[jira] [Closed] (MINVOKER-311) Override reports directory in IT test
[
https://issues.apache.org/jira/browse/MINVOKER-311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Slawomir Jaranowski closed MINVOKER-311.
Fix Version/s: next-release
Resolution: Fixed
> Override reports directory in IT test
> -
>
> Key: MINVOKER-311
> URL: https://issues.apache.org/jira/browse/MINVOKER-311
> Project: Maven Invoker Plugin
> Issue Type: Improvement
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: next-release
>
>
> ASF Jenkins looks for reports in path like:
> {code}
> **/target/invoker-reports/TEST*.xml
> {code}
> So report generated by integration tests are assumed like project reports ...
> and build fail.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-invoker-plugin] slawekjaranowski merged pull request #142: [MINVOKER-311] Override reports directory in IT test
slawekjaranowski merged PR #142: URL: https://github.com/apache/maven-invoker-plugin/pull/142 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MPLUGINTESTING-75) Support JSR 330 components
Konrad Windszus created MPLUGINTESTING-75: - Summary: Support JSR 330 components Key: MPLUGINTESTING-75 URL: https://issues.apache.org/jira/browse/MPLUGINTESTING-75 Project: Maven Plugin Testing Issue Type: Improvement Components: plugin-testing-harness Affects Versions: 3.3.0 Reporter: Konrad Windszus Currently AbstractMojoTestCase can only inject legacy Plexus components but no JSR 330 components (https://github.com/eclipse/sisu.plexus/wiki/Plexus-to-JSR330). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-assembly-plugin] dependabot[bot] opened a new pull request, #92: Bump maven-common-artifact-filters from 3.3.1 to 3.3.2
dependabot[bot] opened a new pull request, #92: URL: https://github.com/apache/maven-assembly-plugin/pull/92 Bumps [maven-common-artifact-filters](https://github.com/apache/maven-common-artifact-filters) from 3.3.1 to 3.3.2. Commits https://github.com/apache/maven-common-artifact-filters/commit/31e20e5c0a2226285dc6b90fc5b3eaaf5f642d8a";>31e20e5 [maven-release-plugin] prepare release maven-common-artifact-filters-3.3.2 https://github.com/apache/maven-common-artifact-filters/commit/7660d9bc1429ffbe4c86cdaf7af5776d118883cf";>7660d9b [MSHARED-1131] Upgrade Parent to 37 and cleanup https://github.com/apache/maven-common-artifact-filters/commit/bde012cf6f793adf6d135e0356694dc1fef2c7f9";>bde012c (doc) small code cleanup from ide suggestions https://github.com/apache/maven-common-artifact-filters/commit/500569dad88b8f91e77116a2743a4685c920bed5";>500569d [MSHARED-1130] Sanitised value nullability in match(Pattern, boolean, String) https://github.com/apache/maven-common-artifact-filters/commit/299cf441a2e6eede21b0f1657c86f292ab4885b0";>299cf44 Use GH shared v3 https://github.com/apache/maven-common-artifact-filters/commit/37ea472bf2950d12a9176c91a9a79543f748846b";>37ea472 [maven-release-plugin] prepare for next development iteration See full diff in https://github.com/apache/maven-common-artifact-filters/compare/maven-common-artifact-filters-3.3.1...maven-common-artifact-filters-3.3.2";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-invoker-plugin] dependabot[bot] closed pull request #132: Bump maven-common-artifact-filters from 3.2.0 to 3.3.1
dependabot[bot] closed pull request #132: Bump maven-common-artifact-filters from 3.2.0 to 3.3.1 URL: https://github.com/apache/maven-invoker-plugin/pull/132 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-invoker-plugin] dependabot[bot] commented on pull request #132: Bump maven-common-artifact-filters from 3.2.0 to 3.3.1
dependabot[bot] commented on PR #132: URL: https://github.com/apache/maven-invoker-plugin/pull/132#issuecomment-1250545930 Superseded by #144. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-invoker-plugin] dependabot[bot] opened a new pull request, #144: Bump maven-common-artifact-filters from 3.2.0 to 3.3.2
dependabot[bot] opened a new pull request, #144: URL: https://github.com/apache/maven-invoker-plugin/pull/144 Bumps [maven-common-artifact-filters](https://github.com/apache/maven-common-artifact-filters) from 3.2.0 to 3.3.2. Commits https://github.com/apache/maven-common-artifact-filters/commit/31e20e5c0a2226285dc6b90fc5b3eaaf5f642d8a";>31e20e5 [maven-release-plugin] prepare release maven-common-artifact-filters-3.3.2 https://github.com/apache/maven-common-artifact-filters/commit/7660d9bc1429ffbe4c86cdaf7af5776d118883cf";>7660d9b [MSHARED-1131] Upgrade Parent to 37 and cleanup https://github.com/apache/maven-common-artifact-filters/commit/bde012cf6f793adf6d135e0356694dc1fef2c7f9";>bde012c (doc) small code cleanup from ide suggestions https://github.com/apache/maven-common-artifact-filters/commit/500569dad88b8f91e77116a2743a4685c920bed5";>500569d [MSHARED-1130] Sanitised value nullability in match(Pattern, boolean, String) https://github.com/apache/maven-common-artifact-filters/commit/299cf441a2e6eede21b0f1657c86f292ab4885b0";>299cf44 Use GH shared v3 https://github.com/apache/maven-common-artifact-filters/commit/37ea472bf2950d12a9176c91a9a79543f748846b";>37ea472 [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven-common-artifact-filters/commit/b244fd9e0e7e84ee0e2e3ba3402f5ba654b5becd";>b244fd9 [maven-release-plugin] prepare release maven-common-artifact-filters-3.3.1 https://github.com/apache/maven-common-artifact-filters/commit/611baf61bc8ff8a26bf4af48dcf8ecb53e5c74dc";>611baf6 [MSHARED-1104] Four element pattern may be GATV or GATC (https://github-redirect.dependabot.com/apache/maven-common-artifact-filters/issues/29";>#29) https://github.com/apache/maven-common-artifact-filters/commit/0985a227dcc4de82759797b40b939c4ebb5f6ff5";>0985a22 Fix jenkins url https://github.com/apache/maven-common-artifact-filters/commit/94088c760d6e9b80cf166a5028b2a87b5af43cfa";>94088c7 [maven-release-plugin] prepare for next development iteration Additional commits viewable in https://github.com/apache/maven-common-artifact-filters/compare/maven-common-artifact-filters-3.2.0...maven-common-artifact-filters-3.3.2";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-invoker-plugin] dependabot[bot] opened a new pull request, #143: Bump groovy-version from 3.0.12 to 3.0.13
