[jira] [Created] (MSOURCES-143) Can't create a source and test jar in Commons using commons-parent
Gary D. Gregory created MSOURCES-143: Summary: Can't create a source and test jar in Commons using commons-parent Key: MSOURCES-143 URL: https://issues.apache.org/jira/browse/MSOURCES-143 Project: Maven Source Plugin Issue Type: Bug Affects Versions: 3.3.0 Reporter: Gary D. Gregory Steps to reproduce: # git clone https://gitbox.apache.org/repos/asf/commons-parent # cd commons-parent # git checkout 8d886ce8382f7a79f06d51a3afc386b8a37d0473 # mvn clean install # cd .. # git clone https://gitbox.apache.org/repos/asf/commons-cli # cd commons-cli # git checkout 08f8c5034a8492be6db65b2086341c292489ee53 # mvn clean package [INFO] --- source:3.3.0:jar-no-fork (create-source-jar) @ commons-cli --- [ERROR] We have duplicated artifacts attached. [INFO] [INFO] BUILD FAILURE [INFO] [INFO] Total time: 15.233 s [INFO] Finished at: 2023-08-15T15:39:45-04:00 [INFO] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-source-plugin:3.3.0:jar-no-fork (create-source-jar) on project commons-cli: Presumably you have configured maven-source-plugn to execute twice times in your build. You have to configure a classifier for at least on of them. -> [Help 1] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-source-plugin] slachiewicz merged pull request #13: Fix typos in AbstractSourceJarMojo exception
slachiewicz merged PR #13: URL: https://github.com/apache/maven-source-plugin/pull/13 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-integration-testing] dependabot[bot] opened a new pull request, #287: Bump org.apache.maven:maven-core from 3.6.0 to 3.8.1 in /core-it-support/core-it-plugins/mng7529-plugin
dependabot[bot] opened a new pull request, #287: URL: https://github.com/apache/maven-integration-testing/pull/287 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.6.0 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d;>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1;>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231;>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9;>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9;>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f;>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016;>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f;>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871;>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3;>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.6.0...maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-integration-testing/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-integration-testing] dependabot[bot] opened a new pull request, #286: Bump org.apache.maven:maven-core from 3.2.5 to 3.8.1 in /core-it-suite/src/test/resources/mng-7474-session-scope/p
dependabot[bot] opened a new pull request, #286: URL: https://github.com/apache/maven-integration-testing/pull/286 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.2.5 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d;>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1;>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231;>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9;>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9;>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f;>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016;>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f;>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871;>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3;>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.2.5...maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-integration-testing/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dependency-plugin] dependabot[bot] opened a new pull request, #334: Bump org.apache.maven:maven-core from 3.2.5 to 3.8.1 in /src/it/projects/list-repositories
dependabot[bot] opened a new pull request, #334: URL: https://github.com/apache/maven-dependency-plugin/pull/334 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.2.5 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d;>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1;>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231;>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9;>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9;>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f;>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016;>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f;>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871;>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3;>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.2.5...maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-dependency-plugin/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] dependabot[bot] opened a new pull request, #878: Bump org.apache.maven:maven-core from 3.6.3 to 3.8.1 in /integration-tests/src/test/projects/extension-with-api/extension
dependabot[bot] opened a new pull request, #878: URL: https://github.com/apache/maven-mvnd/pull/878 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.6.3 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d;>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1;>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231;>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9;>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9;>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f;>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016;>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f;>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871;>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3;>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.6.3...maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-mvnd/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-toolchains-plugin] dependabot[bot] opened a new pull request, #15: Bump org.apache.maven:maven-core from 3.0.5 to 3.8.1 in /src/it/setup-custom-toolchain
dependabot[bot] opened a new pull request, #15: URL: https://github.com/apache/maven-toolchains-plugin/pull/15 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.0.5 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d;>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1;>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231;>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9;>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9;>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f;>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016;>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f;>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871;>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3;>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.0.5...maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-toolchains-plugin/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-integration-testing] dependabot[bot] opened a new pull request, #285: Bump org.apache.maven:maven-core from 3.1.0 to 3.8.1 in /core-it-suite/src/test/resources/mng-5561-plugin-relocati
dependabot[bot] opened a new pull request, #285: URL: https://github.com/apache/maven-integration-testing/pull/285 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.1.0 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d;>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1;>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231;>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9;>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9;>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f;>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016;>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f;>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871;>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3;>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.1.0...maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-integration-testing/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-ear-plugin] dependabot[bot] opened a new pull request, #95: Bump org.apache.maven:maven-core from 3.0 to 3.8.1 in /src/it/transitive-excludes
