Re: slf4j-jcl-1.0.1: Checksum validation failed
Hi Olivier, Thank you for your response! I just created a ticket for them: https://issues.sonatype.org/browse/MVNCENTRAL-5833 On Sun, May 24, 2020 at 04:56 Olivier Lamy wrote: > Maven Central is managed by Sonatype read term of services > https://repo1.maven.org/terms.html > > You should report this issue here > https://issues.sonatype.org/projects/MVNCENTRAL > > On Sat, 23 May 2020 at 02:04, Tomo Suzuki > wrote: > > > Hi Maven users, > > > > Does anyone know why slf4j-jcl-1.0.1's checksum is invalid in Maven > > Central? > > > > I'm investigating the following warning message: > > > > [WARNING] Could not validate integrity of download from > > > > > https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom > > : > > Checksum validation failed, expected > > 7035ae7774a9a082a316a6943bbad9dfab6319b3 but is > > c5c0a3fff6071a4c720f1b7aa1b66cb9d0b26a21 > > > > When I checked > > > > > https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom.sha1 > > , > > it has > > > > 7035ae7774a9a082a316a6943bbad9dfab6319b3 > > > > > /home/projects/maven/repository-staging/to-ibiblio/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom > > > > However, curl and sha1sum say otherwise: > > > > suztomo@suztomo:~/spring-cloud-gcp$ curl > > > > > https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom > > |sha1sum > > < > https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom%7Csha1sum > > > > % Total% Received % Xferd Average Speed TimeTime Time > > Current > > Dload Upload Total SpentLeft > > Speed > > 100 394 100 3940 0 4061 0 --:--:-- --:--:-- --:--:-- > > 4104 > > c5c0a3fff6071a4c720f1b7aa1b66cb9d0b26a21 - > > > > So from my perspective, the discrepancy is in line with the Maven warning > > message. Maven Central is hosting invalid checksum files. Does anyone > know > > why this discrepancy happens slf4j-jcl-1.0.1? > > > > -- > > Regards, > > Tomo > > > > > -- > Olivier Lamy > http://twitter.com/olamy | http://linkedin.com/in/olamy >
Re: [ANN] Maven Project Info Reports Plugin 3.1.0 released
Hello, for whatever reason this plugin is missing in central https://repo1.maven.org/maven2/org/apache/maven/plugins/maven-project-info-reports-plugin/ Can you please check? On Wed, 27 May 2020 at 04:24, Michael Osipov wrote: > The Apache Maven team is pleased to announce the release of the Maven > Project Info Reports Plugin version 3.1.0. > > https://maven.apache.org/plugins/maven-project-info-reports-plugin/ > > You should specify the version in your project's plugin configuration: > > >org.apache.maven.plugins >maven-project-info-reports-plugin >3.1.0 > > > > Release Notes - Maven Project Info Reports Plugin - Version 3.1.0 > > ** Bug > * [MPIR-373] - Upgrade from 2.9 to 3.0.0 introduces additional warning > * [MPIR-374] - Unknown packaging: bundle when creating report > * [MPIR-376] - LightweightHttpsWagon is always used > * [MPIR-380] - Emails in developers section of pom are improperly > handled > * [MPIR-385] - Emails in mailing list section of pom are improperly > handled > * [MPIR-386] - Project building errors with plugins and central > repository override > > ** New Feature > * [MPIR-375] - add plugin excludes feature for plugin-management > report > > ** Improvement > * [MPIR-381] - Improve russian localization > * [MPIR-384] - Use PatternExcludesArtifactFilter to exclude > artifacts in PluginManagement > * [MPIR-387] - make build Reproducible > * [MPIR-390] - Verify build by Github action > > ** Dependency upgrade > * [MPIR-388] - upgrade Doxia Sitetools to 1.9.2 to remove > dependency on Struts > * [MPIR-389] - Upgrade Doxia to 1.9.1 > > > Enjoy, > > -The Apache Maven team > > - > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > > -- Best regards, Maxim
