java:128{*}) > *at* org.apache.maven.DefaultMaven.doExecute ({*}DefaultMaven.java:294{*}) > *at* org.apache.maven.DefaultMaven.doExecute ({*}DefaultMaven.java:192{*}) > *at* org.apache.maven.DefaultMaven.execute ({*}DefaultMaven.java:105{*}) > *at* org.apache.maven.cli.MavenCli.execute ({*}MavenCli.java:960{*}) > ... -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MGPG-87) NullPointerException when gpg not installed
[ https://issues.apache.org/jira/browse/MGPG-87?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz updated MGPG-87: - Fix Version/s: 3.1.0 > NullPointerException when gpg not installed > --- > > Key: MGPG-87 > URL: https://issues.apache.org/jira/browse/MGPG-87 > Project: Maven GPG Plugin > Issue Type: Bug >Affects Versions: 3.0.1 >Reporter: Dave Wichers >Priority: Major > Fix For: 3.1.0 > > > If you don't have gpg installed at all, you get the exception below when > trying to use the mvn-gpg-plugin: > Can you please update this to explain what the problem is and not throw an > Exception? For example, "gpg must be installed to use this plugin." > For other errors, error messages like: "no gpg.keyname/passphrase found in > settings.xml", or no gpg key specified in settings.xml, or whatever, to help > explain what the actual problem is. > {*}Caused by{*}: java.lang.NullPointerException > *at* org.apache.maven.plugins.gpg.GpgSigner.generateSignatureForFile > ({*}GpgSigner.java:73{*}) > *at* > org.apache.maven.plugins.gpg.AbstractGpgSigner.generateSignatureForArtifact > ({*}AbstractGpgSigner.java:203{*}) > *at* org.apache.maven.plugins.gpg.GpgSignAttachedMojo.execute > ({*}GpgSignAttachedMojo.java:143{*}) > *at* org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo > ({*}DefaultBuildPluginManager.java:137{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 > ({*}MojoExecutor.java:370{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.doExecute > ({*}MojoExecutor.java:351{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.execute > ({*}MojoExecutor.java:215{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.execute > ({*}MojoExecutor.java:171{*}) > *at* org.apache.maven.lifecycle.internal.MojoExecutor.execute > ({*}MojoExecutor.java:163{*}) > *at* > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > ({*}LifecycleModuleBuilder.java:117{*}) > *at* > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > ({*}LifecycleModuleBuilder.java:81{*}) > *at* > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > ({*}SingleThreadedBuilder.java:56{*}) > *at* org.apache.maven.lifecycle.internal.LifecycleStarter.execute > ({*}LifecycleStarter.java:128{*}) > *at* org.apache.maven.DefaultMaven.doExecute ({*}DefaultMaven.java:294{*}) > *at* org.apache.maven.DefaultMaven.doExecute ({*}DefaultMaven.java:192{*}) > *at* org.apache.maven.DefaultMaven.execute ({*}DefaultMaven.java:105{*}) > *at* org.apache.maven.cli.MavenCli.execute ({*}MavenCli.java:960{*}) > ... -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MGPG-83) Require Maven 3.2.5+
[ https://issues.apache.org/jira/browse/MGPG-83?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567647#comment-17567647 ] Hudson commented on MGPG-83: Build failed in Jenkins: Maven » Maven TLP » maven-gpg-plugin » master #10 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-gpg-plugin/job/master/10/ > Require Maven 3.2.5+ > > > Key: MGPG-83 > URL: https://issues.apache.org/jira/browse/MGPG-83 > Project: Maven GPG Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MGPG-73) Sorry, no terminal at all requested - can't get input
[ https://issues.apache.org/jira/browse/MGPG-73?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MGPG-73. Resolution: Duplicate > Sorry, no terminal at all requested - can't get input > - > > Key: MGPG-73 > URL: https://issues.apache.org/jira/browse/MGPG-73 > Project: Maven GPG Plugin > Issue Type: Bug >Affects Versions: 3.0.0 (cancelled) >Reporter: Markus Karg >Priority: Major > > Running "mvn sign" (MGPG 1.7-SNAPSHOT) on public Gitlab.com CI/CD service > with GnuPG 2.2.12 fails with: > {{21329 [INFO] --- maven-gpg-plugin:1.7-SNAPSHOT:sign (sign-artifacts) @ cli > ---}} > {{*gpg: Sorry, no terminal at all requested - can't get input*}} > maven-gpg-plugin > 1.7-SNAPSHOT > sign-artifacts verify > sign > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MGPG-57) passphraseServerId is ignored if a server with id gpg.passphrase exists
[ https://issues.apache.org/jira/browse/MGPG-57?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MGPG-57. Resolution: Auto Closed > passphraseServerId is ignored if a server with id gpg.passphrase exists > --- > > Key: MGPG-57 > URL: https://issues.apache.org/jira/browse/MGPG-57 > Project: Maven GPG Plugin > Issue Type: Bug >Affects Versions: 1.6 > Environment: Linux, maven 3.2.5 >Reporter: Angelo D. >Priority: Minor > > I have multiple GPG keys in my keyring and I'd like to select a specific one > for signing. Each key has a different passphrase, stored encrypted in my > local settings.xml file. > {code:xml} > > gpg.passphrase > ... > > > my.signing.key > ... > > {code} > My gpg configuration in the project's pom.xml file hase > {code:xml} > ... > > my.signing.key > my.signing.key > > ... > {code} > If I try to sign my artifacts with this configuration I get an error > {noformat} > [INFO] --- maven-gpg-plugin:1.6:sign (default-cli) @ client --- > gpg: skipped "my.key": bad passphrase > gpg: signing failed: bad passphrase > {noformat} > If I remove the {{gpg.passphrase}} server from the settings everything works > fine. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MGPG-45) ascDirectory has no effect unless artifacts are not in target
[ https://issues.apache.org/jira/browse/MGPG-45?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MGPG-45. Resolution: Auto Closed > ascDirectory has no effect unless artifacts are not in target > - > > Key: MGPG-45 > URL: https://issues.apache.org/jira/browse/MGPG-45 > Project: Maven GPG Plugin > Issue Type: Bug >Affects Versions: 1.4 >Reporter: Sebb >Priority: Major > > Not sure if this is a documentation or code bug or both. > The doc for gpg:sign / ascDirectory says: > {code} > The directory where to store signature files. > Default: ${project.build.directory}/gpg > {code} > However changing this has no effect unless the artifacts are moved elsewhere > than target (by changing assembly:outputDirectory). > If outputDirectory is set to target/tarballs then the sig files are actually > stored in target/gpg/target/tarballs for the default setting, rather than in > the expected directory of target/gpg > If ascDirectory is set to ASC then the sigs are stored in > ASC/target/tarballs/ rather than ASC. > If ascDirectory is set to "." then the sigs are stored in > target/tarballs/ rather than the home directory. > There does not seem to be any use-case for this behaviour, and if there is, > it's not documented correctly. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MGPG-53) sign-and-deploy-file goal insists on deploying source file for previous sign-and-deploy-file execution