dependabot[bot] opened a new pull request, #95: URL: https://github.com/apache/maven-ear-plugin/pull/95 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.0 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d;>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1;>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231;>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9;>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9;>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f;>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016;>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f;>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871;>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3;>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.0...maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-ear-plugin/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dependency-plugin] dependabot[bot] opened a new pull request, #333: Bump org.apache.maven:maven-core from 3.0 to 3.8.1 in /src/it/projects/analyze-ignore-used-undeclared-dependency
dependabot[bot] opened a new pull request, #333: URL: https://github.com/apache/maven-dependency-plugin/pull/333 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.0 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d;>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1;>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231;>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9;>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9;>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f;>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016;>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f;>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871;>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3;>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.0...maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-dependency-plugin/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-shade-plugin] dependabot[bot] opened a new pull request, #195: Bump org.apache.maven:maven-core from 3.0 to 3.8.1 in /src/it/projects/MSHADE-240_reloc-mavenfiles
dependabot[bot] opened a new pull request, #195: URL: https://github.com/apache/maven-shade-plugin/pull/195 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.0 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d;>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1;>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231;>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9;>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9;>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f;>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016;>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f;>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871;>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3;>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.0...maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-shade-plugin/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-integration-testing] dependabot[bot] opened a new pull request, #283: Bump org.apache.maven:maven-core from 2.0.4274 to 3.8.1 in /core-it-suite/src/test/resources/mng-4274
dependabot[bot] opened a new pull request, #283: URL: https://github.com/apache/maven-integration-testing/pull/283 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 2.0.4274 to 3.8.1. Commits See full diff in https://github.com/apache/maven/commits/maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-integration-testing/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-integration-testing] dependabot[bot] opened a new pull request, #284: Bump org.apache.maven:maven-core from 3.1.0 to 3.8.1 in /core-it-suite/src/test/resources/mng-5561-plugin-relocati
dependabot[bot] opened a new pull request, #284: URL: https://github.com/apache/maven-integration-testing/pull/284 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.1.0 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d;>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1;>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231;>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9;>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9;>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f;>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016;>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f;>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871;>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3;>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.1.0...maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-integration-testing/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-integration-testing] dependabot[bot] opened a new pull request, #282: Bump org.apache.maven:maven-core from 0.1-stub to 3.8.1 in /core-it-suite/src/test/resources/mng-4666
dependabot[bot] opened a new pull request, #282: URL: https://github.com/apache/maven-integration-testing/pull/282 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 0.1-stub to 3.8.1. Commits See full diff in https://github.com/apache/maven/commits/maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-integration-testing/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-integration-testing] dependabot[bot] opened a new pull request, #281: Bump org.apache.maven:maven-core from 2.0.2 to 3.8.1 in /core-it-suite/src/test/resources/mng-4528
dependabot[bot] opened a new pull request, #281: URL: https://github.com/apache/maven-integration-testing/pull/281 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 2.0.2 to 3.8.1. Commits See full diff in https://github.com/apache/maven/commits/maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-integration-testing/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-archetype] dependabot[bot] opened a new pull request, #152: Bump org.apache.maven:maven-core from 2.0.7 to 3.8.1 in /maven-archetype-plugin/src/test/projects/simple-inheritence/enforce
dependabot[bot] opened a new pull request, #152: URL: https://github.com/apache/maven-archetype/pull/152 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 2.0.7 to 3.8.1. Commits See full diff in https://github.com/apache/maven/commits/maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-archetype/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-dependency-plugin] elharo commented on a diff in pull request #331: Code Improvements
elharo commented on code in PR #331:
URL:
https://github.com/apache/maven-dependency-plugin/pull/331#discussion_r1294897466
##
src/main/java/org/apache/maven/plugins/dependency/fromDependencies/BuildClasspathMojo.java:
##
@@ -307,9 +306,8 @@ private void storeClasspathFile(String cpString, File out)
throws MojoExecutionE
// make sure the parent path exists.
out.getParentFile().mkdirs();
-String encoding = Objects.toString(outputEncoding, "UTF-8");
-
-try (Writer w = new BufferedWriter(new OutputStreamWriter(new
FileOutputStream(out), encoding))) {
+String encoding = Objects.toString(outputEncoding,
StandardCharsets.UTF_8.name());
Review Comment:
no need for this, you can use the charset object StandardCharsets.UTF_8
instead without converting to a string