dependabot[bot] opened a new pull request, #143: URL: https://github.com/apache/maven-invoker-plugin/pull/143 Bumps `groovy-version` from 3.0.12 to 3.0.13. Updates `groovy` from 3.0.12 to 3.0.13 Commits See full diff in https://github.com/apache/groovy/commits";>compare view Updates `groovy-json` from 3.0.12 to 3.0.13 Commits See full diff in https://github.com/apache/groovy/commits";>compare view Updates `groovy-xml` from 3.0.12 to 3.0.13 Commits See full diff in https://github.com/apache/groovy/commits";>compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MPMD-355) Add rulesets commandline options support
Xi created MPMD-355: --- Summary: Add rulesets commandline options support Key: MPMD-355 URL: https://issues.apache.org/jira/browse/MPMD-355 Project: Maven PMD Plugin Issue Type: New Feature Components: PMD Affects Versions: 3.19.0 Reporter: Xi Add support to specify rulesets from commandline options for maven-pmd-plugin. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-remote-resources-plugin] dependabot[bot] commented on pull request #14: Bump maven-common-artifact-filters from 3.2.0 to 3.3.1
dependabot[bot] commented on PR #14: URL: https://github.com/apache/maven-remote-resources-plugin/pull/14#issuecomment-1250485694 Superseded by #20. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-remote-resources-plugin] dependabot[bot] closed pull request #14: Bump maven-common-artifact-filters from 3.2.0 to 3.3.1
dependabot[bot] closed pull request #14: Bump maven-common-artifact-filters from 3.2.0 to 3.3.1 URL: https://github.com/apache/maven-remote-resources-plugin/pull/14 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-remote-resources-plugin] dependabot[bot] opened a new pull request, #20: Bump maven-common-artifact-filters from 3.2.0 to 3.3.2
dependabot[bot] opened a new pull request, #20: URL: https://github.com/apache/maven-remote-resources-plugin/pull/20 Bumps [maven-common-artifact-filters](https://github.com/apache/maven-common-artifact-filters) from 3.2.0 to 3.3.2. Commits https://github.com/apache/maven-common-artifact-filters/commit/31e20e5c0a2226285dc6b90fc5b3eaaf5f642d8a";>31e20e5 [maven-release-plugin] prepare release maven-common-artifact-filters-3.3.2 https://github.com/apache/maven-common-artifact-filters/commit/7660d9bc1429ffbe4c86cdaf7af5776d118883cf";>7660d9b [MSHARED-1131] Upgrade Parent to 37 and cleanup https://github.com/apache/maven-common-artifact-filters/commit/bde012cf6f793adf6d135e0356694dc1fef2c7f9";>bde012c (doc) small code cleanup from ide suggestions https://github.com/apache/maven-common-artifact-filters/commit/500569dad88b8f91e77116a2743a4685c920bed5";>500569d [MSHARED-1130] Sanitised value nullability in match(Pattern, boolean, String) https://github.com/apache/maven-common-artifact-filters/commit/299cf441a2e6eede21b0f1657c86f292ab4885b0";>299cf44 Use GH shared v3 https://github.com/apache/maven-common-artifact-filters/commit/37ea472bf2950d12a9176c91a9a79543f748846b";>37ea472 [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven-common-artifact-filters/commit/b244fd9e0e7e84ee0e2e3ba3402f5ba654b5becd";>b244fd9 [maven-release-plugin] prepare release maven-common-artifact-filters-3.3.1 https://github.com/apache/maven-common-artifact-filters/commit/611baf61bc8ff8a26bf4af48dcf8ecb53e5c74dc";>611baf6 [MSHARED-1104] Four element pattern may be GATV or GATC (https://github-redirect.dependabot.com/apache/maven-common-artifact-filters/issues/29";>#29) https://github.com/apache/maven-common-artifact-filters/commit/0985a227dcc4de82759797b40b939c4ebb5f6ff5";>0985a22 Fix jenkins url https://github.com/apache/maven-common-artifact-filters/commit/94088c760d6e9b80cf166a5028b2a87b5af43cfa";>94088c7 [maven-release-plugin] prepare for next development iteration Additional commits viewable in https://github.com/apache/maven-common-artifact-filters/compare/maven-common-artifact-filters-3.2.0...maven-common-artifact-filters-3.3.2";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-javadoc-plugin] kwin commented on pull request #164: Update parent pom to maven-plugins 37
kwin commented on PR #164: URL: https://github.com/apache/maven-javadoc-plugin/pull/164#issuecomment-1250358692 @michael-o Any idea why the version is managed to 3.3.1 in https://github.com/apache/maven-javadoc-plugin/blob/3032299ec99ed5c968fc3c04cd6f1b0eaeefea20/pom.xml#L415? Couldn't we always use the current version for the report as well? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-javadoc-plugin] kwin opened a new pull request, #164: Update parent pom to maven-plugins 37
