[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-assembly-plugin]
dependabot[bot] opened a new pull request, #201: URL: https://github.com/apache/maven-assembly-plugin/pull/201 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-doxia-converter]
dependabot[bot] opened a new pull request, #66: URL: https://github.com/apache/maven-doxia-converter/pull/66 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-script-interpreter]
dependabot[bot] opened a new pull request, #118: URL: https://github.com/apache/maven-script-interpreter/pull/118 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-jlink-plugin]
dependabot[bot] opened a new pull request, #203: URL: https://github.com/apache/maven-jlink-plugin/pull/203 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-gpg-plugin]
dependabot[bot] opened a new pull request, #94: URL: https://github.com/apache/maven-gpg-plugin/pull/94 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-invoker-plugin]
dependabot[bot] opened a new pull request, #222: URL: https://github.com/apache/maven-invoker-plugin/pull/222 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven.shared:maven-script-interpreter from 1.4 to 1.5 [maven-invoker-plugin]
dependabot[bot] opened a new pull request, #221: URL: https://github.com/apache/maven-invoker-plugin/pull/221 Bumps [org.apache.maven.shared:maven-script-interpreter](https://github.com/apache/maven-script-interpreter) from 1.4 to 1.5. Release notes Sourced from https://github.com/apache/maven-script-interpreter/releases;>org.apache.maven.shared:maven-script-interpreter's releases. 1.5 New features and improvements https://issues.apache.org/jira/browse/MSHARED-1368;>[MSHARED-1368] - Synchronize interpreter execution (https://redirect.github.com/apache/maven-script-interpreter/pull/115;>#115) https://github.com/slawekjaranowski;>@slawekjaranowski https://issues.apache.org/jira/browse/MSHARED-1359;>[MSHARED-1359] - Use child first classloader in BeanShellScriptInterpreter (https://redirect.github.com/apache/maven-script-interpreter/pull/114;>#114) https://github.com/slawekjaranowski;>@slawekjaranowski https://issues.apache.org/jira/browse/MSHARED-1359;>[MSHARED-1359] - Optimize classloader in BeanShellScriptInterpreter (https://redirect.github.com/apache/maven-script-interpreter/pull/112;>#112) https://github.com/slawekjaranowski;>@slawekjaranowski https://issues.apache.org/jira/browse/MSHARED-1359;>[MSHARED-1359] - Allow reuse the same classloader for multiple script executions (https://redirect.github.com/apache/maven-script-interpreter/pull/109;>#109) https://github.com/slawekjaranowski;>@slawekjaranowski Dependency updates https://issues.apache.org/jira/browse/MSHARED-1370;>[MSHARED-1370] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (https://redirect.github.com/apache/maven-script-interpreter/pull/113;>#113) https://github.com/dependabot;>@dependabot Bump org.apache.groovy:groovy from 4.0.18 to 4.0.20 (https://redirect.github.com/apache/maven-script-interpreter/pull/108;>#108) https://github.com/dependabot;>@dependabot Bump apache/maven-gh-actions-shared from 3 to 4 (https://redirect.github.com/apache/maven-script-interpreter/pull/107;>#107) https://github.com/dependabot;>@dependabot Bump org.junit:junit-bom from 5.10.1 to 5.10.2 (https://redirect.github.com/apache/maven-script-interpreter/pull/105;>#105) https://github.com/dependabot;>@dependabot Bump org.apache.groovy:groovy from 4.0.17 to 4.0.18 (https://redirect.github.com/apache/maven-script-interpreter/pull/104;>#104) https://github.com/dependabot;>@dependabot Bump org.apache.groovy:groovy from 4.0.6 to 4.0.17 (https://redirect.github.com/apache/maven-script-interpreter/pull/102;>#102) https://github.com/dependabot;>@dependabot https://issues.apache.org/jira/browse/MSHARED-1350;>[MSHARED-1350] - Upgrade parent POM to version 41 (https://redirect.github.com/apache/maven-script-interpreter/pull/103;>#103) https://github.com/slachiewicz;>@slachiewicz Bump org.junit:junit-bom from 5.10.0 to 5.10.1 (https://redirect.github.com/apache/maven-script-interpreter/pull/99;>#99) https://github.com/dependabot;>@dependabot Bump org.junit:junit-bom from 5.9.2 to 5.10.0 (https://redirect.github.com/apache/maven-script-interpreter/pull/98;>#98) https://github.com/dependabot;>@dependabot Bump junit-bom from 5.9.1 to 5.9.2 (https://redirect.github.com/apache/maven-script-interpreter/pull/90;>#90) https://github.com/dependabot;>@dependabot Bump apache/maven-gh-actions-shared from 2 to 3 (https://redirect.github.com/apache/maven-script-interpreter/pull/93;>#93) https://github.com/dependabot;>@dependabot Maintenance https://issues.apache.org/jira/browse/MSHARED-1378;>[MSHARED-1378] - Cleanup of test code (https://redirect.github.com/apache/maven-script-interpreter/pull/117;>#117) https://github.com/slawekjaranowski;>@slawekjaranowski https://issues.apache.org/jira/browse/MSHARED-1371;>[MSHARED-1371] - Refresh download page (https://redirect.github.com/apache/maven-script-interpreter/pull/116;>#116) https://github.com/slawekjaranowski;>@slawekjaranowski Cleanups in dependabot configuration (https://redirect.github.com/apache/maven-script-interpreter/pull/111;>#111) https://github.com/slawekjaranowski;>@slawekjaranowski Use default configuration for Jenkins build (https://redirect.github.com/apache/maven-script-interpreter/pull/110;>#110) https://github.com/slawekjaranowski;>@slawekjaranowski https://issues.apache.org/jira/browse/MSHARED-1350;>[MSHARED-1350] - Upgrade parent POM to version 41 (https://redirect.github.com/apache/maven-script-interpreter/pull/103;>#103) https://github.com/slachiewicz;>@slachiewicz Bump org.junit:junit-bom from 5.9.2 to 5.10.0 (https://redirect.github.com/apache/maven-script-interpreter/pull/98;>#98) https://github.com/dependabot;>@dependabot Bump junit-bom from 5.9.1 to 5.9.2 (https://redirect.github.com/apache/maven-script-interpreter/pull/90;>#90) https://github.com/dependabot;>@dependabot Commits
[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-dependency-analyzer]
dependabot[bot] opened a new pull request, #114: URL: https://github.com/apache/maven-dependency-analyzer/pull/114 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-resources-plugin]
dependabot[bot] opened a new pull request, #70: URL: https://github.com/apache/maven-resources-plugin/pull/70 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-javadoc-plugin]
dependabot[bot] opened a new pull request, #276: URL: https://github.com/apache/maven-javadoc-plugin/pull/276 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump commons-io:commons-io from 2.13.0 to 2.16.0 [maven-file-management]
dependabot[bot] commented on PR #33: URL: https://github.com/apache/maven-file-management/pull/33#issuecomment-2044044982 Superseded by #34. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump commons-io:commons-io from 2.13.0 to 2.16.0 [maven-file-management]
dependabot[bot] closed pull request #33: Bump commons-io:commons-io from 2.13.0 to 2.16.0 URL: https://github.com/apache/maven-file-management/pull/33 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.13.0 to 2.16.1 [maven-file-management]
dependabot[bot] opened a new pull request, #34: URL: https://github.com/apache/maven-file-management/pull/34 Bumps commons-io:commons-io from 2.13.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.13.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-wrapper]
dependabot[bot] opened a new pull request, #124: URL: https://github.com/apache/maven-wrapper/pull/124 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump commons-io:commons-io from 2.13.0 to 2.16.0 [maven-war-plugin]
dependabot[bot] closed pull request #67: Bump commons-io:commons-io from 2.13.0 to 2.16.0 URL: https://github.com/apache/maven-war-plugin/pull/67 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump commons-io:commons-io from 2.13.0 to 2.16.0 [maven-war-plugin]
dependabot[bot] commented on PR #67: URL: https://github.com/apache/maven-war-plugin/pull/67#issuecomment-2043967502 Superseded by #70. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.13.0 to 2.16.1 [maven-war-plugin]
dependabot[bot] opened a new pull request, #70: URL: https://github.com/apache/maven-war-plugin/pull/70 Bumps commons-io:commons-io from 2.13.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.13.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-doxia-sitetools]
dependabot[bot] opened a new pull request, #146: URL: https://github.com/apache/maven-doxia-sitetools/pull/146 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump net.sourceforge.plantuml:plantuml from 1.2024.3 to 1.2024.4 [maven-site]