[ https://issues.apache.org/jira/browse/MGPG-53?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MGPG-53. Resolution: Auto Closed > sign-and-deploy-file goal insists on deploying source file for previous > sign-and-deploy-file execution > -- > > Key: MGPG-53 > URL: https://issues.apache.org/jira/browse/MGPG-53 > Project: Maven GPG Plugin > Issue Type: Bug >Affects Versions: 1.6, 3.0.0 (cancelled) >Reporter: Stephan Leicht Vogt >Priority: Major > Attachments: MGPG-53_deployfile-with-multiple-executions.zip, > MGPG.diff > > > Like the issue MDEPLOY-202 the same occurs in the GPG plugin. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MGPG-83) Require Maven 3.2.5+
[ https://issues.apache.org/jira/browse/MGPG-83?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MGPG-83. Resolution: Fixed > Require Maven 3.2.5+ > > > Key: MGPG-83 > URL: https://issues.apache.org/jira/browse/MGPG-83 > Project: Maven GPG Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MGPG-86) NullPointerException when gpg executable cannot be found
[ https://issues.apache.org/jira/browse/MGPG-86?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MGPG-86. Resolution: Fixed > NullPointerException when gpg executable cannot be found > > > Key: MGPG-86 > URL: https://issues.apache.org/jira/browse/MGPG-86 > Project: Maven GPG Plugin > Issue Type: Bug >Affects Versions: 1.5, 1.6, 3.0.1 > Environment: linux, macos >Reporter: Chas Honton >Assignee: Sylwester Lachiewicz >Priority: Major > Fix For: 3.1.0 > > > {noformat} > [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign (sign-artifacts) on > project git-tag-maven-plugin: Execution sign-artifacts of goal > org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign failed.: > NullPointerException -> [Help 1] > org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute > goal org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign (sign-artifacts) on > project git-tag-maven-plugin: Execution sign-artifacts of goal > org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign failed. > at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute > (MojoExecutor.java:306) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:211) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:165) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:157) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:121) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:81) > at > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > (SingleThreadedBuilder.java:56) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:127) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:294) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:196) > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke > (NativeMethodAccessorImpl.java:62) > at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke (Method.java:566) > at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced > (Launcher.java:282) > at org.codehaus.plexus.classworlds.launcher.Launcher.launch > (Launcher.java:225) > at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode > (Launcher.java:406) > at org.codehaus.plexus.classworlds.launcher.Launcher.main > (Launcher.java:347) > Caused by: org.apache.maven.plugin.PluginExecutionException: Execution > sign-artifacts of goal org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign > failed. > at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo > (DefaultBuildPluginManager.java:148) > at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute > (MojoExecutor.java:301) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:211) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:165) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:157) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:121) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:81) > at > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > (SingleThreadedBuilder.java:56) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:127) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:294) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:196) > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke >
[jira] [Assigned] (MGPG-86) NullPointerException when gpg executable cannot be found
[ https://issues.apache.org/jira/browse/MGPG-86?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz reassigned MGPG-86: Assignee: Sylwester Lachiewicz > NullPointerException when gpg executable cannot be found > > > Key: MGPG-86 > URL: https://issues.apache.org/jira/browse/MGPG-86 > Project: Maven GPG Plugin > Issue Type: Bug >Affects Versions: 1.5, 1.6, 3.0.1 > Environment: linux, macos >Reporter: Chas Honton >Assignee: Sylwester Lachiewicz >Priority: Major > Fix For: 3.1.0 > > > {noformat} > [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign (sign-artifacts) on > project git-tag-maven-plugin: Execution sign-artifacts of goal > org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign failed.: > NullPointerException -> [Help 1] > org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute > goal org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign (sign-artifacts) on > project git-tag-maven-plugin: Execution sign-artifacts of goal > org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign failed. > at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute > (MojoExecutor.java:306) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:211) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:165) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:157) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:121) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:81) > at > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > (SingleThreadedBuilder.java:56) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:127) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:294) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:196) > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke > (NativeMethodAccessorImpl.java:62) > at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke (Method.java:566) > at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced > (Launcher.java:282) > at org.codehaus.plexus.classworlds.launcher.Launcher.launch > (Launcher.java:225) > at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode > (Launcher.java:406) > at org.codehaus.plexus.classworlds.launcher.Launcher.main > (Launcher.java:347) > Caused by: org.apache.maven.plugin.PluginExecutionException: Execution > sign-artifacts of goal org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign > failed. > at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo > (DefaultBuildPluginManager.java:148) > at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute > (MojoExecutor.java:301) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:211) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:165) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:157) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:121) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:81) > at > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > (SingleThreadedBuilder.java:56) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:127) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:294) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:196) > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke >
[GitHub] [maven-gpg-plugin] slachiewicz closed pull request #17: [MGPG-86] - Prevent NullPointerException when executable cannot be run
slachiewicz closed pull request #17: [MGPG-86] - Prevent NullPointerException when executable cannot be run URL: https://github.com/apache/maven-gpg-plugin/pull/17 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MGPG-88) Require Java 8
[ https://issues.apache.org/jira/browse/MGPG-88?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567645#comment-17567645 ] Hudson commented on MGPG-88: Build succeeded in Jenkins: Maven » Maven TLP » maven-gpg-plugin » master #9 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-gpg-plugin/job/master/9/ > Require Java 8 > -- > > Key: MGPG-88 > URL: https://issues.apache.org/jira/browse/MGPG-88 > Project: Maven GPG Plugin > Issue Type: Task >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.1.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-gpg-plugin] dependabot[bot] opened a new pull request, #24: Bump plexus-utils from 3.3.0 to 3.4.2
dependabot[bot] opened a new pull request, #24: URL: https://github.com/apache/maven-gpg-plugin/pull/24 Bumps [plexus-utils](https://github.com/codehaus-plexus/plexus-utils) from 3.3.0 to 3.4.2. Release notes Sourced from https://github.com/codehaus-plexus/plexus-utils/releases;>plexus-utils's releases. 3.4.2 New features and improvements Provides a CachingOuptutStream and a CachingWriter (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/184;>#184) https://github.com/gnodet;>@gnodet Use (already) precalculated value (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/186;>#186) https://github.com/pzygielo;>@pzygielo use github shared actions (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/171;>#171) https://github.com/olamy;>@olamy Bug Fixes MXParser fixes (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/185;>#185) https://github.com/gnodet;>@gnodet Fix last modified time not being updated on linux (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/203;>#203) https://github.com/gnodet;>@gnodet Fix regression and deprecate: FileUtils.fileAppend should create file… (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/200;>#200) https://github.com/slachiewicz;>@slachiewicz Fix some testing XML files checkout with incorrect eol (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/198;>#198) https://github.com/belingueres;>@belingueres Fixed regressions: https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/163;>#163 and https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/194;>#194 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/195;>#195) https://github.com/belingueres;>@belingueres Don't ignore valid SCM files (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/174;>#174) https://github.com/michael-o;>@michael-o Dependency updates Bump github/codeql-action from 1 to 2 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/202;>#202) https://github.com/dependabot;>@dependabot Bump actions/checkout from 3.0.1 to 3.0.2 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/199;>#199) https://github.com/dependabot;>@dependabot Bump release-drafter/release-drafter from 5.18.1 to 5.19.0 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/188;>#188) https://github.com/dependabot;>@dependabot Bump jmh-generator-annprocess from 1.34 to 1.35 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/189;>#189) https://github.com/dependabot;>@dependabot Bump jmh-core from 1.34 to 1.35 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/190;>#190) https://github.com/dependabot;>@dependabot Bump actions/checkout from 2.4.0 to 3.0.1 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/197;>#197) https://github.com/dependabot;>@dependabot Bump jmh-generator-annprocess from 1.33 to 1.34 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/175;>#175) https://github.com/dependabot;>@dependabot Bump jmh-core from 1.33 to 1.34 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/176;>#176) https://github.com/dependabot;>@dependabot Bump release-drafter/release-drafter from 5.15.0 to 5.18.1 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/183;>#183) https://github.com/dependabot;>@dependabot Bump actions/checkout from 2.3.4 to 2.4.0 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/173;>#173) https://github.com/dependabot;>@dependabot Bump actions/setup-java from 2.3.0 to 2.3.1 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/170;>#170) https://github.com/dependabot;>@dependabot 3.4.1 Bug Fixes Fixes https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/163;>#163: Regression: encoding error when parsing a ISO-8859-1 xml (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/164;>#164) https://github.com/belingueres;>@belingueres Dependency updates Bump actions/setup-java from 2.2.0 to 2.3.0 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/168;>#168) https://github.com/dependabot;>@dependabot Bump jmh-generator-annprocess from 1.32 to 1.33 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/166;>#166) https://github.com/dependabot;>@dependabot Bump jmh-core from 1.32 to 1.33 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-utils/issues/165;>#165) https://github.com/dependabot;>@dependabot
[GitHub] [maven-gpg-plugin] dependabot[bot] opened a new pull request, #23: Bump maven-invoker from 3.1.0 to 3.2.0