Re: Maven brings “test” transitive dependency as “compile”
Thanks for an easy public reproduction! netty-common is coming through with compile scope from: org.elasticsearch.client:transport:jar:5.6.16:compile -> org.elasticsearch.plugin:transport-netty4-client:jar:5.6.16:compile ---> io.netty:netty-common:jar:4.1.13.Final:compile I found this by excluding the netty-common dependency from bookkeeper-common and running dependency:tree again, which actually you said you did as well, so I'm curious what we did differently. Anyway, I hope this helps! -- Andy Feldman Wealthfront On Tue, May 26, 2020 at 11:59 AM Debraj Manna wrote: > You can reproduce the issue in > https://github.com/debraj-manna/dependency-issue > > In dependency tree of delete I am seeing dependency as below > > [INFO] \- > org.apache.bookkeeper:bookkeeper-common:test-jar:tests:4.10.0:test > [INFO]+- > org.apache.bookkeeper.stats:bookkeeper-stats-api:jar:4.10.0:test > [INFO]+- org.apache.bookkeeper:cpu-affinity:jar:4.10.0:test > *[INFO]+- io.netty:netty-common:jar:4.1.32.Final:compile* > [INFO]+- com.fasterxml.jackson.core:jackson-databind:jar:2.9.7:compile > [INFO]+- > com.fasterxml.jackson.core:jackson-annotations:jar:2.9.7:compile > [INFO]+- org.jctools:jctools-core:jar:2.1.2:test > [INFO]+- org.slf4j:slf4j-api:jar:1.7.25:test > [INFO]\- commons-configuration:commons-configuration:jar:1.10:test > > > On Sun, May 24, 2020 at 2:47 AM Nick Stolwijk > wrote: > > > The verbose flag was removed in newer versions of the plugin. You could > try > > an old pluginversion: > > > > mvn org.apache.maven.plugins:maven-dependency-plugin:2.10:tree -Dverbose > > > > With regards, > > > > Nick Stolwijk > > > > ~~~ Try to leave this world a little better than you found it and, when > > your turn comes to die, you can die happy in feeling that at any rate you > > have not wasted your time but have done your best ~~~ > > > > Lord Baden-Powell > > > > > > On Sat, May 23, 2020 at 7:53 PM Debraj Manna > > wrote: > > > > > Yes I saw the documentation. It is not behaving as expected. > > > > > > Can you let me know what is the alternative for maven dependency:tree > > > -Dverbose ? If I get the verbose mode for dependency:tree then I think > > > that will provide us more information. > > > > > > On Sat, May 23, 2020 at 6:09 PM Tomo Suzuki > > > > wrote: > > > > > > > Debraj, > > > > > > > > I couldn't reproduce the problem in my setting. Netty-common appears > as > > > > test scope. > > > > https://gist.github.com/suztomo/69f854bddd102b3fe83eae8f0720c494 > > > > > > > > Would you be willing to create a minimum reproducible project? > > > > Hopefully it builds only artifacts available on the public Internet > (no > > > > artifactory.arkin.local:8000). > > > > > > > > BTW, this is the documentation I think your Maven tree is not > behaving > > as > > > > documented: > > > > > > > > > > > > > > https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#dependency-scope > > > > > > > > > > > > > > > > > > > > On Sat, May 23, 2020 at 12:40 AM Debraj Manna < > > subharaj.ma...@gmail.com> > > > > wrote: > > > > > > > > > Thanks Andy for replying. > > > > > > > > > > maven dependency:tree -Dverbose does not seem to work for me. It > > gives > > > me > > > > > the below message > > > > > > > > > > ... > > > > > [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ > delete > > > --- > > > > > [INFO] Verbose not supported since maven-dependency-plugin 3.0 > > > > > [INFO] com.vnera:delete:jar:0.001-SNAPSHOT > > > > > ... > > > > > > > > > > If I just exclude netty-common from apache-bookkeeper then > > netty-common > > > > > 4.1.32 does not show up in the dependency tree. > > > > > > > > > > > > > > > On Sat, May 23, 2020 at 3:57 AM Andy Feldman < > an...