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [maven-doxia] dependabot[bot] commented on pull request #171: Bump xalan from 2.7.2 to 2.7.3 in /doxia-modules/doxia-module-xdoc
dependabot[bot] commented on PR #171: URL: https://github.com/apache/maven-doxia/pull/171#issuecomment-1679260339 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia] asfgit closed pull request #171: Bump xalan from 2.7.2 to 2.7.3 in /doxia-modules/doxia-module-xdoc
asfgit closed pull request #171: Bump xalan from 2.7.2 to 2.7.3 in /doxia-modules/doxia-module-xdoc URL: https://github.com/apache/maven-doxia/pull/171 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia] dependabot[bot] commented on pull request #172: Bump xalan from 2.7.2 to 2.7.3 in /doxia-modules/doxia-module-fml
dependabot[bot] commented on PR #172: URL: https://github.com/apache/maven-doxia/pull/172#issuecomment-1679260213 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia] asfgit closed pull request #172: Bump xalan from 2.7.2 to 2.7.3 in /doxia-modules/doxia-module-fml
asfgit closed pull request #172: Bump xalan from 2.7.2 to 2.7.3 in /doxia-modules/doxia-module-fml URL: https://github.com/apache/maven-doxia/pull/172 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MDEP-883) Upgrade maven-plugin parent to 40
[ https://issues.apache.org/jira/browse/MDEP-883?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Heinz Marbaise closed MDEP-883. Resolution: Done > Upgrade maven-plugin parent to 40 > - > > Key: MDEP-883 > URL: https://issues.apache.org/jira/browse/MDEP-883 > Project: Maven Dependency Plugin > Issue Type: Dependency upgrade >Affects Versions: 3.6.0 >Reporter: Karl Heinz Marbaise >Assignee: Karl Heinz Marbaise >Priority: Minor > Fix For: next-release > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MDEP-883) Upgrade maven-plugin parent to 40
[ https://issues.apache.org/jira/browse/MDEP-883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754705#comment-17754705 ] Karl Heinz Marbaise commented on MDEP-883: -- Done in [00620832a3c6ba3d17c7ec0382c7eecdaa510ebf|https://gitbox.apache.org/repos/asf?p=maven-dependency-plugin.git;h=00620832a3c6ba3d17c7ec0382c7eecdaa510ebf] > Upgrade maven-plugin parent to 40 > - > > Key: MDEP-883 > URL: https://issues.apache.org/jira/browse/MDEP-883 > Project: Maven Dependency Plugin > Issue Type: Dependency upgrade >Affects Versions: 3.6.0 >Reporter: Karl Heinz Marbaise >Assignee: Karl Heinz Marbaise >Priority: Minor > Fix For: next-release > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MDEP-883) Upgrade maven-plugin parent to 40
[ https://issues.apache.org/jira/browse/MDEP-883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754704#comment-17754704 ] ASF GitHub Bot commented on MDEP-883: - asfgit merged PR #332: URL: https://github.com/apache/maven-dependency-plugin/pull/332 > Upgrade maven-plugin parent to 40 > - > > Key: MDEP-883 > URL: https://issues.apache.org/jira/browse/MDEP-883 > Project: Maven Dependency Plugin > Issue Type: Dependency upgrade >Affects Versions: 3.6.0 >Reporter: Karl Heinz Marbaise >Assignee: Karl Heinz Marbaise >Priority: Minor > Fix For: next-release > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MEJB-136) Bump org.codehaus.plexus:plexus-archiver from 4.2.7 to 4.8.0
[ https://issues.apache.org/jira/browse/MEJB-136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754703#comment-17754703 ] ASF GitHub Bot commented on MEJB-136: - slachiewicz merged PR #21: URL: https://github.com/apache/maven-ejb-plugin/pull/21 > Bump org.codehaus.plexus:plexus-archiver from 4.2.7 to 4.8.0 > > > Key: MEJB-136 > URL: https://issues.apache.org/jira/browse/MEJB-136 > Project: Maven EJB Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.2.2 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MEJB-136) Bump org.codehaus.plexus:plexus-archiver from 4.2.7 to 4.8.0
[ https://issues.apache.org/jira/browse/MEJB-136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MEJB-136. - Resolution: Fixed > Bump org.codehaus.plexus:plexus-archiver from 4.2.7 to 4.8.0 > > > Key: MEJB-136 > URL: https://issues.apache.org/jira/browse/MEJB-136 > Project: Maven EJB Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.2.2 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MEJB-136) Bump org.codehaus.plexus:plexus-archiver from 4.2.7 to 4.8.0
Sylwester Lachiewicz created MEJB-136: - Summary: Bump org.codehaus.plexus:plexus-archiver from 4.2.7 to 4.8.0 Key: MEJB-136 URL: https://issues.apache.org/jira/browse/MEJB-136 Project: Maven EJB Plugin Issue Type: Dependency upgrade Reporter: Sylwester Lachiewicz Fix For: 3.2.2 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MRAR-88) Require Java 8
[ https://issues.apache.org/jira/browse/MRAR-88?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MRAR-88. Resolution: Fixed > Require Java 8 > -- > > Key: MRAR-88 > URL: https://issues.apache.org/jira/browse/MRAR-88 > Project: Maven RAR Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.0.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRAR-88) Require Java 8
[ https://issues.apache.org/jira/browse/MRAR-88?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754702#comment-17754702 ] ASF GitHub Bot commented on MRAR-88: slachiewicz merged PR #5: URL: https://github.com/apache/maven-rar-plugin/pull/5 > Require Java 8 > -- > > Key: MRAR-88 > URL: https://issues.apache.org/jira/browse/MRAR-88 > Project: Maven RAR Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.0.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRAR-88) Require Java 8
[ https://issues.apache.org/jira/browse/MRAR-88?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754700#comment-17754700 ] ASF GitHub Bot commented on MRAR-88: slachiewicz opened a new pull request, #5: URL: https://github.com/apache/maven-rar-plugin/pull/5 (no comment) > Require Java 8 > -- > > Key: MRAR-88 > URL: https://issues.apache.org/jira/browse/MRAR-88 > Project: Maven RAR Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.0.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MRAR-88) Require Java 8
[ https://issues.apache.org/jira/browse/MRAR-88?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz updated MRAR-88: - Fix Version/s: 3.0.1 > Require Java 8 > -- > > Key: MRAR-88 > URL: https://issues.apache.org/jira/browse/MRAR-88 > Project: Maven RAR Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.0.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MRAR-88) Require Java 8
Sylwester Lachiewicz created MRAR-88: Summary: Require Java 8 Key: MRAR-88 URL: https://issues.apache.org/jira/browse/MRAR-88 Project: Maven RAR Plugin Issue Type: Dependency upgrade Reporter: Sylwester Lachiewicz Assignee: Sylwester Lachiewicz -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-install-plugin] slachiewicz commented on pull request #47: [MINSTALL-190] [SECURITY] Fix Temporary File Information Disclosure Vulnerability
slachiewicz commented on PR #47: URL: https://github.com/apache/maven-install-plugin/pull/47#issuecomment-1679198460 please rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MINSTALL-190) Fix Temporary File Information Disclosure Vulnerability
[ https://issues.apache.org/jira/browse/MINSTALL-190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754696#comment-17754696 ] ASF GitHub Bot commented on MINSTALL-190: - slachiewicz commented on PR #47: URL: https://github.com/apache/maven-install-plugin/pull/47#issuecomment-1679198460 please rebase > Fix Temporary File Information Disclosure Vulnerability > --- > > Key: MINSTALL-190 > URL: https://issues.apache.org/jira/browse/MINSTALL-190 > Project: Maven Install Plugin > Issue Type: Bug >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.1.2 > > > https://github.com/apache/maven-install-plugin/pull/47 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MINSTALL-190) Fix Temporary File Information Disclosure Vulnerability