dependabot[bot] opened a new pull request, #23: URL: https://github.com/apache/maven-gpg-plugin/pull/23 Bumps [maven-invoker](https://github.com/apache/maven-invoker) from 3.1.0 to 3.2.0. Release notes Sourced from https://github.com/apache/maven-invoker/releases;>maven-invoker's releases. 3.2.0 New features and improvements https://issues.apache.org/jira/browse/MSHARED-1040;>[MSHARED-1040] - Require Java 8 (https://github-redirect.dependabot.com/apache/maven-invoker/issues/45;>#45) https://github.com/slawekjaranowski;>@slawekjaranowski https://issues.apache.org/jira/browse/MSHARED-1019;>[MSHARED-1019] - Allow pass raw cli option to Maven process (https://github-redirect.dependabot.com/apache/maven-invoker/issues/43;>#43) https://github.com/slawekjaranowski;>@slawekjaranowski https://issues.apache.org/jira/browse/MSHARED-1018;>[MSHARED-1018] - Allow for using the -ntp ,--no-transfer-progress flag in Maven invocations (https://github-redirect.dependabot.com/apache/maven-invoker/issues/42;>#42) https://github.com/slawekjaranowski;>@slawekjaranowski https://issues.apache.org/jira/browse/MSHARED-1009;>[MSHARED-1009] - Allow providing Maven executable from workspace (https://github-redirect.dependabot.com/apache/maven-invoker/issues/38;>#38) https://github.com/slawekjaranowski;>@slawekjaranowski https://issues.apache.org/jira/browse/MSHARED-649;>[MSHARED-649] - Allow Pom file outside base directory (https://github-redirect.dependabot.com/apache/maven-invoker/issues/37;>#37) https://github.com/slawekjaranowski;>@slawekjaranowski https://issues.apache.org/jira/browse/MSHARED-1007;>[MSHARED-1007] - Add MavenHome and MavenExecutable options to InvocationRequest (https://github-redirect.dependabot.com/apache/maven-invoker/issues/34;>#34) https://github.com/slawekjaranowski;>@slawekjaranowski https://issues.apache.org/jira/browse/MINVOKER-233;>[MINVOKER-233] - Improve DefaultInvoker with a timeout. (https://github-redirect.dependabot.com/apache/maven-invoker/issues/1;>#1) https://github.com/surli;>@surli Bug Fixes https://issues.apache.org/jira/browse/MSHARED-1008;>[MSHARED-1008] - Set builder id in proper way (https://github-redirect.dependabot.com/apache/maven-invoker/issues/33;>#33) https://github.com/slawekjaranowski;>@slawekjaranowski Dependency updates https://issues.apache.org/jira/browse/MSHARED-1042;>[MSHARED-1042] - Upgrade Parent to 35 (https://github-redirect.dependabot.com/apache/maven-invoker/issues/47;>#47) https://github.com/slawekjaranowski;>@slawekjaranowski Bump maven-site-plugin from 3.9.1 to 3.10.0 (https://github-redirect.dependabot.com/apache/maven-invoker/issues/36;>#36) https://github.com/dependabot;>@dependabot Bump extra-enforcer-rules from 1.4 to 1.5.1 (https://github-redirect.dependabot.com/apache/maven-invoker/issues/31;>#31) https://github.com/dependabot;>@dependabot Bump maven-project-info-reports-plugin from 3.1.1 to 3.1.2 (https://github-redirect.dependabot.com/apache/maven-invoker/issues/11;>#11) https://github.com/dependabot;>@dependabot Update build and deps (https://github-redirect.dependabot.com/apache/maven-invoker/issues/25;>#25) https://github.com/cstamas;>@cstamas Bump actions/setup-java from 2.3.0 to 2.3.1 (https://github-redirect.dependabot.com/apache/maven-invoker/issues/23;>#23) https://github.com/dependabot;>@dependabot Bump maven-javadoc-plugin from 3.2.0 to 3.3.1 (https://github-redirect.dependabot.com/apache/maven-invoker/issues/21;>#21) https://github.com/dependabot;>@dependabot Bump actions/setup-java from 2.2.0 to 2.3.0 (https://github-redirect.dependabot.com/apache/maven-invoker/issues/20;>#20) https://github.com/dependabot;>@dependabot Bump actions/cache from 2.1.5 to 2.1.6 (https://github-redirect.dependabot.com/apache/maven-invoker/issues/17;>#17) https://github.com/dependabot;>@dependabot Bump actions/checkout from 2 to 2.3.4 (https://github-redirect.dependabot.com/apache/maven-invoker/issues/14;>#14) https://github.com/dependabot;>@dependabot Bump actions/cache from v2.1.4 to v2.1.5 (https://github-redirect.dependabot.com/apache/maven-invoker/issues/10;>#10) https://github.com/dependabot;>@dependabot Bump junit from 4.13.1 to 4.13.2 (https://github-redirect.dependabot.com/apache/maven-invoker/issues/8;>#8) https://github.com/dependabot;>@dependabot Maintenance https://issues.apache.org/jira/browse/MSHARED-577;>[MSHARED-577] - Remove usage of M2_HOME environment variable (https://github-redirect.dependabot.com/apache/maven-invoker/issues/35;>#35) https://github.com/slawekjaranowski;>@slawekjaranowski https://issues.apache.org/jira/browse/MSHARED-1006;>[MSHARED-1006] - Deprecate not thread safe methods on Invoker (https://github-redirect.dependabot.com/apache/maven-invoker/issues/32;>#32) https://github.com/slawekjaranowski;>@slawekjaranowski Unit test
[GitHub] [maven-gpg-plugin] dependabot[bot] opened a new pull request, #22: Bump maven-shade-plugin from 3.2.2 to 3.3.0
dependabot[bot] opened a new pull request, #22: URL: https://github.com/apache/maven-gpg-plugin/pull/22 Bumps [maven-shade-plugin](https://github.com/apache/maven-shade-plugin) from 3.2.2 to 3.3.0. Commits https://github.com/apache/maven-shade-plugin/commit/7169fded927b20c99534f6b30551b97fd2120676;>7169fde [maven-release-plugin] prepare release maven-shade-plugin-3.3.0 https://github.com/apache/maven-shade-plugin/commit/e5dcf95ab7956dc52fdf5e6cf465576c5b6a2ef8;>e5dcf95 Revert [maven-release-plugin] prepare release maven-shade-plugin-3.3.0 https://github.com/apache/maven-shade-plugin/commit/c2473cbab1837b499f144d3de98f7e8c3ca32d4e;>c2473cb [maven-release-plugin] prepare release maven-shade-plugin-3.3.0 https://github.com/apache/maven-shade-plugin/commit/ece4172b240cde8a5969890df7b989d93c98ce84;>ece4172 Revert [maven-release-plugin] prepare release maven-shade-plugin-3.3.0 https://github.com/apache/maven-shade-plugin/commit/0c6f823b9e53e0a9803ec5528c25a6aa6f37ce44;>0c6f823 Revert [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven-shade-plugin/commit/a9355b31dd901a73a75ec18027964a0f012459fe;>a9355b3 [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven-shade-plugin/commit/fc1dcc22ac5a21e5e882ec0faa32ae21b4336681;>fc1dcc2 [maven-release-plugin] prepare release maven-shade-plugin-3.3.0 https://github.com/apache/maven-shade-plugin/commit/aa019caa0a88714be532c973e5f73fbc7f0fbdd1;>aa019ca Bump hamcrest-core from 1.3 to 2.2 https://github.com/apache/maven-shade-plugin/commit/17b87aa368db6e0bcea4f6c2f1e07e46945f2f4b;>17b87aa [MSHADE-412] avoid possible NPE since rawString was added in SimpleRelocator ... https://github.com/apache/maven-shade-plugin/commit/04afab6ed3f82d5286babc42c660402ef7c325ad;>04afab6 Shared GitHub actions v2 Additional commits viewable in https://github.com/apache/maven-shade-plugin/compare/maven-shade-plugin-3.2.2...maven-shade-plugin-3.3.0;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-shade-plugin=maven=3.2.2=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gpg-plugin] dependabot[bot] opened a new pull request, #21: Bump maven-plugins from 34 to 36