dependabot[bot] opened a new pull request, #507: URL: https://github.com/apache/maven-site/pull/507 Bumps [net.sourceforge.plantuml:plantuml](https://github.com/plantuml/plantuml) from 1.2024.3 to 1.2024.4. Commits https://github.com/plantuml/plantuml/commit/9432e0b1e5231e9843b846b83e00d623953cc2c1;>9432e0b chore: version 1.2024.4 https://github.com/plantuml/plantuml/commit/460d53f12b3eed00567b4dc55cd3bfb415b0bee1;>460d53f refactor: Replace computeIfAbsent with manual check for Java 1.7 compatibility https://github.com/plantuml/plantuml/commit/06d06e729b26cb6b83a6037d226f20c0a99813e7;>06d06e7 Merge pull request https://redirect.github.com/plantuml/plantuml/issues/1724;>#1724 from travkin79/patch/fix-NPE https://github.com/plantuml/plantuml/commit/8bc1c27c237b75f50e645c89426eca13acfe16ad;>8bc1c27 Merge pull request https://redirect.github.com/plantuml/plantuml/issues/1701;>#1701 from DaumAlexande/create_script_xmi https://github.com/plantuml/plantuml/commit/04eada12abd73d350e5d78bc0975644fe9e89d0d;>04eada1 refactor: Replaced stream usage with loops for Java 1.7 compatibility (!) https://github.com/plantuml/plantuml/commit/33e5903e8059468a0da2deffe3270198293cf853;>33e5903 Avoid NPE when a remote input stream cannot be read https://github.com/plantuml/plantuml/commit/7755ae5be4a38f1aaf98ff775ae7b46039fe367d;>7755ae5 Merge pull request https://redirect.github.com/plantuml/plantuml/issues/1720;>#1720 from diguage/select-line https://github.com/plantuml/plantuml/commit/3cc580ebd1f861b8e03621be250a43a48dc4ad94;>3cc580e Supports double-clicking to select all elements and links on a line https://github.com/plantuml/plantuml/commit/4afe3ef7fee65a6ce1445a8a5c40133da065a6e5;>4afe3ef Merge pull request https://redirect.github.com/plantuml/plantuml/issues/1718;>#1718 from Benjamin-Davies/cheneer https://github.com/plantuml/plantuml/commit/4b5bcd3bca2726ab8ded2f7ad1061d6cd489d4a0;>4b5bcd3 Fix compatibility with Java 8 Additional commits viewable in https://github.com/plantuml/plantuml/compare/v1.2024.3...v1.2024.4;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=net.sourceforge.plantuml:plantuml=maven=1.2024.3=1.2024.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (ARCHETYPE-626) mvn install deploy does not work with 3.2.1 but worked with 3.2.0
[ https://issues.apache.org/jira/browse/ARCHETYPE-626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835081#comment-17835081 ] ASF GitHub Bot commented on ARCHETYPE-626: -- hboutemy commented on PR #118: URL: https://github.com/apache/maven-archetype/pull/118#issuecomment-2043838878 test was useful when we were fighting a regression, without really knowing why with #188, it's not a regression but a change with a purpose in mind: I just did not expect this would solve also ARCHETYPE-626 :) > mvn install deploy does not work with 3.2.1 but worked with 3.2.0 > - > > Key: ARCHETYPE-626 > URL: https://issues.apache.org/jira/browse/ARCHETYPE-626 > Project: Maven Archetype > Issue Type: Bug > Components: Plugin >Affects Versions: 3.2.1 > Environment: * Linux machine (Kernel 3.10.0) > * OpenJDK 11.0.13.0.8-1.el7_9.x86_64 (11.0.1) > * Maven 3.8.4 (did also occur with 3.3.9) >Reporter: Jan Mosig >Priority: Major > Fix For: 3.3.0 > > Attachments: archetype-plugin-failed-build.txt, > archetype-plugin-successful-build.txt > > > Hi there, > I've got an archetype build that used to work fine with 3.2.0 but fails with > 3.2.1. > The problem with 3.2.1 is that all the files in > target/test-classes/projects/it-basic/project/basic-project do exist but are > all empty (0 bytes). > The build is run with {{mvn -U clean install deploy}}. If I run it with {{mvn > -U clean deploy}} it works. Although the install goal may be superfluous, I > guess there is something wrong there with version 3.2.1. > I attached the logs of a successful run and a failed one to this ticket. > You may find the failing project here (Branch archetype-plugin-321-bug): > https://github.com/itemis/fluffyj-archetype/tree/archetype-plugin-321-bug -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [ARCHETYPE-626] mvn install deploy does not work with 3.2.1 [maven-archetype]
hboutemy commented on PR #118: URL: https://github.com/apache/maven-archetype/pull/118#issuecomment-2043838878 test was useful when we were fighting a regression, without really knowing why with #188, it's not a regression but a change with a purpose in mind: I just did not expect this would solve also ARCHETYPE-626 :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-dependency-plugin]