Sylwester Lachiewicz created MINSTALL-190: - Summary: Fix Temporary File Information Disclosure Vulnerability Key: MINSTALL-190 URL: https://issues.apache.org/jira/browse/MINSTALL-190 Project: Maven Install Plugin Issue Type: Bug Reporter: Sylwester Lachiewicz Fix For: 3.1.2 https://github.com/apache/maven-install-plugin/pull/47 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSTAGE-25) Modernize IO
[ https://issues.apache.org/jira/browse/MSTAGE-25?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754693#comment-17754693 ] ASF GitHub Bot commented on MSTAGE-25: -- slachiewicz merged PR #13: URL: https://github.com/apache/maven-stage-plugin/pull/13 > Modernize IO > - > > Key: MSTAGE-25 > URL: https://issues.apache.org/jira/browse/MSTAGE-25 > Project: Maven Stage Plugin > Issue Type: Improvement >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Minor > Fix For: 3.0 > > > # Use try with resources to make sure everything's closed and we don't leak > # Don't use PrintWriter since it swallows exceptions > # Prefer Apache Commons IO over Plexus IO -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MSTAGE-25) Modernize IO
[ https://issues.apache.org/jira/browse/MSTAGE-25?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MSTAGE-25. -- Resolution: Fixed > Modernize IO > - > > Key: MSTAGE-25 > URL: https://issues.apache.org/jira/browse/MSTAGE-25 > Project: Maven Stage Plugin > Issue Type: Improvement >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Minor > Fix For: 3.0 > > > # Use try with resources to make sure everything's closed and we don't leak > # Don't use PrintWriter since it swallows exceptions > # Prefer Apache Commons IO over Plexus IO -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-stage-plugin] slachiewicz merged pull request #13: [MSTAGE-25] use Apache Commons IO instead of Plexus
slachiewicz merged PR #13: URL: https://github.com/apache/maven-stage-plugin/pull/13 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MSHARED-1270) Deprecate maven-artifact-transfer
[ https://issues.apache.org/jira/browse/MSHARED-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MSHARED-1270. - Resolution: Fixed > Deprecate maven-artifact-transfer > - > > Key: MSHARED-1270 > URL: https://issues.apache.org/jira/browse/MSHARED-1270 > Project: Maven Shared Components > Issue Type: New Feature > Components: maven-artifact-transfer >Reporter: Guillaume Nodet >Assignee: Guillaume Nodet >Priority: Major > Fix For: maven-artifact-transfer-2.0.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (MSHARED-1270) Deprecate maven-artifact-transfer
[ https://issues.apache.org/jira/browse/MSHARED-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz reassigned MSHARED-1270: - Assignee: Guillaume Nodet > Deprecate maven-artifact-transfer > - > > Key: MSHARED-1270 > URL: https://issues.apache.org/jira/browse/MSHARED-1270 > Project: Maven Shared Components > Issue Type: New Feature > Components: maven-artifact-transfer >Reporter: Guillaume Nodet >Assignee: Guillaume Nodet >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSHARED-1270) Deprecate maven-artifact-transfer
[ https://issues.apache.org/jira/browse/MSHARED-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754692#comment-17754692 ] ASF GitHub Bot commented on MSHARED-1270: - slachiewicz merged PR #93: URL: https://github.com/apache/maven-artifact-transfer/pull/93 > Deprecate maven-artifact-transfer > - > > Key: MSHARED-1270 > URL: https://issues.apache.org/jira/browse/MSHARED-1270 > Project: Maven Shared Components > Issue Type: New Feature > Components: maven-artifact-transfer >Reporter: Guillaume Nodet >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MSHARED-1270) Deprecate maven-artifact-transfer
[ https://issues.apache.org/jira/browse/MSHARED-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz updated MSHARED-1270: -- Fix Version/s: maven-artifact-transfer-2.0.0 > Deprecate maven-artifact-transfer > - > > Key: MSHARED-1270 > URL: https://issues.apache.org/jira/browse/MSHARED-1270 > Project: Maven Shared Components > Issue Type: New Feature > Components: maven-artifact-transfer >Reporter: Guillaume Nodet >Assignee: Guillaume Nodet >Priority: Major > Fix For: maven-artifact-transfer-2.0.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-artifact-transfer] slachiewicz merged pull request #93: [MSHARED-1270] Deprecate maven-artifact-transfer
slachiewicz merged PR #93: URL: https://github.com/apache/maven-artifact-transfer/pull/93 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MSHARED-1296) Fix Temporary File Information Disclosure Vulnerability
[ https://issues.apache.org/jira/browse/MSHARED-1296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MSHARED-1296. - Resolution: Fixed > Fix Temporary File Information Disclosure Vulnerability > --- > > Key: MSHARED-1296 > URL: https://issues.apache.org/jira/browse/MSHARED-1296 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-verifier >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: maven-verifier-2.0.0 > > > https://github.com/apache/maven-verifier/pull/62 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSHARED-1296) Fix Temporary File Information Disclosure Vulnerability
[ https://issues.apache.org/jira/browse/MSHARED-1296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754690#comment-17754690 ] ASF GitHub Bot commented on MSHARED-1296: - slachiewicz merged PR #62: URL: https://github.com/apache/maven-verifier/pull/62 > Fix Temporary File Information Disclosure Vulnerability > --- > > Key: MSHARED-1296 > URL: https://issues.apache.org/jira/browse/MSHARED-1296 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-verifier >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: maven-verifier-2.0.0 > > > https://github.com/apache/maven-verifier/pull/62 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-verifier] slachiewicz merged pull request #62: [MSHARED-1296] [SECURITY] Fix Temporary File Information Disclosure Vulnerability
slachiewicz merged PR #62: URL: https://github.com/apache/maven-verifier/pull/62 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MSHARED-1296) Fix Temporary File Information Disclosure Vulnerability
Sylwester Lachiewicz created MSHARED-1296: - Summary: Fix Temporary File Information Disclosure Vulnerability Key: MSHARED-1296 URL: https://issues.apache.org/jira/browse/MSHARED-1296 Project: Maven Shared Components Issue Type: Dependency upgrade Components: maven-verifier Reporter: Sylwester Lachiewicz Fix For: maven-verifier-2.0.0 https://github.com/apache/maven-verifier/pull/62 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MDEP-832) Remove commons-collections-4
[
https://issues.apache.org/jira/browse/MDEP-832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754688#comment-17754688
]
ASF GitHub Bot commented on MDEP-832:
-
asfgit merged PR #255:
URL: https://github.com/apache/maven-dependency-plugin/pull/255
> Remove commons-collections-4
>
>
> Key: MDEP-832
> URL: https://issues.apache.org/jira/browse/MDEP-832
> Project: Maven Dependency Plugin
> Issue Type: Improvement
>Affects Versions: 3.3.0
>Reporter: Karl Heinz Marbaise
>Assignee: Karl Heinz Marbaise
>Priority: Minor
> Fix For: next-release
>
>
> Remove the dependency:
> {code:xml}
>
> org.apache.commons
> commons-collections4
> 4.2
>
> {code}
> which is used only for a single method.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Closed] (MDEP-832) Remove commons-collections-4
[
https://issues.apache.org/jira/browse/MDEP-832?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Karl Heinz Marbaise closed MDEP-832.