dependabot[bot] opened a new pull request, #21: URL: https://github.com/apache/maven-gpg-plugin/pull/21 Bumps [maven-plugins](https://github.com/apache/maven-parent) from 34 to 36. Release notes Sourced from https://github.com/apache/maven-parent/releases;>maven-plugins's releases. 36 What's Changed [MPOM-300] switch from GA to ASF Matomo. by https://github.com/bmarwell;>@bmarwell in https://github-redirect.dependabot.com/apache/maven-parent/pull/58;>apache/maven-parent#58 [MPOM-308] Upgrade Maven PMD Plugin from 3.15.0 to 3.16.0 by https://github.com/slawekjaranowski;>@slawekjaranowski in https://github-redirect.dependabot.com/apache/maven-parent/pull/59;>apache/maven-parent#59 Bump taglist-maven-plugin from 2.4 to 3.0.0 by https://github.com/dependabot;>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/45;>apache/maven-parent#45 Bump maven-jxr-plugin from 3.1.1 to 3.2.0 by https://github.com/dependabot;>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/60;>apache/maven-parent#60 [MPOM-313] execute checkstyle in early phase of the build by https://github.com/olamy;>@olamy in https://github-redirect.dependabot.com/apache/maven-parent/pull/55;>apache/maven-parent#55 [MPOM-314] Upgrade modello-maven-plugin from 1.11 to 2.0.0 by https://github.com/slawekjaranowski;>@slawekjaranowski in https://github-redirect.dependabot.com/apache/maven-parent/pull/61;>apache/maven-parent#61 Bump apache from 25 to 26 by https://github.com/dependabot;>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/62;>apache/maven-parent#62 New Contributors https://github.com/bmarwell;>@bmarwell made their first contribution in https://github-redirect.dependabot.com/apache/maven-parent/pull/58;>apache/maven-parent#58 https://github.com/olamy;>@olamy made their first contribution in https://github-redirect.dependabot.com/apache/maven-parent/pull/55;>apache/maven-parent#55 Full Changelog: https://github.com/apache/maven-parent/compare/maven-parent-35...maven-parent-36;>https://github.com/apache/maven-parent/compare/maven-parent-35...maven-parent-36 35 What's Changed docs: remove out of date comment by https://github.com/elharo;>@elharo in https://github-redirect.dependabot.com/apache/maven-parent/pull/8;>apache/maven-parent#8 [MPOM-252] remove broken mail list archives by https://github.com/elharo;>@elharo in https://github-redirect.dependabot.com/apache/maven-parent/pull/18;>apache/maven-parent#18 Bump plexus-utils from 3.1.0 to 3.3.0 by https://github.com/dependabot;>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/13;>apache/maven-parent#13 Bump maven-toolchains-plugin from 1.1 to 3.0.0 by https://github.com/dependabot;>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/10;>apache/maven-parent#10 Bump plexus-container-default from 1.0-alpha-30 to 2.1.0 by https://github.com/dependabot;>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/11;>apache/maven-parent#11 Bump plexus-component-annotations from 2.0.0 to 2.1.0 by https://github.com/dependabot;>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/15;>apache/maven-parent#15 Bump mavenPluginToolsVersion from 3.5.2 to 3.6.0 by https://github.com/dependabot;>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/16;>apache/maven-parent#16 Bump modello-maven-plugin from 1.9.1 to 1.11 by https://github.com/dependabot;>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/12;>apache/maven-parent#12 Bump maven-jxr-plugin from 2.5 to 3.0.0 by https://github.com/dependabot;>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/9;>apache/maven-parent#9 Bump maven-pmd-plugin from 3.8 to 3.13.0 by https://github.com/dependabot;>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/17;>apache/maven-parent#17 Bump maven-pmd-plugin from 3.14.0 to 3.15.0 by https://github.com/dependabot;>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/28;>apache/maven-parent#28 [MPOM-268] - Removed unused property by https://github.com/khmarbaise;>@khmarbaise in https://github-redirect.dependabot.com/apache/maven-parent/pull/29;>apache/maven-parent#29 Bump mavenPluginToolsVersion from 3.6.0 to 3.6.1 by https://github.com/dependabot;>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/25;>apache/maven-parent#25 [MPOM-270] Fix enforcer plugin by https://github.com/cstamas;>@cstamas in https://github-redirect.dependabot.com/apache/maven-parent/pull/32;>apache/maven-parent#32 [MPOM-271] Add drop legacy dependencies profile by https://github.com/cstamas;>@cstamas in
[GitHub] [maven-gpg-plugin] dependabot[bot] opened a new pull request, #20: Bump maven-resolver-util from 1.4.1 to 1.8.1
dependabot[bot] opened a new pull request, #20: URL: https://github.com/apache/maven-gpg-plugin/pull/20 Bumps [maven-resolver-util](https://github.com/apache/maven-resolver) from 1.4.1 to 1.8.1. Commits https://github.com/apache/maven-resolver/commit/01a820ac40b25acb924f289056e9fa77de10a81f;>01a820a [maven-release-plugin] prepare release maven-resolver-1.8.1 https://github.com/apache/maven-resolver/commit/e9fe72f198f4fbf8ec4526a77068c9bed37c2a99;>e9fe72f Replace TBD placeholders with next version https://github.com/apache/maven-resolver/commit/4702bcf246f018ec8e9d1d3dd3f3dfe9a86b8da0;>4702bcf [MRESOLVER-262] Provide contextual data in trace during collect (https://github-redirect.dependabot.com/apache/maven-resolver/issues/182;>#182) https://github.com/apache/maven-resolver/commit/d1833cf88083017237324a156d2949777e10d809;>d1833cf Remove unused stuff (https://github-redirect.dependabot.com/apache/maven-resolver/issues/181;>#181) https://github.com/apache/maven-resolver/commit/1ab297e4a2b59d2ea21eec2aa1928dea2eec0f0f;>1ab297e Extract class PremanagedDependency (https://github-redirect.dependabot.com/apache/maven-resolver/issues/179;>#179) https://github.com/apache/maven-resolver/commit/a626750bf60a6f8209d3e2ccc0902d15f1d24140;>a626750 Collapse collectors (https://github-redirect.dependabot.com/apache/maven-resolver/issues/177;>#177) https://github.com/apache/maven-resolver/commit/570c65e6a8d86ed76df87c2b6f88df6941299b61;>570c65e Add test for empty children and collapse tests (https://github-redirect.dependabot.com/apache/maven-resolver/issues/175;>#175) https://github.com/apache/maven-resolver/commit/2ea36519a72079b9efa59c6278b15bfb01a53fb4;>2ea3651 [MRESOLVER-256] Dependency tree is different between DF and BF strategies whe... https://github.com/apache/maven-resolver/commit/adf3f7504eac3e199af236e25a48ed1286ab3878;>adf3f75 configure Jira integration https://github.com/apache/maven-resolver/commit/6e12ad3932e57c1eb57dc9250c35304fdaf7f0fb;>6e12ad3 [MRESOLVER-255] Update Jetty to 9.4.46.v20220331 (https://github-redirect.dependabot.com/apache/maven-resolver/issues/171;>#171) Additional commits viewable in https://github.com/apache/maven-resolver/compare/maven-resolver-1.4.1...maven-resolver-1.8.1;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.resolver:maven-resolver-util=maven=1.4.1=1.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-gpg-plugin] dependabot[bot] opened a new pull request, #18: Bump mavenVersion from 3.0 to 3.8.6