@wealthfront.com> > > > > > wrote: > > > > > > > > > > > On Fri, May 22, 2020 at 6:31 AM Debraj Manna < > > > subharaj.ma...@gmail.com > > > > > > > > > > > wrote: > > > > > > > > > > > > > bookkeeper-common is in test scope but still netty-common is > > > showing > > > > up > > > > > > as > > > > > > > compile dependency. > > > > > > > > > > > > > > > > > > > Is it possible that netty-common is a transitive dependency of > > > another > > > > > > dependency as well? Running dependency:tree does not show all > paths > > > to > > > > > each > > > > > > dependency. > > > > > > > > > > > > You can try running dependency:tree with the verbose flag to see > > more > > > > > > branches of the tree, although the documentation says it is not > > > > > guaranteed > > > > > > to work properly with Maven 3. > > > > > > > > > > > > > > > > > > > > > > > > > > > https://maven.apache.org/plugins/maven-dependency-plugin/tree-mojo.html#verbose > > > > > > > > > > > > You can also try removing the dependency on bookkeeper-common and > > > > running > > > > > > dependency:tree again to see if netty-common still shows up. > > > > > > > > > > > > -- > > > > > > Andy Feldman > > > > > > Wealthfront > > > > > > > > > > > >
[ANN] Maven Project Info Reports Plugin 3.1.0 released
The Apache Maven team is pleased to announce the release of the Maven Project Info Reports Plugin version 3.1.0. https://maven.apache.org/plugins/maven-project-info-reports-plugin/ You should specify the version in your project's plugin configuration: org.apache.maven.plugins maven-project-info-reports-plugin 3.1.0 Release Notes - Maven Project Info Reports Plugin - Version 3.1.0 ** Bug * [MPIR-373] - Upgrade from 2.9 to 3.0.0 introduces additional warning * [MPIR-374] - Unknown packaging: bundle when creating report * [MPIR-376] - LightweightHttpsWagon is always used * [MPIR-380] - Emails in developers section of pom are improperly handled * [MPIR-385] - Emails in mailing list section of pom are improperly handled * [MPIR-386] - Project building errors with plugins and central repository override ** New Feature * [MPIR-375] - add plugin excludes feature for plugin-management report ** Improvement * [MPIR-381] - Improve russian localization * [MPIR-384] - Use PatternExcludesArtifactFilter to exclude artifacts in PluginManagement * [MPIR-387] - make build Reproducible * [MPIR-390] - Verify build by Github action ** Dependency upgrade * [MPIR-388] - upgrade Doxia Sitetools to 1.9.2 to remove dependency on Struts * [MPIR-389] - Upgrade Doxia to 1.9.1 Enjoy, -The Apache Maven team - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
[ANN] Apache Maven Wagon 3.4.1 released
The Apache Maven team is pleased to announce the release of the Apache Maven Wagon, version 3.4.1. https://maven.apache.org/wagon/ Release Notes - Maven Wagon - Version 3.4.1 ** Bug * [WAGON-591] - Transfer event is not restarted when request is redirected * [WAGON-592] - Wagon fails when compiled on Java 9+ and run on Java 8 due to JDK API breakage * [WAGON-594] - http.route.default-proxy config property never passes protocol and port of proxy server ** Improvement * [WAGON-595] - Add configuration property 'http.protocol.handle-content-compression' * [WAGON-596] - Add configuration property 'http.protocol.handle-uri-normalization' ** Task * [WAGON-593] - Remove non-existent cache header Enjoy, -The Apache Maven team - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
Re: Maven brings “test” transitive dependency as “compile”