dependabot[bot] opened a new pull request, #370: URL: https://github.com/apache/maven-dependency-plugin/pull/370 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MJAR-296) No way to suppress default excludes in maven-jar-plugin
[ https://issues.apache.org/jira/browse/MJAR-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835073#comment-17835073 ] ASF GitHub Bot commented on MJAR-296: - slawekjaranowski commented on PR #67: URL: https://github.com/apache/maven-jar-plugin/pull/67#issuecomment-2043758679 @redzi , @michael-o - fixed and tested - should be ok > No way to suppress default excludes in maven-jar-plugin > --- > > Key: MJAR-296 > URL: https://issues.apache.org/jira/browse/MJAR-296 > Project: Maven JAR Plugin > Issue Type: Improvement >Affects Versions: 3.3.0 >Reporter: G.Vaysman >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: 3.4.0 > > Attachments: jar-default-excludes.zip > > > With the default excludes being expanded further (see > org.codehaus.plexus.util.AbstractScanner.{*}_DEFAULTEXCLUDES_{*}), a resource > directory **/ChangeSet/** will never be included in the JAR artifact. > Some plugins (maven-resources-plugin, maven-assembly-plugin) already allow > suppressing the exclusion, but not the maven-jar-plugin. Code analysis of the > JarMojo -> DirectoryScanner call path confirms that there is no way to affect > the FileSet configuration. > Again, with ever expanding list of *_DEFAULTEXCLUDES,_* this, on our opinion, > is quite detrimental, and due to backward compatibility, changing > resource/package path (say, to ChangeSet2) is not an option. > I am attaching a very simple project that shows two things: > # The jar plugin skips adding the **/ChangeSet/** files > # The resources plugin is configured not to skip (addDefaultExcludes) and > behaves properly -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MJAR-306) Defined versions of plugins in LifecycleMapping should be up-to day
[ https://issues.apache.org/jira/browse/MJAR-306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835074#comment-17835074 ] ASF GitHub Bot commented on MJAR-306: - slawekjaranowski opened a new pull request, #82: URL: https://github.com/apache/maven-jar-plugin/pull/82 properties are defined in parent > Defined versions of plugins in LifecycleMapping should be up-to day > --- > > Key: MJAR-306 > URL: https://issues.apache.org/jira/browse/MJAR-306 > Project: Maven JAR Plugin > Issue Type: Dependency upgrade >Reporter: Slawomir Jaranowski >Priority: Major > > We add {{LifecycleMapping}} in MJAR-183 we should have up-to day plugins > versions -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MJAR-296] Allow including files excluded by default. [maven-jar-plugin]
slawekjaranowski commented on PR #67: URL: https://github.com/apache/maven-jar-plugin/pull/67#issuecomment-2043758679 @redzi , @michael-o - fixed and tested - should be ok -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MJAR-306) Defined versions of plugins in LifecycleMapping should be up-to day
[ https://issues.apache.org/jira/browse/MJAR-306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MJAR-306: - Summary: Defined versions of plugins in LifecycleMapping should be up-to day (was: Defined versions of plugin in LifecycleMapping should be up-to day) > Defined versions of plugins in LifecycleMapping should be up-to day > --- > > Key: MJAR-306 > URL: https://issues.apache.org/jira/browse/MJAR-306 > Project: Maven JAR Plugin > Issue Type: Dependency upgrade >Reporter: Slawomir Jaranowski >Priority: Major > > We add {{LifecycleMapping}} in MJAR-183 we should have up-to day plugins > versions -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MJAR-306) Defined versions of plugin in LifecycleMapping should be up-to day
[ https://issues.apache.org/jira/browse/MJAR-306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MJAR-306: - Description: We add {{LifecycleMapping}} in MJAR-183 we should have up-to day plugins versions (was: We add {{) > Defined versions of plugin in LifecycleMapping should be up-to day > -- > > Key: MJAR-306 > URL: https://issues.apache.org/jira/browse/MJAR-306 > Project: Maven JAR Plugin > Issue Type: Dependency upgrade >Reporter: Slawomir Jaranowski >Priority: Major > > We add {{LifecycleMapping}} in MJAR-183 we should have up-to day plugins > versions -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MJAR-306) Defined versions of plugin in LifecycleMapping should be up-to day