dependabot[bot] opened a new pull request, #18: URL: https://github.com/apache/maven-gpg-plugin/pull/18 Bumps `mavenVersion` from 3.0 to 3.8.6. Updates `maven-plugin-api` from 3.0 to 3.8.6 Release notes Sourced from https://github.com/apache/maven/releases;>maven-plugin-api's releases. 3.8.6 What's Changed [MNG-7441] 3.8.x Update version of logback by https://github.com/cstamas;>@cstamas in https://github-redirect.dependabot.com/apache/maven/pull/708;>apache/maven#708 [MNG-7432] Resolver session contains non-MavenWorkspaceReader by https://github.com/laeubi;>@laeubi in https://github-redirect.dependabot.com/apache/maven/pull/695;>apache/maven#695 [MNG-7459] Revert [3.8.x][MNG-7347] SessionScoped beans should be singletons for a given session by https://github.com/gnodet;>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/715;>apache/maven#715 [3.8.x] [MNG-7476] Display a warning when an aggregator mojo locks other mojos executions by https://github.com/gnodet;>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/736;>apache/maven#736 Full Changelog: https://github.com/apache/maven/compare/maven-3.8.5...maven-3.8.6;>https://github.com/apache/maven/compare/maven-3.8.5...maven-3.8.6 3.8.5 What's Changed [3.8.x][MNG-7156][MNG-7285] Add locking in MojoExecutor by https://github.com/gnodet;>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/628;>apache/maven#628 [MNG-6326] Make the build fail if core extensions can not be loaded by https://github.com/gnodet;>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/648;>apache/maven#648 [3.8.x][MNG-7347] SessionScoped beans should be singletons for a given session by https://github.com/gnodet;>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/653;>apache/maven#653 [3.8.x][MNG-7386] Make sure the ModelMerger$MergingList can be serialized by https://github.com/gnodet;>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/656;>apache/maven#656 [3.8.x][MNG-7349] Limit relocation warning message to direct dependencies only by https://github.com/gnodet;>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/657;>apache/maven#657 [3.8.x][MNG-6727] Changed expression check to project.version and project.parent.version by https://github.com/gnodet;>@gnodet in https://github-redirect.dependabot.com/apache/maven/pull/670;>apache/maven#670 [3.8.x][MNG-7395] - Support system-properties in extension.xml by https://github.com/laeubi;>@laeubi in https://github-redirect.dependabot.com/apache/maven/pull/673;>apache/maven#673 New Contributors https://github.com/laeubi;>@laeubi made their first contribution in https://github-redirect.dependabot.com/apache/maven/pull/673;>apache/maven#673 Full Changelog: https://github.com/apache/maven/compare/maven-3.8.4...maven-3.8.5;>https://github.com/apache/maven/compare/maven-3.8.4...maven-3.8.5 3.8.4 What's Changed [MNG-6302] logging the module count by https://github.com/rmannibucau;>@rmannibucau in https://github-redirect.dependabot.com/apache/maven/pull/136;>apache/maven#136 [MNG-6424] - Upgrade plexus-interpolation to 1.25 by https://github.com/shemic87;>@shemic87 in https://github-redirect.dependabot.com/apache/maven/pull/172;>apache/maven#172 Update Jenkins build to use Maven 3.5.4 by https://github.com/slachiewicz;>@slachiewicz in https://github-redirect.dependabot.com/apache/maven/pull/179;>apache/maven#179 [MNG-6473] Update Mockito to 2.21.0 by https://github.com/slachiewicz;>@slachiewicz in https://github-redirect.dependabot.com/apache/maven/pull/181;>apache/maven#181 MNG-6414 Add more Apache license headers to skip downloading license … by https://github.com/slachiewicz;>@slachiewicz in https://github-redirect.dependabot.com/apache/maven/pull/167;>apache/maven#167 [MNG-6479] Upgrade XMLUnit to 2.2.1 by https://github.com/slachiewicz;>@slachiewicz in https://github-redirect.dependabot.com/apache/maven/pull/183;>apache/maven#183 Fixed typo in exception logging by https://github.com/slachiewicz;>@slachiewicz in https://github-redirect.dependabot.com/apache/maven/pull/170;>apache/maven#170 [MNG-6490] Maven fails reporting circular dependency when the depende… by https://github.com/slachiewicz;>@slachiewicz in https://github-redirect.dependabot.com/apache/maven/pull/188;>apache/maven#188 [MNG-6261] - using java File api to compare by https://github.com/fabcipriano;>@fabcipriano in https://github-redirect.dependabot.com/apache/maven/pull/192;>apache/maven#192 MNG-6529 - ProjectBuild.build(projectsList, ...) ignores request.isResolveDependencies() by https://github.com/mickaelistria;>@mickaelistria in https://github-redirect.dependabot.com/apache/maven/pull/193;>apache/maven#193 [MNG-6559] Fix mailing list URL by https://github.com/johnlinp;>@johnlinp in
[GitHub] [maven-gpg-plugin] dependabot[bot] opened a new pull request, #19: Bump maven-artifact-transfer from 0.12.0 to 0.13.1
dependabot[bot] opened a new pull request, #19: URL: https://github.com/apache/maven-gpg-plugin/pull/19 Bumps [maven-artifact-transfer](https://github.com/apache/maven-artifact-transfer) from 0.12.0 to 0.13.1. Commits https://github.com/apache/maven-artifact-transfer/commit/ee4b1f50504d9538ea447e0d987a44e9e89e8dc1;>ee4b1f5 [maven-release-plugin] prepare release maven-artifact-transfer-0.13.1 https://github.com/apache/maven-artifact-transfer/commit/410ab39c0101f29c44d8d3b054241de90a4ba8be;>410ab39 Bump groovy from 3.0.6 to 3.0.7 https://github.com/apache/maven-artifact-transfer/commit/998d32016d8c949a72949f927fdd88a298b8f4b9;>998d320 Bump groovy from 3.0.4 to 3.0.6 https://github.com/apache/maven-artifact-transfer/commit/7f8251e01a7169232df6c1ad9b8d0d2b0ce3495a;>7f8251e Bump junit from 4.13 to 4.13.1 https://github.com/apache/maven-artifact-transfer/commit/dfb1e61c4f5db6fe167b3d879a37ab5e25c8475c;>dfb1e61 Quick fixes for problems reported by the IDE https://github.com/apache/maven-artifact-transfer/commit/0e1b8787b324b40376844280078fea8b5bcdb1f7;>0e1b878 Drop unused dependency commons-codec https://github.com/apache/maven-artifact-transfer/commit/a87ec073ea6a7e97bda97af54b96a6b7223b6dbb;>a87ec07 Bump groovy from 3.0.3 to 3.0.4 https://github.com/apache/maven-artifact-transfer/commit/f2b0b25be400ca1174b1af79488ded26b9bfe720;>f2b0b25 Run integration tests only with Java 8, 11 and 15 https://github.com/apache/maven-artifact-transfer/commit/64442121574513ab899efc408c9c9291df1071c7;>6444212 Remove unnecessary file causing Animal Sniffer to fail build https://github.com/apache/maven-artifact-transfer/commit/92a6791223c6af78b1c402c0d20bd9234499ea6e;>92a6791 update ASF CI url Additional commits viewable in https://github.com/apache/maven-artifact-transfer/compare/maven-artifact-transfer-0.12.0...maven-artifact-transfer-0.13.1;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.shared:maven-artifact-transfer=maven=0.12.0=0.13.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MGPG-88) Require Java 8