kwin opened a new pull request, #164: URL: https://github.com/apache/maven-javadoc-plugin/pull/164 Just a draft. Currently `mvn clean site -Preporting` fails with ``` [INFO] Generating "Javadoc" report --- maven-javadoc-plugin:3.3.1:javadoc [WARNING] An issue has occurred with maven-javadoc-plugin:3.3.1:javadoc report, skipping LinkageError Receiver class org.apache.maven.plugins.javadoc.JavadocReport does not define or inherit an implementation of the resolved method 'abstract void generate(org.apache.maven.doxia.sink.Sink, java.util.Locale)' of interface org.apache.maven.reporting.MavenReport., please report an issue to Maven dev team. java.lang.AbstractMethodError: Receiver class org.apache.maven.plugins.javadoc.JavadocReport does not define or inherit an implementation of the resolved method 'abstract void generate(org.apache.maven.doxia.sink.Sink, java.util.Locale)' of interface org.apache.maven.reporting.MavenReport. at org.apache.maven.plugins.site.render.ReportDocumentRenderer.renderDocument (ReportDocumentRenderer.java:235) at org.apache.maven.doxia.siterenderer.DefaultSiteRenderer.render (DefaultSiteRenderer.java:348) at org.apache.maven.plugins.site.render.SiteMojo.renderLocale (SiteMojo.java:194) at org.apache.maven.plugins.site.render.SiteMojo.execute (SiteMojo.java:143) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:370) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:351) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:294) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293) at org.apache.maven.cli.MavenCli.main (MavenCli.java:196) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:566) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-7463) Improve documentation about deprecation in Mojo
[
https://issues.apache.org/jira/browse/MNG-7463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606318#comment-17606318
]
Hudson commented on MNG-7463:
-
Build unstable in Jenkins: Maven » Maven TLP » maven » maven-3.9.x #72
See
https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/maven-3.9.x/72/
> Improve documentation about deprecation in Mojo
> ---
>
> Key: MNG-7463
> URL: https://issues.apache.org/jira/browse/MNG-7463
> Project: Maven
> Issue Type: Improvement
> Components: Documentation: General, Plugin API
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
> fix, improve:
> - java docs of {{org.apache.maven.plugin.descriptor.MojoDescriptor}}
> -- {{deprecated}} filed and set/get methods.
> - maven-plugin-api/src/main/mdo/plugin.mdo
> -- descriptions of mojo, parameters deprecated field
> - https://maven.apache.org/developers/mojo-api-specification.html
> -- descriptions of mojo, parameters deprecated
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MNG-7310) Maven loads extension from another submodule
[
https://issues.apache.org/jira/browse/MNG-7310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606319#comment-17606319
]
Hudson commented on MNG-7310:
-
Build unstable in Jenkins: Maven » Maven TLP » maven » maven-3.9.x #72
See
https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven/job/maven-3.9.x/72/
> Maven loads extension from another submodule
>
>
> Key: MNG-7310
> URL: https://issues.apache.org/jira/browse/MNG-7310
> Project: Maven
> Issue Type: Bug
>Affects Versions: 4.0.0-alpha-1
>Reporter: Martin Kanters
>Priority: Major
> Fix For: 4.0.0
>
> Attachments: demo-plugins.zip
>
>
> With the latest Maven master, I'm not able to build a certain multi module
> project.
> It fails with the following error:
> C:\work\apache\demo>mvn validate
> [INFO] Scanning for projects...
> ...
> [ERROR] The build could not read 1 project -> [Help 1]
> [ERROR]
> [ERROR] The project com.example:demo2:0.0.1-SNAPSHOT
> (C:\work\apache\demo\demo2\pom.xml) has 1 error
> [ERROR] 'build.plugins.plugin.version' for
> org.springframework.cloud:spring-cloud-contract-maven-plugin must be a valid
> version but is '${project.version}'. @
> org.apache.maven:maven-core:4.0.0-alpha-1-SNAPSHOT:default-lifecycle-bindings
> The project looks as follows:
> parent
> – demo (module containing plugin "spring-cloud-contract-maven-plugin")
> – demo2 (module)
> "demo2" has no dependency on "demo" and the parent of "demo2" is "parent"..
> Somehow, the plugin from "demo" leaks into "demo2", which I've verified is
> the case during a debug session.
> I'm still unsure of a couple of things:
> - Does it only happen with the "spring-cloud-contract-maven-plugin" plugin?
> - Where does ${project.version} come from? (I've not defined it)
> I've done a bisect and tracked it down to the following commit:
> [[MNG-5577] Convert maven-core to JSR
> 330|https://github.com/apache/maven/commit/9567da2bc889a94f5c3b692b4afb310ddbacd6e5]
> Subject project is attached. Reproduce with the current master of Maven: mvn
> validate.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Closed] (MNG-7463) Improve documentation about deprecation in Mojo
[
https://issues.apache.org/jira/browse/MNG-7463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Slawomir Jaranowski closed MNG-7463.
Resolution: Fixed
> Improve documentation about deprecation in Mojo
> ---
>
> Key: MNG-7463
> URL: https://issues.apache.org/jira/browse/MNG-7463
> Project: Maven
> Issue Type: Improvement
> Components: Documentation: General, Plugin API
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
> fix, improve:
> - java docs of {{org.apache.maven.plugin.descriptor.MojoDescriptor}}
> -- {{deprecated}} filed and set/get methods.