Resolution: Done
> Remove commons-collections-4
>
>
> Key: MDEP-832
> URL: https://issues.apache.org/jira/browse/MDEP-832
> Project: Maven Dependency Plugin
> Issue Type: Improvement
>Affects Versions: 3.3.0
>Reporter: Karl Heinz Marbaise
>Assignee: Karl Heinz Marbaise
>Priority: Minor
> Fix For: next-release
>
>
> Remove the dependency:
> {code:xml}
>
> org.apache.commons
> commons-collections4
> 4.2
>
> {code}
> which is used only for a single method.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MDEP-832) Remove commons-collections-4
[
https://issues.apache.org/jira/browse/MDEP-832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754689#comment-17754689
]
Karl Heinz Marbaise commented on MDEP-832:
--
Done in
[c6973dae1d79192d5cfaae6e32b14663164342a2|https://gitbox.apache.org/repos/asf?p=maven-dependency-plugin.git;h=c6973dae1d79192d5cfaae6e32b14663164342a2]
> Remove commons-collections-4
>
>
> Key: MDEP-832
> URL: https://issues.apache.org/jira/browse/MDEP-832
> Project: Maven Dependency Plugin
> Issue Type: Improvement
>Affects Versions: 3.3.0
>Reporter: Karl Heinz Marbaise
>Assignee: Karl Heinz Marbaise
>Priority: Minor
> Fix For: next-release
>
>
> Remove the dependency:
> {code:xml}
>
> org.apache.commons
> commons-collections4
> 4.2
>
> {code}
> which is used only for a single method.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [maven-dependency-plugin] asfgit merged pull request #255: [MDEP-832] - Remove commons-collections-4
asfgit merged PR #255: URL: https://github.com/apache/maven-dependency-plugin/pull/255 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MPLUGINTESTING-85) Bump org.codehaus.plexus:plexus-archiver from 4.6.1 to 4.8.0
[ https://issues.apache.org/jira/browse/MPLUGINTESTING-85?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MPLUGINTESTING-85. -- Resolution: Fixed > Bump org.codehaus.plexus:plexus-archiver from 4.6.1 to 4.8.0 > > > Key: MPLUGINTESTING-85 > URL: https://issues.apache.org/jira/browse/MPLUGINTESTING-85 > Project: Maven Plugin Testing > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: 4.0.0-alpha-2 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-plugin-testing] slachiewicz merged pull request #32: [PLUGINTESTING-85] Bump org.codehaus.plexus:plexus-archiver from 4.6.1 to 4.8.0 in /maven-plugin-testing-harness
slachiewicz merged PR #32: URL: https://github.com/apache/maven-plugin-testing/pull/32 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MPLUGINTESTING-85) Bump org.codehaus.plexus:plexus-archiver from 4.6.1 to 4.8.0
Sylwester Lachiewicz created MPLUGINTESTING-85: -- Summary: Bump org.codehaus.plexus:plexus-archiver from 4.6.1 to 4.8.0 Key: MPLUGINTESTING-85 URL: https://issues.apache.org/jira/browse/MPLUGINTESTING-85 Project: Maven Plugin Testing Issue Type: Dependency upgrade Reporter: Sylwester Lachiewicz Fix For: 4.0.0-alpha-2 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (DOXIATOOLS-78) Bump icu4j 71.1 to 72.1
[ https://issues.apache.org/jira/browse/DOXIATOOLS-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754685#comment-17754685 ] ASF GitHub Bot commented on DOXIATOOLS-78: -- slachiewicz merged PR #50: URL: https://github.com/apache/maven-doxia-converter/pull/50 > Bump icu4j 71.1 to 72.1 > --- > > Key: DOXIATOOLS-78 > URL: https://issues.apache.org/jira/browse/DOXIATOOLS-78 > Project: Maven Doxia Tools > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Priority: Trivial > Fix For: doxia-converter-1.4 > > > https://github.com/unicode-org/icu/releases/tag/release-72-1 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-archetype] dependabot[bot] opened a new pull request, #151: Bump org.codehaus.plexus:plexus-archiver from 4.2.2 to 4.8.0
dependabot[bot] opened a new pull request, #151: URL: https://github.com/apache/maven-archetype/pull/151 Bumps [org.codehaus.plexus:plexus-archiver](https://github.com/codehaus-plexus/plexus-archiver) from 4.2.2 to 4.8.0. Release notes Sourced from https://github.com/codehaus-plexus/plexus-archiver/releases;>org.codehaus.plexus:plexus-archiver's releases. 4.8.0 New features and improvements Add tzst alias for tar.zst archiver/unarchived (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/274;>#274) https://github.com/slawekjaranowski;>@slawekjaranowski Bug Fixes detect permissions for addFile (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/293;>#293) https://github.com/hboutemy;>@hboutemy Dependency updates Bump org.codehaus.plexus:plexus from 13 to 14 (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/296;>#296) https://github.com/dependabot;>@dependabot Bump zstd-jni from 1.5.5-4 to 1.5.5-5 (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/295;>#295) https://github.com/dependabot;>@dependabot Bump Eclipse Sisu and from 0.3.5 to 0.9.0.M2 (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/289;>#289) https://github.com/slachiewicz;>@slachiewicz Bump commons-io from 2.12.0 to 2.13.0 (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/288;>#288) https://github.com/dependabot;>@dependabot Bump zstd-jni from 1.5.5-3 to 1.5.5-4 (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/287;>#287) https://github.com/dependabot;>@dependabot Bump plexus-utils from 3.5.1 to 4.0.0 (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/283;>#283) https://github.com/dependabot;>@dependabot Bump commons-io from 2.11.0 to 2.12.0 (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/277;>#277) https://github.com/dependabot;>@dependabot Bump zstd-jni from 1.5.5-2 to 1.5.5-3 (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/284;>#284) https://github.com/dependabot;>@dependabot Bump guice from 5.1.0 to 6.0.0 (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/278;>#278) https://github.com/dependabot;>@dependabot Bump plexus from 10 to 13 (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/280;>#280) https://github.com/dependabot;>@dependabot Maintenance Remove public modifier from JUnit 5 tests (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/294;>#294) https://github.com/slawekjaranowski;>@slawekjaranowski Use https in scm/url (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/291;>#291) https://github.com/slawekjaranowski;>@slawekjaranowski Remove junit-jupiter-engine from project dependencies (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/292;>#292) https://github.com/slawekjaranowski;>@slawekjaranowski Remove parent and reports menu from site (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/282;>#282) https://github.com/slawekjaranowski;>@slawekjaranowski Cleanup after veryLargeJar test (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/281;>#281) https://github.com/slachiewicz;>@slachiewicz Override project.url (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/279;>#279) https://github.com/slawekjaranowski;>@slawekjaranowski Plexus Archiver 4.7.1 Bug Fixes don't apply umask on unknown perms (Win) (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/273;>#273) https://github.com/hboutemy;>@hboutemy Plexus Archiver 4.7.0 New features and improvements add umask support and use 022 in RB mode (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/271;>#271) https://github.com/hboutemy;>@hboutemy Use NIO Files for creating temporary files (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/270;>#270) https://github.com/slawekjaranowski;>@slawekjaranowski Deprecate the JAR Index feature (JDK-8302819) (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/268;>#268) https://github.com/jorsol;>@jorsol Add Archiver aliases for tar.