[ https://issues.apache.org/jira/browse/MGPG-88?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MGPG-88. Resolution: Fixed > Require Java 8 > -- > > Key: MGPG-88 > URL: https://issues.apache.org/jira/browse/MGPG-88 > Project: Maven GPG Plugin > Issue Type: Task >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.1.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MGPG-88) Require Java 8
[ https://issues.apache.org/jira/browse/MGPG-88?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz updated MGPG-88: - Fix Version/s: 3.1.0 > Require Java 8 > -- > > Key: MGPG-88 > URL: https://issues.apache.org/jira/browse/MGPG-88 > Project: Maven GPG Plugin > Issue Type: Task >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.1.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (MGPG-88) Require Java 8
[ https://issues.apache.org/jira/browse/MGPG-88?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz reassigned MGPG-88: Assignee: Sylwester Lachiewicz > Require Java 8 > -- > > Key: MGPG-88 > URL: https://issues.apache.org/jira/browse/MGPG-88 > Project: Maven GPG Plugin > Issue Type: Task >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.1.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MGPG-88) Require Java 8
Sylwester Lachiewicz created MGPG-88: Summary: Require Java 8 Key: MGPG-88 URL: https://issues.apache.org/jira/browse/MGPG-88 Project: Maven GPG Plugin Issue Type: Task Reporter: Sylwester Lachiewicz -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MGPG-83) Require Maven 3.2.5+
[ https://issues.apache.org/jira/browse/MGPG-83?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz updated MGPG-83: - Summary: Require Maven 3.2.5+ (was: Require Maven 3.1.1) > Require Maven 3.2.5+ > > > Key: MGPG-83 > URL: https://issues.apache.org/jira/browse/MGPG-83 > Project: Maven GPG Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (MNG-7509) Huge memory cost when parent pom widely used in a big project for dependencyManagement
[ https://issues.apache.org/jira/browse/MNG-7509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17564491#comment-17564491 ] Xiong Luyao edited comment on MNG-7509 at 7/17/22 1:08 PM: --- The reason is, when maven resolving the relationship, for each library it will create instances for the dependencies in dependencyManagement. So for those dependencies in parent pom, they will be created many times even they are totally same. In the worst cases, If a project introduce 3000 libraries and each library introduce the same parent pom which managed 3000 libraries version. There will be 9 million Dependency instance created. But in fact, only 3000 Dependency instances are necessary for this case. I think we can resolve it by adding a cache map for the dependencies. If the dependency instance is already in the cache map, it will get instance from the map rather than creating a new one. Fortunately, we needn't worry about the case that different model refer to the same dependency instance, and it will impact others if one model change the dependency. Since Dependency (including DefaultArtifact in it) is already designed as immutable, which means, if someone changes the value in somewhere, it won’t change the existing instance, but return a totally new one. Here is the PR: * [https://github.com/apache/maven/pull/764] * [https://github.com/apache/maven/pull/768] Currently, I just make PR for 3.8.x and 3.9.x, but I think it can be applied to other version as well if the solution is OK was (Author: JIRAUSER292130): The reason is, when maven resolving the relationship, for each library it will create instances for the dependencies in dependencyManagement. So for those dependencies in parent pom, they will be created many times even they are totally same. In the worst cases, If a project introduce 3000 libraries and each library introduce the same parent pom which managed 3000 libraries version. There will be 9 million Dependency instance created. But in fact, only 3000 Dependency instances are necessary for this case. I think we can resolve it by adding a cache map for the dependencies. If the dependency instance is already in the cache map, it will get instance from the map rather than creating a new one. Fortunately, we needn't worry about the case that different model refer to the same dependency instance, and it will impact others if one model change the dependency. Since Dependency (including DefaultArtifact in it) is already designed as immutable, which means, if someone changes the value in somewhere, it won’t change the existing instance, but return a totally new one. Here is the PR: [https://github.com/apache/maven/pull/764] Currently, I just make PR for 3.8.x, but I think it can be applied to other version as well if the solution is OK > Huge memory cost when parent pom widely used in a big project for > dependencyManagement > -- > > Key: MNG-7509 > URL: https://issues.apache.org/jira/browse/MNG-7509 > Project: Maven > Issue Type: Improvement > Components: Performance >Reporter: Xiong Luyao >Priority: Major > Attachments: image-2022-07-09-09-37-53-823.png, > image-2022-07-09-09-38-26-354.png, image-2022-07-09-10-27-12-668.png, > image-2022-07-09-10-27-56-437.png, image-2022-07-09-10-28-05-706.png, > image-2022-07-09-10-28-22-864.png, image-2022-07-09-10-28-35-341.png, > image-2022-07-09-10-28-40-612.png, image-2022-07-09-10-29-04-045.png, > image-2022-07-09-10-29-15-822.png, image-2022-07-09-10-29-21-991.png, > image-2022-07-09-10-29-46-216.png, image-2022-07-09-10-29-51-456.png > > > When maven try to resolve dependency relationship, it will create many > instances of dependency / artifact, even the dependency/artifact content is > totally same, but just in different pom models. It cost huge memory if there > is a parent pom with dependencyManagement which managed a lot of > dependencies, and this parent pom are implemented by many project libraries. > (libraries_count * managedDependency_count) dependency instances will be > created. For example, if there are 3000 libraries, and all the library > introduce same parent pom which managed 3000 dependencies version. There will > be 3000*3000 =9,000,000 dependency instances will be created. But most of > them are same, in fact, we only need one instance for each dependency in > parent pom (3000 dependency instances). > > I'm from eBay, and here is a real case in enterprise level project. We have > about 3000 business domain libraries, there are dependency relationship > between them. We need to build all libraries in one release to keep all the > libraries in same release are based on same code. So we used a parent pom as
[jira] [Commented] (MNG-7509) Huge memory cost when parent pom widely used in a big project for dependencyManagement