[ https://issues.apache.org/jira/browse/MJAR-306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MJAR-306: - Description: We add > Defined versions of plugin in LifecycleMapping should be up-to day > -- > > Key: MJAR-306 > URL: https://issues.apache.org/jira/browse/MJAR-306 > Project: Maven JAR Plugin > Issue Type: Dependency upgrade >Reporter: Slawomir Jaranowski >Priority: Major > > We add -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MJAR-306) Defined versions of plugin in LifecycleMapping should be up-to day
[ https://issues.apache.org/jira/browse/MJAR-306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MJAR-306: - Description: We add {{ (was: We add ) > Defined versions of plugin in LifecycleMapping should be up-to day > -- > > Key: MJAR-306 > URL: https://issues.apache.org/jira/browse/MJAR-306 > Project: Maven JAR Plugin > Issue Type: Dependency upgrade >Reporter: Slawomir Jaranowski >Priority: Major > > We add {{ -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MJAR-306) Defined versions of plugin in LifecycleMapping should be up-to day
[ https://issues.apache.org/jira/browse/MJAR-306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MJAR-306: - Summary: Defined versions of plugin in LifecycleMapping should be up-to day (was: Defined version of plugin in LifecycleMapping should be up-to day) > Defined versions of plugin in LifecycleMapping should be up-to day > -- > > Key: MJAR-306 > URL: https://issues.apache.org/jira/browse/MJAR-306 > Project: Maven JAR Plugin > Issue Type: Dependency upgrade >Reporter: Slawomir Jaranowski >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-scm-publish-plugin]
dependabot[bot] opened a new pull request, #34: URL: https://github.com/apache/maven-scm-publish-plugin/pull/34 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MJAR-306) Defined version of plugin in LifecycleMapping should be up-to day
Slawomir Jaranowski created MJAR-306: Summary: Defined version of plugin in LifecycleMapping should be up-to day Key: MJAR-306 URL: https://issues.apache.org/jira/browse/MJAR-306 Project: Maven JAR Plugin Issue Type: Dependency upgrade Reporter: Slawomir Jaranowski -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MJAR-265) Resources not copied
[ https://issues.apache.org/jira/browse/MJAR-265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835063#comment-17835063 ] Slawomir Jaranowski commented on MJAR-265: -- Will be resolved by MJAR-296 with new parameter {{addDefaultExcludes}} > Resources not copied > > > Key: MJAR-265 > URL: https://issues.apache.org/jira/browse/MJAR-265 > Project: Maven JAR Plugin > Issue Type: New Feature >Affects Versions: 3.1.2 > Environment: windows 7, Maven 3.3.9 Java version: 1.7.0_80 >Reporter: vincent c >Priority: Minor > Fix For: 3.4.0 > > Attachments: example.7z > > > I have a folder named *.metadata* that is in the target/classes folder. > But it is not copied to the jar archive. It looks like a default exclusion > filter is used. > It is working with version maven-jar-plugin:2.3 but version 2.4 and upper it > is not. > > The issue seams to be also discussed on > [stackoverflow|https://stackoverflow.com/questions/55514758/maven-jar-plugin-does-not-include-gitignore-file/55522970#55522970]. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MJAR-265) Resources not copied
[ https://issues.apache.org/jira/browse/MJAR-265?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MJAR-265: - Fix Version/s: 3.4.0 > Resources not copied > > > Key: MJAR-265 > URL: https://issues.apache.org/jira/browse/MJAR-265 > Project: Maven JAR Plugin > Issue Type: New Feature >Affects Versions: 3.1.2 > Environment: windows 7, Maven 3.3.9 Java version: 1.7.0_80 >Reporter: vincent c >Priority: Minor > Fix For: 3.4.0 > > Attachments: example.7z > > > I have a folder named *.metadata* that is in the target/classes folder. > But it is not copied to the jar archive. It looks like a default exclusion > filter is used. > It is working with version maven-jar-plugin:2.3 but version 2.4 and upper it > is not. > > The issue seams to be also discussed on > [stackoverflow|https://stackoverflow.com/questions/55514758/maven-jar-plugin-does-not-include-gitignore-file/55522970#55522970]. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Deleted] (MJAR-305) Refresh download page