* (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/266;>#266) https://github.com/slawekjaranowski;>@slawekjaranowski Dependency updates Bump junitVersion from 5.9.2 to 5.9.3 (https://redirect.github.com/codehaus-plexus/plexus-archiver/pull/267;>#267) https://github.com/dependabot;>@dependabot ... (truncated) Commits https://github.com/codehaus-plexus/plexus-archiver/commit/0333ef8a42cf9ba66941cf73e8d35b7aa5faa342;>0333ef8 [maven-release-plugin] prepare release plexus-archiver-4.8.0 https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2;>5475983
[GitHub] [maven-archetype] dependabot[bot] closed pull request #145: Bump plexus-archiver from 4.2.2 to 4.7.1
dependabot[bot] closed pull request #145: Bump plexus-archiver from 4.2.2 to 4.7.1 URL: https://github.com/apache/maven-archetype/pull/145 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia] dependabot[bot] commented on pull request #169: Bump flexmarkVersion from 0.62.2 to 0.64.8
dependabot[bot] commented on PR #169: URL: https://github.com/apache/maven-doxia/pull/169#issuecomment-1679136715 OK, I won't notify you about any of these dependencies again, unless you re-open this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia] dependabot[bot] closed pull request #169: Bump flexmarkVersion from 0.62.2 to 0.64.8
dependabot[bot] closed pull request #169: Bump flexmarkVersion from 0.62.2 to 0.64.8 URL: https://github.com/apache/maven-doxia/pull/169 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia] dependabot[bot] commented on pull request #170: Bump plexus-utils from 3.5.1 to 4.0.0
dependabot[bot] commented on PR #170: URL: https://github.com/apache/maven-doxia/pull/170#issuecomment-1679134813 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia] slachiewicz closed pull request #170: Bump plexus-utils from 3.5.1 to 4.0.0
slachiewicz closed pull request #170: Bump plexus-utils from 3.5.1 to 4.0.0 URL: https://github.com/apache/maven-doxia/pull/170 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia] dependabot[bot] commented on pull request #166: Bump xalan from 2.7.2 to 2.7.3
dependabot[bot] commented on PR #166: URL: https://github.com/apache/maven-doxia/pull/166#issuecomment-1679132287 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia] slachiewicz closed pull request #166: Bump xalan from 2.7.2 to 2.7.3
slachiewicz closed pull request #166: Bump xalan from 2.7.2 to 2.7.3 URL: https://github.com/apache/maven-doxia/pull/166 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-jlink-plugin] dependabot[bot] commented on pull request #114: Bump maven-archiver from 3.5.1 to 3.6.0
dependabot[bot] commented on PR #114: URL: https://github.com/apache/maven-jlink-plugin/pull/114#issuecomment-1679131299 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-jlink-plugin] slachiewicz closed pull request #114: Bump maven-archiver from 3.5.1 to 3.6.0
slachiewicz closed pull request #114: Bump maven-archiver from 3.5.1 to 3.6.0 URL: https://github.com/apache/maven-jlink-plugin/pull/114 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MJLINK-74) Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0
[ https://issues.apache.org/jira/browse/MJLINK-74?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754673#comment-17754673 ] ASF GitHub Bot commented on MJLINK-74: -- slachiewicz merged PR #163: URL: https://github.com/apache/maven-jlink-plugin/pull/163 > Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 > > > Key: MJLINK-74 > URL: https://issues.apache.org/jira/browse/MJLINK-74 > Project: Maven JLink Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.2.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MJLINK-74) Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0
[ https://issues.apache.org/jira/browse/MJLINK-74?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MJLINK-74. -- Resolution: Fixed > Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 > > > Key: MJLINK-74 > URL: https://issues.apache.org/jira/browse/MJLINK-74 > Project: Maven JLink Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.2.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MJLINK-74) Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0
Sylwester Lachiewicz created MJLINK-74: -- Summary: Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 Key: MJLINK-74 URL: https://issues.apache.org/jira/browse/MJLINK-74 Project: Maven JLink Plugin Issue Type: Dependency upgrade Reporter: Sylwester Lachiewicz Assignee: Sylwester Lachiewicz Fix For: 3.2.0 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-source-plugin] sabi0 commented on pull request #13: Fix typos in AbstractSourceJarMojo exception
sabi0 commented on PR #13: URL: https://github.com/apache/maven-source-plugin/pull/13#issuecomment-1678978035 Btw, there is also a typo in the PR template: > I hereby declare this contribution to be licenced under ... "licenced" => "licensed" -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia-sitetools] dependabot[bot] commented on pull request #112: Bump htmlunit from 2.67.0 to 2.69.0
dependabot[bot] commented on PR #112: URL: https://github.com/apache/maven-doxia-sitetools/pull/112#issuecomment-1678977204 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-doxia-sitetools] slachiewicz closed pull request #112: Bump htmlunit from 2.67.0 to 2.69.0
slachiewicz closed pull request #112: Bump htmlunit from 2.67.0 to 2.69.0 URL: https://github.com/apache/maven-doxia-sitetools/pull/112 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-source-plugin] sabi0 opened a new pull request, #13: Fix typos in AbstractSourceJarMojo exception