> - maven-plugin-api/src/main/mdo/plugin.mdo
> -- descriptions of mojo, parameters deprecated field
> - https://maven.apache.org/developers/mojo-api-specification.html
> -- descriptions of mojo, parameters deprecated
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MNG-7463) Improve documentation about deprecation in Mojo
[
https://issues.apache.org/jira/browse/MNG-7463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606317#comment-17606317
]
ASF GitHub Bot commented on MNG-7463:
-
slawekjaranowski merged PR #802:
URL: https://github.com/apache/maven/pull/802
> Improve documentation about deprecation in Mojo
> ---
>
> Key: MNG-7463
> URL: https://issues.apache.org/jira/browse/MNG-7463
> Project: Maven
> Issue Type: Improvement
> Components: Documentation: General, Plugin API
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.9.0-candidate, 4.0.0-alpha-1, 4.0.0
>
>
> fix, improve:
> - java docs of {{org.apache.maven.plugin.descriptor.MojoDescriptor}}
> -- {{deprecated}} filed and set/get methods.
> - maven-plugin-api/src/main/mdo/plugin.mdo
> -- descriptions of mojo, parameters deprecated field
> - https://maven.apache.org/developers/mojo-api-specification.html
> -- descriptions of mojo, parameters deprecated
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (MNG-7463) Improve documentation about deprecation in Mojo
[
https://issues.apache.org/jira/browse/MNG-7463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Slawomir Jaranowski updated MNG-7463:
-
Fix Version/s: 3.9.0
(was: 3.9.0-candidate)
> Improve documentation about deprecation in Mojo
> ---
>
> Key: MNG-7463
> URL: https://issues.apache.org/jira/browse/MNG-7463
> Project: Maven
> Issue Type: Improvement
> Components: Documentation: General, Plugin API
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
> fix, improve:
> - java docs of {{org.apache.maven.plugin.descriptor.MojoDescriptor}}
> -- {{deprecated}} filed and set/get methods.
> - maven-plugin-api/src/main/mdo/plugin.mdo
> -- descriptions of mojo, parameters deprecated field
> - https://maven.apache.org/developers/mojo-api-specification.html
> -- descriptions of mojo, parameters deprecated
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven] slawekjaranowski merged pull request #802: [MNG-7463] Improve documentation about deprecation in Mojo
slawekjaranowski merged PR #802: URL: https://github.com/apache/maven/pull/802 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-invoker-plugin] slawekjaranowski opened a new pull request, #142: [MINVOKER-311] Override reports directory in IT test
slawekjaranowski opened a new pull request, #142: URL: https://github.com/apache/maven-invoker-plugin/pull/142 Following this checklist to help us incorporate your contribution quickly and easily: - [x] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/MINVOKER) filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes. - [x] Each commit in the pull request should have a meaningful subject line and body. - [x] Format the pull request title like `[MINVOKER-XXX] - Fixes bug in ApproximateQuantiles`, where you replace `MINVOKER-XXX` with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message. - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [x] Run `mvn clean verify` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically. - [x] You have run the integration tests successfully (`mvn -Prun-its clean verify`). If your pull request is about ~20 lines of code you don't need to sign an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure please ask on the developers list. To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) you have to acknowledge this by using the following check-box. - [x] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) - [x] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MINVOKER-311) Override reports directory in IT test
Slawomir Jaranowski created MINVOKER-311:
Summary: Override reports directory in IT test
Key: MINVOKER-311
URL: https://issues.apache.org/jira/browse/MINVOKER-311
Project: Maven Invoker Plugin
Issue Type: Improvement
Reporter: Slawomir Jaranowski
Assignee: Slawomir Jaranowski
ASF Jenkins looks for reports in path like:
{code}
**/target/invoker-reports/TEST*.xml
{code}
So report generated by integration tests are assumed like project reports ...
and build fail.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (MNG-7543) Upgrade JUnit Jupiter Version 5.9.0
[ https://issues.apache.org/jira/browse/MNG-7543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Heinz Marbaise reassigned MNG-7543: Assignee: Karl Heinz Marbaise > Upgrade JUnit Jupiter Version 5.9.0 > --- > > Key: MNG-7543 > URL: https://issues.apache.org/jira/browse/MNG-7543 > Project: Maven > Issue Type: Dependency upgrade >Affects Versions: 4.0.0 >Reporter: Karl Heinz Marbaise >Assignee: Karl Heinz Marbaise >Priority: Minor > Fix For: 4.0.0-alpha-1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MNG-7543) Upgrade JUnit Jupiter Version 5.9.0
Karl Heinz Marbaise created MNG-7543: Summary: Upgrade JUnit Jupiter Version 5.9.0 Key: MNG-7543 URL: https://issues.apache.org/jira/browse/MNG-7543 Project: Maven Issue Type: Dependency upgrade Affects Versions: 4.0.0 Reporter: Karl Heinz Marbaise Fix For: 4.0.0-alpha-1 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7539) Validate/Download SNAPSHOT dependencies once
[
https://issues.apache.org/jira/browse/MNG-7539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606295#comment-17606295
]
Karl Heinz Marbaise commented on MNG-7539:
--
If your update of the SNAPSHOT's is always it means you have either configured
that in your {{settings.xml}} ([Update
Policy|https://maven.apache.org/settings.html#repositories]) or you are using
{{-U}} during your build..The update intervall can already being defined via
{{settings.xml}} (see updatePolicy)...
Furthermore:
{quote}Maven Repository (a local Nexus instance), and artifact resolution could
slow down the build 2x-3x.{quote}
That sounds like if your repository manager has not enough power to handle such
simple load... Also the question is: Does the build of your multi module build
(30-40 modules) takes really 10-15 minutes?