You can reproduce the issue in https://github.com/debraj-manna/dependency-issue In dependency tree of delete I am seeing dependency as below [INFO] \- org.apache.bookkeeper:bookkeeper-common:test-jar:tests:4.10.0:test [INFO]+- org.apache.bookkeeper.stats:bookkeeper-stats-api:jar:4.10.0:test [INFO]+- org.apache.bookkeeper:cpu-affinity:jar:4.10.0:test *[INFO]+- io.netty:netty-common:jar:4.1.32.Final:compile* [INFO]+- com.fasterxml.jackson.core:jackson-databind:jar:2.9.7:compile [INFO]+- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.7:compile [INFO]+- org.jctools:jctools-core:jar:2.1.2:test [INFO]+- org.slf4j:slf4j-api:jar:1.7.25:test [INFO]\- commons-configuration:commons-configuration:jar:1.10:test On Sun, May 24, 2020 at 2:47 AM Nick Stolwijk wrote: > The verbose flag was removed in newer versions of the plugin. You could try > an old pluginversion: > > mvn org.apache.maven.plugins:maven-dependency-plugin:2.10:tree -Dverbose > > With regards, > > Nick Stolwijk > > ~~~ Try to leave this world a little better than you found it and, when > your turn comes to die, you can die happy in feeling that at any rate you > have not wasted your time but have done your best ~~~ > > Lord Baden-Powell > > > On Sat, May 23, 2020 at 7:53 PM Debraj Manna > wrote: > > > Yes I saw the documentation. It is not behaving as expected. > > > > Can you let me know what is the alternative for maven dependency:tree > > -Dverbose ? If I get the verbose mode for dependency:tree then I think > > that will provide us more information. > > > > On Sat, May 23, 2020 at 6:09 PM Tomo Suzuki > > wrote: > > > > > Debraj, > > > > > > I couldn't reproduce the problem in my setting. Netty-common appears as > > > test scope. > > > https://gist.github.com/suztomo/69f854bddd102b3fe83eae8f0720c494 > > > > > > Would you be willing to create a minimum reproducible project? > > > Hopefully it builds only artifacts available on the public Internet (no > > > artifactory.arkin.local:8000). > > > > > > BTW, this is the documentation I think your Maven tree is not behaving > as > > > documented: > > > > > > > > > https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#dependency-scope > > > > > > > > > > > > > > > On Sat, May 23, 2020 at 12:40 AM Debraj Manna < > subharaj.ma...@gmail.com> > > > wrote: > > > > > > > Thanks Andy for replying. > > > > > > > > maven dependency:tree -Dverbose does not seem to work for me. It > gives > > me > > > > the below message > > > > > > > > ... > > > > [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ delete > > --- > > > > [INFO] Verbose not supported since maven-dependency-plugin 3.0 > > > > [INFO] com.vnera:delete:jar:0.001-SNAPSHOT > > > > ... > > > > > > > > If I just exclude netty-common from apache-bookkeeper then > netty-common > > > > 4.1.32 does not show up in the dependency tree. > > > > > > > > > > > > On Sat, May 23, 2020 at 3:57 AM Andy Feldman > > > > wrote: > > > > > > > > > On Fri, May 22, 2020 at 6:31 AM Debraj Manna < > > subharaj.ma...@gmail.com > > > > > > > > > wrote: > > > > > > > > > > > bookkeeper-common is in test scope but still netty-common is > > showing > > > up > > > > > as > > > > > > compile dependency. > > > > > > > > > > > > > > > > Is it possible that netty-common is a transitive dependency of > > another > > > > > dependency as well? Running dependency:tree does not show all paths > > to > > > > each > > > > > dependency. > > > > > > > > > > You can try running dependency:tree with the verbose flag to see > more > > > > > branches of the tree, although the documentation says it is not > > > > guaranteed > > > > > to work properly with Maven 3. > > > > > > > > > > > > > > > > > > > > https://maven.apache.org/plugins/maven-dependency-plugin/tree-mojo.html#verbose > > > > > > > > > > You can also try removing the dependency on bookkeeper-common and > > > running > > > > > dependency:tree again to see if netty-common still shows up. > > > > > > > > > > -- > > > > > Andy Feldman > > > > > Wealthfront > > > > > > > > > > > > > > > > > > -- > > > Regards, > > > Tomo > > > > > >