[ https://issues.apache.org/jira/browse/MJAR-305?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski deleted MJAR-305: - > Refresh download page > - > > Key: MJAR-305 > URL: https://issues.apache.org/jira/browse/MJAR-305 > Project: Maven JAR Plugin > Issue Type: Task >Reporter: Slawomir Jaranowski >Assignee: Slawomir Jaranowski >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MJAR-305) Refresh download page
Slawomir Jaranowski created MJAR-305: Summary: Refresh download page Key: MJAR-305 URL: https://issues.apache.org/jira/browse/MJAR-305 Project: Maven JAR Plugin Issue Type: Task Reporter: Slawomir Jaranowski Assignee: Slawomir Jaranowski Fix For: 3.4.0 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MJAR-296) No way to suppress default excludes in maven-jar-plugin
[ https://issues.apache.org/jira/browse/MJAR-296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MJAR-296: - Fix Version/s: 3.4.0 > No way to suppress default excludes in maven-jar-plugin > --- > > Key: MJAR-296 > URL: https://issues.apache.org/jira/browse/MJAR-296 > Project: Maven JAR Plugin > Issue Type: Improvement >Affects Versions: 3.3.0 >Reporter: G.Vaysman >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: 3.4.0 > > Attachments: jar-default-excludes.zip > > > With the default excludes being expanded further (see > org.codehaus.plexus.util.AbstractScanner.{*}_DEFAULTEXCLUDES_{*}), a resource > directory **/ChangeSet/** will never be included in the JAR artifact. > Some plugins (maven-resources-plugin, maven-assembly-plugin) already allow > suppressing the exclusion, but not the maven-jar-plugin. Code analysis of the > JarMojo -> DirectoryScanner call path confirms that there is no way to affect > the FileSet configuration. > Again, with ever expanding list of *_DEFAULTEXCLUDES,_* this, on our opinion, > is quite detrimental, and due to backward compatibility, changing > resource/package path (say, to ChangeSet2) is not an option. > I am attaching a very simple project that shows two things: > # The jar plugin skips adding the **/ChangeSet/** files > # The resources plugin is configured not to skip (addDefaultExcludes) and > behaves properly -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (MJAR-296) No way to suppress default excludes in maven-jar-plugin
[ https://issues.apache.org/jira/browse/MJAR-296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski reassigned MJAR-296: Assignee: Slawomir Jaranowski > No way to suppress default excludes in maven-jar-plugin > --- > > Key: MJAR-296 > URL: https://issues.apache.org/jira/browse/MJAR-296 > Project: Maven JAR Plugin > Issue Type: Improvement >Affects Versions: 3.3.0 >Reporter: G.Vaysman >Assignee: Slawomir Jaranowski >Priority: Major > Attachments: jar-default-excludes.zip > > > With the default excludes being expanded further (see > org.codehaus.plexus.util.AbstractScanner.{*}_DEFAULTEXCLUDES_{*}), a resource > directory **/ChangeSet/** will never be included in the JAR artifact. > Some plugins (maven-resources-plugin, maven-assembly-plugin) already allow > suppressing the exclusion, but not the maven-jar-plugin. Code analysis of the > JarMojo -> DirectoryScanner call path confirms that there is no way to affect > the FileSet configuration. > Again, with ever expanding list of *_DEFAULTEXCLUDES,_* this, on our opinion, > is quite detrimental, and due to backward compatibility, changing > resource/package path (say, to ChangeSet2) is not an option. > I am attaching a very simple project that shows two things: > # The jar plugin skips adding the **/ChangeSet/** files > # The resources plugin is configured not to skip (addDefaultExcludes) and > behaves properly -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (SCM-939) Assume SCM is present