>From my point of view you could solve the whole issue by using releases of the
>needed components in your projects... and test updates (new release versions)
>on a separate branch... and hopefully having appropriate tests to verify ...
>... The other question might be if your project heavily relies on other
>componenets (high coupling) it might be an option to reconsider to integrate
>those components in your multi modules builds...
> Validate/Download SNAPSHOT dependencies once
>
>
> Key: MNG-7539
> URL: https://issues.apache.org/jira/browse/MNG-7539
> Project: Maven
> Issue Type: Improvement
> Components: Dependencies
>Reporter: Adrian Tarau
>Priority: Critical
>
> Building an unreleased multi-module project (30-40 modules) that depends on
> various other unreleased modules puts significant pressure on the Maven
> Repository (a local Nexus instance), and artifact resolution could slow down
> the build 2x-3x.
> I do acknowledge that it is the job of the repository to cache and serve
> those responses fast, and for some reason, sometimes it slows down without an
> apparent reason.
> However, the whole build process will be faster if Maven validates a SNAPSHOT
> once for multi-module (when the dependency is reached the first time) and
> then use that version. Even if Maven Repository is relative fast, there is
> still network traffic done. Outside the fact that it should not be done, it
> might also introduce flaky behaviors:
> * one module downloads a version of artifact A, works with it, and
> everything is fine
> * 10 minutes later, another module needs artifact A and gets a newer
> version, which has some issues, and various (test) failures will be raised
> For consistency, on a multi-module build, all modules should _see_ the same
> version of a SNAPSHOT artifact. It will be faster, and it will be consistent
> (which is very important).
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Closed] (MNG-7414) Maven version 3.8.3 + 3.8.4 have jsoup vulnerability
[ https://issues.apache.org/jira/browse/MNG-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov closed MNG-7414. --- Fix Version/s: (was: waiting-for-feedback) (was: wontfix-candidate) Resolution: Not A Problem These versions have been superseded. > Maven version 3.8.3 + 3.8.4 have jsoup vulnerability > > > Key: MNG-7414 > URL: https://issues.apache.org/jira/browse/MNG-7414 > Project: Maven > Issue Type: Bug >Reporter: Ksenia Hershkovici >Priority: Major > > Hi Team, > We are facing jsoup component vulnerability with maven versions 3.8.3 and > 3.8.4 which is the latest released version of maven. The CVE details are: > CVE-2021-37714 > Jsoup version which is getting installed while installing maven 3.8.3 and > 3.8.4 is v1.12.1. > We noticed that both versions have wagon 3.4.3 that is probably installing > Jsoup v1.12.1. > Can you please provide the details of next maven version release with this > fix in it? > Thanks. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSHARED-1022) Documents of patterns used for filtering
[
https://issues.apache.org/jira/browse/MSHARED-1022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606282#comment-17606282
]
Slawomir Jaranowski commented on MSHARED-1022:
--
I assume that syntax for pattern string is the same in many case.
So we can crate a documentation site, eg "Pattern syntax" and link to it from
javadoc for method which use "Pattern string"
> Documents of patterns used for filtering
>
>
> Key: MSHARED-1022
> URL: https://issues.apache.org/jira/browse/MSHARED-1022
> Project: Maven Shared Components
> Issue Type: Improvement
> Components: maven-common-artifact-filters
>Reporter: Slawomir Jaranowski
>Priority: Major
> Labels: up-for-grabs
>
> For class:
> - {{org.apache.maven.shared.artifact.filter.PatternIncludesArtifactFilter}}
> - {{org.apache.maven.shared.artifact.filter.PatternExcludesArtifactFilter}}
>
> we can use patterns for filtering artifact, but pattern string is not
> documented.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (MNG-7542) Wrong Information - multi-module project
Karl Heinz Marbaise created MNG-7542:
Summary: Wrong Information - multi-module project
Key: MNG-7542
URL: https://issues.apache.org/jira/browse/MNG-7542
Project: Maven
Issue Type: Bug
Affects Versions: 4.0.0-alpha-1
Environment: Apache Maven 4.0.0-alpha-1-SNAPSHOT
(1ca65c79fa4e25c4b7da027c8f8eef1b95ceced4)
Maven home: /Users/khm/tools/maven
Java version: 17.0.4, vendor: Eclipse Adoptium, runtime:
/Users/khm/.sdkman/candidates/java/17.0.4-tem
Default locale: en_DE, platform encoding: UTF-8
OS name: "mac os x", version: "12.4", arch: "aarch64", family: "mac"
Reporter: Karl Heinz Marbaise
Fix For: 4.0.0
I have simple [single module spring boot project for testing
purposes|https://github.com/khmarbaise/m4/tree/main/spring-boot-plus-spring-data]
which produces during the build the following information at the beginning of
the build:
{code}
[INFO] Scanning for projects...
[INFO] Maven detected that the requested POM file is part of a multi-module
project, but could not find a pom.xml file in the multi-module root directory
'/Users/khm/ws-git-soebes'.
[INFO] The reactor is limited to all projects under:
/Users/khm/ws-git-soebes/examples/spring-boot-plus-spring-data
[INFO]
{code}
If I put the same project into a different directory:
{{/Users/khm/ws-git-bugs-maven/m4/spring-boot-plus-spring-data}} it does
**NOT** produce the output.
I have defined in the pom file the parent exactly like this:
{code:xml}
http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
https://maven.apache.org/xsd/maven-4.0.0.xsd";>
4.0.0
org.springframework.boot
spring-boot-starter-parent
3.0.0-M4
com.soebes.spring.example
employee
0.0.1-SNAPSHOT
{code}
Based on the configuration via {{}} it should never try to find
a parent project...which means this is simple separated single module
project... Unfortunately the given output is misleading here...