sabi0 opened a new pull request, #13: URL: https://github.com/apache/maven-source-plugin/pull/13 "twice times" => "twice" "at least on of them" => "at least one of them" Following this checklist to help us incorporate your contribution quickly and easily: - [x] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/MSOURCES) filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes. - [x] Each commit in the pull request should have a meaningful subject line and body. - [x] Format the pull request title like `[MSOURCES-XXX] - Fixes bug in ApproximateQuantiles`, where you replace `MSOURCES-XXX` with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message. - [x] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [x] Run `mvn clean verify -Prun-its` to make sure integration tests checks pass. A more thorough check will be performed on your pull request automatically. If your pull request is about ~20 lines of code you don't need to sign an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure please ask on the developers list. To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](https://www.apache.org/licenses/LICENSE-2.0) you have to acknowledge this by using the following check-box. - [x] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](https://www.apache.org/licenses/LICENSE-2.0) - [ ] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-wrapper] dependabot[bot] commented on pull request #101: Bump maven-shared-utils from 3.3.4 to 3.4.1
dependabot[bot] commented on PR #101: URL: https://github.com/apache/maven-wrapper/pull/101#issuecomment-1678926927 Looks like org.apache.maven.shared:maven-shared-utils is no longer updatable, so this is no longer needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-wrapper] dependabot[bot] closed pull request #101: Bump maven-shared-utils from 3.3.4 to 3.4.1
dependabot[bot] closed pull request #101: Bump maven-shared-utils from 3.3.4 to 3.4.1 URL: https://github.com/apache/maven-wrapper/pull/101 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-wrapper] slachiewicz commented on pull request #101: Bump maven-shared-utils from 3.3.4 to 3.4.1
slachiewicz commented on PR #101: URL: https://github.com/apache/maven-wrapper/pull/101#issuecomment-1678926488 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MPMD-380) Prefer apache commons and JDK to Plexus utils
[ https://issues.apache.org/jira/browse/MPMD-380?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MPMD-380. - Resolution: Fixed > Prefer apache commons and JDK to Plexus utils > - > > Key: MPMD-380 > URL: https://issues.apache.org/jira/browse/MPMD-380 > Project: Maven PMD Plugin > Issue Type: Dependency upgrade >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Minor > Fix For: 3.21.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-wrapper] dependabot[bot] closed pull request #104: Bump org.codehaus.plexus:plexus-archiver from 4.6.2 to 4.8.0 in /maven-wrapper-plugin
dependabot[bot] closed pull request #104: Bump org.codehaus.plexus:plexus-archiver from 4.6.2 to 4.8.0 in /maven-wrapper-plugin URL: https://github.com/apache/maven-wrapper/pull/104 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-wrapper] dependabot[bot] commented on pull request #104: Bump org.codehaus.plexus:plexus-archiver from 4.6.2 to 4.8.0 in /maven-wrapper-plugin
dependabot[bot] commented on PR #104: URL: https://github.com/apache/maven-wrapper/pull/104#issuecomment-1678903185 Looks like org.codehaus.plexus:plexus-archiver is up-to-date now, so this is no longer needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MPMD-380) Prefer apache commons and JDK to Plexus utils
[ https://issues.apache.org/jira/browse/MPMD-380?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz updated MPMD-380: -- Fix Version/s: 3.21.1 > Prefer apache commons and JDK to Plexus utils > - > > Key: MPMD-380 > URL: https://issues.apache.org/jira/browse/MPMD-380 > Project: Maven PMD Plugin > Issue Type: Dependency upgrade >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Minor > Fix For: 3.21.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MPMD-380) Prefer apache commons and JDK to Plexus utils
[ https://issues.apache.org/jira/browse/MPMD-380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754636#comment-17754636 ] ASF GitHub Bot commented on MPMD-380: - slachiewicz merged PR #132: URL: https://github.com/apache/maven-pmd-plugin/pull/132 > Prefer apache commons and JDK to Plexus utils > - > > Key: MPMD-380 > URL: https://issues.apache.org/jira/browse/MPMD-380 > Project: Maven PMD Plugin > Issue Type: Dependency upgrade >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Minor > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-pmd-plugin] slachiewicz merged pull request #132: [MPMD-380] use Apache Commons FileUtils and JDK
slachiewicz merged PR #132: URL: https://github.com/apache/maven-pmd-plugin/pull/132 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MPLUGIN-479) Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0
[ https://issues.apache.org/jira/browse/MPLUGIN-479?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MPLUGIN-479. Resolution: Fixed > Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 > - > > Key: MPLUGIN-479 > URL: https://issues.apache.org/jira/browse/MPLUGIN-479 > Project: Maven Plugin Tools > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.9.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MPLUGIN-479) Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0
[ https://issues.apache.org/jira/browse/MPLUGIN-479?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754608#comment-17754608 ] ASF GitHub Bot commented on MPLUGIN-479: slachiewicz merged PR #222: URL: https://github.com/apache/maven-plugin-tools/pull/222 > Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 > - > > Key: MPLUGIN-479 > URL: https://issues.apache.org/jira/browse/MPLUGIN-479 > Project: Maven Plugin Tools > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.9.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MPLUGIN-479) Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0
Sylwester Lachiewicz created MPLUGIN-479: Summary: Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 Key: MPLUGIN-479 URL: https://issues.apache.org/jira/browse/MPLUGIN-479 Project: Maven Plugin Tools Issue Type: Dependency upgrade Reporter: Sylwester Lachiewicz Fix For: 3.9.1 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-wrapper] slachiewicz merged pull request #105: [MWRAPPER-115] Bump org.codehaus.plexus:plexus-archiver from 4.6.2 to 4.8.0
slachiewicz merged PR #105: URL: https://github.com/apache/maven-wrapper/pull/105 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MWRAPPER-115) Bump org.codehaus.plexus:plexus-archiver from 4.6.2 to 4.8.0
[ https://issues.apache.org/jira/browse/MWRAPPER-115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MWRAPPER-115. - Resolution: Fixed > Bump org.codehaus.plexus:plexus-archiver from 4.6.2 to 4.8.0 > > > Key: MWRAPPER-115 > URL: https://issues.apache.org/jira/browse/MWRAPPER-115 > Project: Maven Wrapper > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: next-release > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MWRAPPER-115) Bump org.codehaus.plexus:plexus-archiver from 4.6.2 to 4.8.0
[ https://issues.apache.org/jira/browse/MWRAPPER-115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754607#comment-17754607 ] ASF GitHub Bot commented on MWRAPPER-115: - slachiewicz merged PR #105: URL: https://github.com/apache/maven-wrapper/pull/105 > Bump org.codehaus.plexus:plexus-archiver from 4.6.2 to 4.8.0 > > > Key: MWRAPPER-115 > URL: https://issues.apache.org/jira/browse/MWRAPPER-115 > Project: Maven Wrapper > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: next-release > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MWRAPPER-115) Bump org.codehaus.plexus:plexus-archiver from 4.6.2 to 4.8.0