[ https://issues.apache.org/jira/browse/MNG-7509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567632#comment-17567632 ] ASF GitHub Bot commented on MNG-7509: - Yougoss opened a new pull request, #768: URL: https://github.com/apache/maven/pull/768 Following this checklist to help us incorporate your contribution quickly and easily: - [x] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/MNG) filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes. - [x] Each commit in the pull request should have a meaningful subject line and body. - [x] Format the pull request title like `[MNG-XXX] SUMMARY`, where you replace `MNG-XXX` and `SUMMARY` with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message. - [x] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [x] Run `mvn clean verify` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically. - [ ] You have run the [Core IT][core-its] successfully. If your pull request is about ~20 lines of code you don't need to sign an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure please ask on the developers list. To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) you have to acknowledge this by using the following check-box. - [x] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) - [x] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf). [core-its]: https://maven.apache.org/core-its/core-it-suite/ > Huge memory cost when parent pom widely used in a big project for > dependencyManagement > -- > > Key: MNG-7509 > URL: https://issues.apache.org/jira/browse/MNG-7509 > Project: Maven > Issue Type: Improvement > Components: Performance >Reporter: Xiong Luyao >Priority: Major > Attachments: image-2022-07-09-09-37-53-823.png, > image-2022-07-09-09-38-26-354.png, image-2022-07-09-10-27-12-668.png, > image-2022-07-09-10-27-56-437.png, image-2022-07-09-10-28-05-706.png, > image-2022-07-09-10-28-22-864.png, image-2022-07-09-10-28-35-341.png, > image-2022-07-09-10-28-40-612.png, image-2022-07-09-10-29-04-045.png, > image-2022-07-09-10-29-15-822.png, image-2022-07-09-10-29-21-991.png, > image-2022-07-09-10-29-46-216.png, image-2022-07-09-10-29-51-456.png > > > When maven try to resolve dependency relationship, it will create many > instances of dependency / artifact, even the dependency/artifact content is > totally same, but just in different pom models. It cost huge memory if there > is a parent pom with dependencyManagement which managed a lot of > dependencies, and this parent pom are implemented by many project libraries. > (libraries_count * managedDependency_count) dependency instances will be > created. For example, if there are 3000 libraries, and all the library > introduce same parent pom which managed 3000 dependencies version. There will > be 3000*3000 =9,000,000 dependency instances will be created. But most of > them are same, in fact, we only need one instance for each dependency in > parent pom (3000 dependency instances). > > I'm from eBay, and here is a real case in enterprise level project. We have > about 3000 business domain libraries, there are dependency relationship > between them. We need to build all libraries in one release to keep all the > libraries in same release are based on same code. So we used a parent pom as > a central management to manage all the version for a release, and introduced > by those libraries. As below picture, when the release start, it will > calculate and start with the library which doesn't depend on others, then > start the library which dependency libraries are already built. Keep this > process until all libraries are built. > With current maven resolve logic, it costs huge memory in above ways to built > libraries. And even the libraries have been released, if the project which > contains a lot of above libraries, it also cost huge memory when building > project. > So current now, we have to specify version in each
[jira] [Commented] (SCM-945) Support OpenSSH private keys with maven-scm-provider-jgit
[ https://issues.apache.org/jira/browse/SCM-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17567631#comment-17567631 ] ASF GitHub Bot commented on SCM-945: michael-o commented on PR #153: URL: https://github.com/apache/maven-scm/pull/153#issuecomment-1186512316 > git executable leverages the ssh executable for authentication and therefore there is no change with regard to supported private keys formats That's not what I mean, I mean that you can now supply an expliclt key which wasn't supported by now. Of course, the format and transport won't change. > Support OpenSSH private keys with maven-scm-provider-jgit > - > > Key: SCM-945 > URL: https://issues.apache.org/jira/browse/SCM-945 > Project: Maven SCM > Issue Type: Bug > Components: maven-scm-provider-jgit >Affects Versions: 1.11.2 >Reporter: Konrad Windszus >Assignee: Michael Osipov >Priority: Major > > For SSH based authentication with private keys in the OpenSSH format the > following error is being emitted: {{invalid privatekey: ...}} > This is due to the use of JGit 4.5.4 > (https://github.com/apache/maven-scm/blob/c5eb2c187568809e0dc0ea9ac83031f1dcb5ad1a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/pom.xml#L53) > which used JSch which lacks support for those private keys. JGit 5.2 comes > with a new SSH implementation > (https://bugs.eclipse.org/bugs/show_bug.cgi?id=520927) and should by that > also support OpenSSH private keys. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven] Yougoss opened a new pull request, #768: [MNG-7509] - Huge memory cost when parent pom widely used in a big project for dependencyManagement for 3.9.x
Yougoss opened a new pull request, #768: URL: https://github.com/apache/maven/pull/768 Following this checklist to help us incorporate your contribution quickly and easily: - [x] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/MNG) filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes. - [x] Each commit in the pull request should have a meaningful subject line and body. - [x] Format the pull request title like `[MNG-XXX] SUMMARY`, where you replace `MNG-XXX` and `SUMMARY` with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message. - [x] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [x] Run `mvn clean verify` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically. - [ ] You have run the [Core IT][core-its] successfully. If your pull request is about ~20 lines of code you don't need to sign an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure please ask on the developers list. To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) you have to acknowledge this by using the following check-box. - [x] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) - [x] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf). [core-its]: https://maven.apache.org/core-its/core-it-suite/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org