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-invoker-plugin] dependabot[bot] commented on pull request #134: Bump maven-plugins from 36 to 37
dependabot[bot] commented on PR #134: URL: https://github.com/apache/maven-invoker-plugin/pull/134#issuecomment-1250249792 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-invoker-plugin] slawekjaranowski closed pull request #134: Bump maven-plugins from 36 to 37
slawekjaranowski closed pull request #134: Bump maven-plugins from 36 to 37 URL: https://github.com/apache/maven-invoker-plugin/pull/134 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-invoker-plugin] slawekjaranowski opened a new pull request, #141: [MINVOKER-310] Upgrade Parent to 37
slawekjaranowski opened a new pull request, #141: URL: https://github.com/apache/maven-invoker-plugin/pull/141 Following this checklist to help us incorporate your contribution quickly and easily: - [x] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/MINVOKER) filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes. - [x] Each commit in the pull request should have a meaningful subject line and body. - [x] Format the pull request title like `[MINVOKER-XXX] - Fixes bug in ApproximateQuantiles`, where you replace `MINVOKER-XXX` with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message. - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [x] Run `mvn clean verify` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically. - [x] You have run the integration tests successfully (`mvn -Prun-its clean verify`). If your pull request is about ~20 lines of code you don't need to sign an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure please ask on the developers list. To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) you have to acknowledge this by using the following check-box. - [x] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) - [x] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MINVOKER-310) Upgrade Parent to 37
Slawomir Jaranowski created MINVOKER-310: Summary: Upgrade Parent to 37 Key: MINVOKER-310 URL: https://issues.apache.org/jira/browse/MINVOKER-310 Project: Maven Invoker Plugin Issue Type: Dependency upgrade Reporter: Slawomir Jaranowski Assignee: Slawomir Jaranowski Fix For: next-release -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MNG-7414) Maven version 3.8.3 + 3.8.4 have jsoup vulnerability
[ https://issues.apache.org/jira/browse/MNG-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Heinz Marbaise updated MNG-7414: - Fix Version/s: waiting-for-feedback wontfix-candidate > Maven version 3.8.3 + 3.8.4 have jsoup vulnerability > > > Key: MNG-7414 > URL: https://issues.apache.org/jira/browse/MNG-7414 > Project: Maven > Issue Type: Bug >Reporter: Ksenia Hershkovici >Priority: Major > Fix For: waiting-for-feedback, wontfix-candidate > > > Hi Team, > We are facing jsoup component vulnerability with maven versions 3.8.3 and > 3.8.4 which is the latest released version of maven. The CVE details are: > CVE-2021-37714 > Jsoup version which is getting installed while installing maven 3.8.3 and > 3.8.4 is v1.12.1. > We noticed that both versions have wagon 3.4.3 that is probably installing > Jsoup v1.12.1. > Can you please provide the details of next maven version release with this > fix in it? > Thanks. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-invoker-plugin] dependabot[bot] commented on pull request #140: Bump slf4j-simple from 1.7.36 to 2.0.1
dependabot[bot] commented on PR #140: URL: https://github.com/apache/maven-invoker-plugin/pull/140#issuecomment-1250247713 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-invoker-plugin] slawekjaranowski closed pull request #140: Bump slf4j-simple from 1.7.36 to 2.0.1
slawekjaranowski closed pull request #140: Bump slf4j-simple from 1.7.36 to 2.0.1 URL: https://github.com/apache/maven-invoker-plugin/pull/140 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-7533) jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with maven v3.8.6
[
https://issues.apache.org/jira/browse/MNG-7533?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606277#comment-17606277
]
Karl Heinz Marbaise commented on MNG-7533:
--
The given image references a file {{wagon-http-3.5.1-shaded.jar}} and signals
the [CVE|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425] which
describes explicit the usage of {{FileNameUtils.normalize}}. The referenced
{{wagon-http-3.5.1-shaded.jar}} file does not even contain commons io code.
Also the Maven code does not use the described way of code.
> jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with
> maven v3.8.6
> --
>
> Key: MNG-7533
> URL: https://issues.apache.org/jira/browse/MNG-7533
> Project: Maven
> Issue Type: Bug
> Environment: Production
>Reporter: John Roddy
>Priority: Major
> Fix For: waiting-for-feedback, wontfix-candidate
>
> Attachments: MicrosoftTeams-image (5).png
>
>
> jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with
> maven v3.8.6. We're using the latest for maven which is v3.8.6. Please
> upgrade jar to the latest to remediate the Prisma vulnerability associated
> with maven v3.8.6. Thank you!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Closed] (MNG-7535) Latest release of Maven contain EOL component - EOL-Google Guava 25.1
[ https://issues.apache.org/jira/browse/MNG-7535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Heinz Marbaise closed MNG-7535. Resolution: Won't Fix > Latest release of Maven contain EOL component - EOL-Google Guava 25.1 > - > > Key: MNG-7535 > URL: https://issues.apache.org/jira/browse/MNG-7535 > Project: Maven > Issue Type: Dependency upgrade > Components: Dependencies >Affects Versions: 3.8.6 >Reporter: Chris Campbell >Priority: Minor > Fix For: waiting-for-feedback, wontfix-candidate > > > We are utilizing the latest maven releases and getting EOL findings ( > EOL-Google Guava 25.1 ) from our internal Enterprise Security team that we > must remediate. > Will maven releases update to a newer, non-EOL of these components? If not, > is there anything we can do ourselves to remediate and use non-EOL versions? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7535) Latest release of Maven contain EOL component - EOL-Google Guava 25.1
[ https://issues.apache.org/jira/browse/MNG-7535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606276#comment-17606276 ] Michael Osipov commented on MNG-7535: - [~khmarbaise], that is why this is a non-issue for me. > Latest release of Maven contain EOL component - EOL-Google Guava 25.1 > - > > Key: MNG-7535 > URL: https://issues.apache.org/jira/browse/MNG-7535 > Project: Maven > Issue Type: Dependency upgrade > Components: Dependencies >Affects Versions: 3.8.6 >Reporter: Chris Campbell >Priority: Minor > Fix For: waiting-for-feedback, wontfix-candidate > > > We are utilizing the latest maven releases and getting EOL findings ( > EOL-Google Guava 25.1 ) from our internal Enterprise Security team that we > must remediate. > Will maven releases update to a newer, non-EOL of these components? If not, > is there anything we can do ourselves to remediate and use non-EOL versions? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7533) jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with maven v3.8.6
[ https://issues.apache.org/jira/browse/MNG-7533?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606275#comment-17606275 ] Michael Osipov commented on MNG-7533: - [~khmarbaise] , I think here is nothing to fix. 3.9.0 and master exclude commons-io already. The JAR isn't on the classpath. > jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with > maven v3.8.6 > -- > > Key: MNG-7533 > URL: https://issues.apache.org/jira/browse/MNG-7533 > Project: Maven > Issue Type: Bug > Environment: Production >Reporter: John Roddy >Priority: Major > Fix For: 3.9.0, waiting-for-feedback, wontfix-candidate > > Attachments: MicrosoftTeams-image (5).png > > > jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with > maven v3.8.6. We're using the latest for maven which is v3.8.6. Please > upgrade jar to the latest to remediate the Prisma vulnerability associated > with maven v3.8.6. Thank you! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MNG-7533) jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with maven v3.8.6
[ https://issues.apache.org/jira/browse/MNG-7533?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov updated MNG-7533: Fix Version/s: (was: 3.9.0) > jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with > maven v3.8.6 > -- > > Key: MNG-7533 > URL: https://issues.apache.org/jira/browse/MNG-7533 > Project: Maven > Issue Type: Bug > Environment: Production >Reporter: John Roddy >Priority: Major > Fix For: waiting-for-feedback, wontfix-candidate > > Attachments: MicrosoftTeams-image (5).png > > > jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with > maven v3.8.6. We're using the latest for maven which is v3.8.6. Please > upgrade jar to the latest to remediate the Prisma vulnerability associated > with maven v3.8.6. Thank you! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MNG-7535) Latest release of Maven contain EOL component - EOL-Google Guava 25.1
[ https://issues.apache.org/jira/browse/MNG-7535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov updated MNG-7535: Fix Version/s: wontfix-candidate > Latest release of Maven contain EOL component - EOL-Google Guava 25.1 > - > > Key: MNG-7535 > URL: https://issues.apache.org/jira/browse/MNG-7535 > Project: Maven > Issue Type: Dependency upgrade > Components: Dependencies >Affects Versions: 3.8.6 >Reporter: Chris Campbell >Priority: Minor > Fix For: waiting-for-feedback, wontfix-candidate > > > We are utilizing the latest maven releases and getting EOL findings ( > EOL-Google Guava 25.1 ) from our internal Enterprise Security team that we > must remediate. > Will maven releases update to a newer, non-EOL of these components? If not, > is there anything we can do ourselves to remediate and use non-EOL versions? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MNG-7533) jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with maven v3.8.6
[ https://issues.apache.org/jira/browse/MNG-7533?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Heinz Marbaise updated MNG-7533: - Fix Version/s: 3.9.0 > jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with > maven v3.8.6 > -- > > Key: MNG-7533 > URL: https://issues.apache.org/jira/browse/MNG-7533 > Project: Maven > Issue Type: Bug > Environment: Production >Reporter: John Roddy >Priority: Major > Fix For: 3.9.0, waiting-for-feedback, wontfix-candidate > > Attachments: MicrosoftTeams-image (5).png > > > jar v2.6 has medium (CVE-2021-29425) Prisma vulnerability associated with > maven v3.8.6. We're using the latest for maven which is v3.8.6. Please > upgrade jar to the latest to remediate the Prisma vulnerability associated > with maven v3.8.6. Thank you! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7535) Latest release of Maven contain EOL component - EOL-Google Guava 25.1