Sylwester Lachiewicz created MWRAPPER-115: - Summary: Bump org.codehaus.plexus:plexus-archiver from 4.6.2 to 4.8.0 Key: MWRAPPER-115 URL: https://issues.apache.org/jira/browse/MWRAPPER-115 Project: Maven Wrapper Issue Type: Dependency upgrade Reporter: Sylwester Lachiewicz Fix For: next-release -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSHARED-1289) Deprecate maven-shared-utils
[ https://issues.apache.org/jira/browse/MSHARED-1289?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754604#comment-17754604 ] ASF GitHub Bot commented on MSHARED-1289: - slachiewicz commented on PR #165: URL: https://github.com/apache/maven-shared-utils/pull/165#issuecomment-1678840704 Only packages listed by Konrad above must be kept in this lib, or we can find a replacement. All others are just duplicates. > Deprecate maven-shared-utils > > > Key: MSHARED-1289 > URL: https://issues.apache.org/jira/browse/MSHARED-1289 > Project: Maven Shared Components > Issue Type: Improvement > Components: maven-shared-utils >Reporter: Konrad Windszus >Assignee: Konrad Windszus >Priority: Major > > As discussed in > https://lists.apache.org/thread/9wkmo1cfq7hx6qwo2xp070rkdz1w5myp this library > never became successor of plexus-utils and therefore is less maintained. > Instead of maintaining two libraries we should deprecated Maven Shared Utils > and recommend using plain JDK API where possible or fall back to either > plexus-utils or other well known third party libraries. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-shared-utils] slachiewicz commented on pull request #165: [MSHARED-1289] Deprecate library
slachiewicz commented on PR #165: URL: https://github.com/apache/maven-shared-utils/pull/165#issuecomment-1678840704 Only packages listed by Konrad above must be kept in this lib, or we can find a replacement. All others are just duplicates. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MGPG-102) Drop maven-artifact-transfer
Sylwester Lachiewicz created MGPG-102: - Summary: Drop maven-artifact-transfer Key: MGPG-102 URL: https://issues.apache.org/jira/browse/MGPG-102 Project: Maven GPG Plugin Issue Type: Dependency upgrade Reporter: Sylwester Lachiewicz -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MGPG-101) Switch to Junit5
[ https://issues.apache.org/jira/browse/MGPG-101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MGPG-101. - Resolution: Fixed > Switch to Junit5 > > > Key: MGPG-101 > URL: https://issues.apache.org/jira/browse/MGPG-101 > Project: Maven GPG Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.1.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MGPG-101) Switch to Junit5
[ https://issues.apache.org/jira/browse/MGPG-101?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754583#comment-17754583 ] ASF GitHub Bot commented on MGPG-101: - slachiewicz merged PR #52: URL: https://github.com/apache/maven-gpg-plugin/pull/52 > Switch to Junit5 > > > Key: MGPG-101 > URL: https://issues.apache.org/jira/browse/MGPG-101 > Project: Maven GPG Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.1.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MGPG-100) Fix Temporary File Information Disclosure Vulnerability
[ https://issues.apache.org/jira/browse/MGPG-100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MGPG-100. - Resolution: Fixed > Fix Temporary File Information Disclosure Vulnerability > --- > > Key: MGPG-100 > URL: https://issues.apache.org/jira/browse/MGPG-100 > Project: Maven GPG Plugin > Issue Type: Bug >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Trivial > Fix For: 3.1.1 > > > https://github.com/apache/maven-gpg-plugin/pull/30 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MGPG-100) Fix Temporary File Information Disclosure Vulnerability
[ https://issues.apache.org/jira/browse/MGPG-100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz updated MGPG-100: -- Priority: Trivial (was: Minor) > Fix Temporary File Information Disclosure Vulnerability > --- > > Key: MGPG-100 > URL: https://issues.apache.org/jira/browse/MGPG-100 > Project: Maven GPG Plugin > Issue Type: Bug >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Trivial > Fix For: 3.1.1 > > > https://github.com/apache/maven-gpg-plugin/pull/30 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MGPG-101) Switch to Junit5
[ https://issues.apache.org/jira/browse/MGPG-101?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754574#comment-17754574 ] ASF GitHub Bot commented on MGPG-101: - slachiewicz opened a new pull request, #52: URL: https://github.com/apache/maven-gpg-plugin/pull/52 (no comment) > Switch to Junit5 > > > Key: MGPG-101 > URL: https://issues.apache.org/jira/browse/MGPG-101 > Project: Maven GPG Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.1.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MGPG-101) Switch to Junit5
Sylwester Lachiewicz created MGPG-101: - Summary: Switch to Junit5 Key: MGPG-101 URL: https://issues.apache.org/jira/browse/MGPG-101 Project: Maven GPG Plugin Issue Type: Dependency upgrade Reporter: Sylwester Lachiewicz Assignee: Sylwester Lachiewicz Fix For: 3.1.1 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MGPG-100) Fix Temporary File Information Disclosure Vulnerability
[ https://issues.apache.org/jira/browse/MGPG-100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754529#comment-17754529 ] ASF GitHub Bot commented on MGPG-100: - asfgit closed pull request #30: [MGPG-100] Fix Temporary File Information Disclosure Vulnerability URL: https://github.com/apache/maven-gpg-plugin/pull/30 > Fix Temporary File Information Disclosure Vulnerability > --- > > Key: MGPG-100 > URL: https://issues.apache.org/jira/browse/MGPG-100 > Project: Maven GPG Plugin > Issue Type: Bug >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.1.1 > > > https://github.com/apache/maven-gpg-plugin/pull/30 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-gpg-plugin] asfgit closed pull request #30: [MGPG-100] Fix Temporary File Information Disclosure Vulnerability
asfgit closed pull request #30: [MGPG-100] Fix Temporary File Information Disclosure Vulnerability URL: https://github.com/apache/maven-gpg-plugin/pull/30 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MJAVADOC-766) Update plexus-archiver from 4.7.1 to 4.8.0
[ https://issues.apache.org/jira/browse/MJAVADOC-766?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MJAVADOC-766. - Resolution: Fixed > Update plexus-archiver from 4.7.1 to 4.8.0 > -- > > Key: MJAVADOC-766 > URL: https://issues.apache.org/jira/browse/MJAVADOC-766 > Project: Maven Javadoc Plugin > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: 3.5.1 > > > Protect from CVE-2023-37460 -- This message was sent by Atlassian Jira (v8.20.10#820010)