[ https://issues.apache.org/jira/browse/MNG-7535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606274#comment-17606274 ] Karl Heinz Marbaise commented on MNG-7535: -- There is nothing mentioned in https://github.com/google/guava nor something which indicates that on https://guava.dev/ > Latest release of Maven contain EOL component - EOL-Google Guava 25.1 > - > > Key: MNG-7535 > URL: https://issues.apache.org/jira/browse/MNG-7535 > Project: Maven > Issue Type: Dependency upgrade > Components: Dependencies >Affects Versions: 3.8.6 >Reporter: Chris Campbell >Priority: Minor > Fix For: waiting-for-feedback > > > We are utilizing the latest maven releases and getting EOL findings ( > EOL-Google Guava 25.1 ) from our internal Enterprise Security team that we > must remediate. > Will maven releases update to a newer, non-EOL of these components? If not, > is there anything we can do ourselves to remediate and use non-EOL versions? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MDEP-716) TestListClassesMojo logs too much
[ https://issues.apache.org/jira/browse/MDEP-716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606270#comment-17606270 ] Hudson commented on MDEP-716: - Build succeeded in Jenkins: Maven » Maven TLP » maven-dependency-plugin » master #47 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-dependency-plugin/job/master/47/ > TestListClassesMojo logs too much > - > > Key: MDEP-716 > URL: https://issues.apache.org/jira/browse/MDEP-716 > Project: Maven Dependency Plugin > Issue Type: Improvement >Reporter: Elliotte Rusty Harold >Assignee: Slawomir Jaranowski >Priority: Minor > Labels: up-for-grabs > Fix For: 3.4.0 > > > It should probably redirect System.out for the test > [INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 > s - in org.apache.maven.plugins.dependency.utils.TestDependencyUtil > [INFO] Running org.apache.maven.plugins.dependency.TestListClassesMojo > [INFO] org.apache.commons.lang3.BitField > [INFO] org.apache.commons.lang3.builder.Diffable > [INFO] org.apache.commons.lang3.builder.DiffBuilder$11 > [INFO] org.apache.commons.lang3.builder.DiffBuilder$12 > [INFO] org.apache.commons.lang3.builder.DiffBuilder$17 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MDEP-716) TestListClassesMojo logs too much
[ https://issues.apache.org/jira/browse/MDEP-716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski closed MDEP-716. Fix Version/s: 3.4.0 Assignee: Slawomir Jaranowski (was: Elliotte Rusty Harold) Resolution: Fixed > TestListClassesMojo logs too much > - > > Key: MDEP-716 > URL: https://issues.apache.org/jira/browse/MDEP-716 > Project: Maven Dependency Plugin > Issue Type: Improvement >Reporter: Elliotte Rusty Harold >Assignee: Slawomir Jaranowski >Priority: Minor > Labels: up-for-grabs > Fix For: 3.4.0 > > > It should probably redirect System.out for the test > [INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 > s - in org.apache.maven.plugins.dependency.utils.TestDependencyUtil > [INFO] Running org.apache.maven.plugins.dependency.TestListClassesMojo > [INFO] org.apache.commons.lang3.BitField > [INFO] org.apache.commons.lang3.builder.Diffable > [INFO] org.apache.commons.lang3.builder.DiffBuilder$11 > [INFO] org.apache.commons.lang3.builder.DiffBuilder$12 > [INFO] org.apache.commons.lang3.builder.DiffBuilder$17 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-dependency-plugin] slawekjaranowski merged pull request #245: [MDEP-716] - TestListClassesMojo logs too much
slawekjaranowski merged PR #245: URL: https://github.com/apache/maven-dependency-plugin/pull/245 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dependency-plugin] slawekjaranowski commented on pull request #245: [MDEP-716] - TestListClassesMojo logs too much
slawekjaranowski commented on PR #245: URL: https://github.com/apache/maven-dependency-plugin/pull/245#issuecomment-1250235457 > If `org.apache.commons:commons-lang3:3.6` has no transitive dependencies then the output should be the same - to my understanding. good understanding, So I see some improvement here - test for artifacts without transitive dependencies - as we have now, only test name / description should point such case - test for artifact with transitive dependencies of course it is job for next PR -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MSHARED-1022) Documents of patterns used for filtering
[
https://issues.apache.org/jira/browse/MSHARED-1022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606268#comment-17606268
]
Björn Raupach commented on MSHARED-1022:
Beginner question: where would this documentation go? JavaDoc? Somehwere on the
site? Is there already documentation that could be extended?
> Documents of patterns used for filtering
>
>
> Key: MSHARED-1022
> URL: https://issues.apache.org/jira/browse/MSHARED-1022
> Project: Maven Shared Components
> Issue Type: Improvement
> Components: maven-common-artifact-filters
>Reporter: Slawomir Jaranowski
>Priority: Major
> Labels: up-for-grabs
>
> For class:
> - {{org.apache.maven.shared.artifact.filter.PatternIncludesArtifactFilter}}
> - {{org.apache.maven.shared.artifact.filter.PatternExcludesArtifactFilter}}
>
> we can use patterns for filtering artifact, but pattern string is not
> documented.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-dependency-plugin] raupachz commented on pull request #245: [MDEP-716] - TestListClassesMojo logs too much
raupachz commented on PR #245: URL: https://github.com/apache/maven-dependency-plugin/pull/245#issuecomment-1250231104 Hi @slawekjaranowski no, the files are the same. I did not check the output. Before the output was just written to `System.out` without any checking. I treated every unit-test as a separate unit with an individual input file. Made sense to me. Even if this results in duplicate file content. If `org.apache.commons:commons-lang3:3.6` has no transitive dependencies then the output should be the same - to my understanding. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MSHARED-1136) Deprecate verifier.forkMode in favor of maven.verifier.forkMode
[
https://issues.apache.org/jira/browse/MSHARED-1136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606254#comment-17606254
]
Slawomir Jaranowski commented on MSHARED-1136:
--
Additional we have next option in Verifier - {{forkJvm}} - so we have two
options for the same, one from property and by settings Verifier.
ok, but when we drop this property - we will stop to have possibility to
execute whole test in embedded or forked mode, like in core-its we have profile
{{embedded}}
> Deprecate verifier.forkMode in favor of maven.verifier.forkMode
> ---
>
> Key: MSHARED-1136
> URL: https://issues.apache.org/jira/browse/MSHARED-1136
> Project: Maven Shared Components
> Issue Type: Task
> Components: maven-verifier
>Reporter: Michael Osipov
>Priority: Major
> Labels: up-for-grabs
> Fix For: maven-verifier-2.0.0
>
>
> We should have all system properties under our namespace, thus all prefixed
> with {{{}maven.{}}}. Query {{maven.verifier.forkMode}} first and then fall
> back to {{{}verifier.forkMode{}}}.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