[ https://issues.apache.org/jira/browse/SCM-939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov reassigned SCM-939: -- Assignee: Michael Osipov > Assume SCM is present > - > > Key: SCM-939 > URL: https://issues.apache.org/jira/browse/SCM-939 > Project: Maven SCM > Issue Type: Bug >Reporter: Elliotte Rusty Harold >Assignee: Michael Osipov >Priority: Minor > > We have a lot of tests that do something like this: > > if ( !ScmTestCase.isSystemCmd( SvnScmTestUtils.SVN_COMMAND_LINE ) ) > { > ScmTestCase.printSystemCmdUnavail( SvnScmTestUtils.SVN_COMMAND_LINE, > getName() ); > return; > } > > We should instead use org.*junit*.*Assume* here so these are marked as > skipped rather than passed. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (SCM-939) Assume SCM is present
[ https://issues.apache.org/jira/browse/SCM-939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov updated SCM-939: --- Fix Version/s: 2.1.0 > Assume SCM is present > - > > Key: SCM-939 > URL: https://issues.apache.org/jira/browse/SCM-939 > Project: Maven SCM > Issue Type: Bug >Reporter: Elliotte Rusty Harold >Assignee: Michael Osipov >Priority: Minor > Fix For: 2.1.0 > > > We have a lot of tests that do something like this: > > if ( !ScmTestCase.isSystemCmd( SvnScmTestUtils.SVN_COMMAND_LINE ) ) > { > ScmTestCase.printSystemCmdUnavail( SvnScmTestUtils.SVN_COMMAND_LINE, > getName() ); > return; > } > > We should instead use org.*junit*.*Assume* here so these are marked as > skipped rather than passed. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MJAR-296) No way to suppress default excludes in maven-jar-plugin
[ https://issues.apache.org/jira/browse/MJAR-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835031#comment-17835031 ] ASF GitHub Bot commented on MJAR-296: - slawekjaranowski commented on code in PR #67: URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1556394300 ## src/it/MJAR-296/src/main/resources/.gitignore: ## Review Comment: `.gitignore` is not excluded by default: https://github.com/codehaus-plexus/plexus-utils/blob/master/src/main/java/org/codehaus/plexus/util/AbstractScanner.java > No way to suppress default excludes in maven-jar-plugin > --- > > Key: MJAR-296 > URL: https://issues.apache.org/jira/browse/MJAR-296 > Project: Maven JAR Plugin > Issue Type: Improvement >Affects Versions: 3.3.0 >Reporter: G.Vaysman >Priority: Major > Attachments: jar-default-excludes.zip > > > With the default excludes being expanded further (see > org.codehaus.plexus.util.AbstractScanner.{*}_DEFAULTEXCLUDES_{*}), a resource > directory **/ChangeSet/** will never be included in the JAR artifact. > Some plugins (maven-resources-plugin, maven-assembly-plugin) already allow > suppressing the exclusion, but not the maven-jar-plugin. Code analysis of the > JarMojo -> DirectoryScanner call path confirms that there is no way to affect > the FileSet configuration. > Again, with ever expanding list of *_DEFAULTEXCLUDES,_* this, on our opinion, > is quite detrimental, and due to backward compatibility, changing > resource/package path (say, to ChangeSet2) is not an option. > I am attaching a very simple project that shows two things: > # The jar plugin skips adding the **/ChangeSet/** files > # The resources plugin is configured not to skip (addDefaultExcludes) and > behaves properly -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MJAR-296) No way to suppress default excludes in maven-jar-plugin
[ https://issues.apache.org/jira/browse/MJAR-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835032#comment-17835032 ] ASF GitHub Bot commented on MJAR-296: - slawekjaranowski commented on code in PR #67: URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1556394734 ## src/it/MJAR-296/pom.xml: ## @@ -0,0 +1,49 @@ + + +http://maven.apache.org/POM/4.0.0; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd;> + 4.0.0 + + org.apache.maven.plugins + mjar-296-suppress-default-excludes + mjar-296-suppress-default-excludes + Verifies that the resulting jar includes files excluded by default + jar + 1.0-SNAPSHOT + + +UTF-8 + 2023-11-19T13:25:58Z + + + + + +org.apache.maven.plugins +maven-jar-plugin +@project.version@ + + false Review Comment: we also need a test with true value > No way to suppress default excludes in maven-jar-plugin > --- > > Key: MJAR-296 > URL: https://issues.apache.org/jira/browse/MJAR-296 > Project: Maven JAR Plugin > Issue Type: Improvement >Affects Versions: 3.3.0 >Reporter: G.Vaysman >Priority: Major > Attachments: jar-default-excludes.zip > > > With the default excludes being expanded further (see > org.codehaus.plexus.util.AbstractScanner.{*}_DEFAULTEXCLUDES_{*}), a resource > directory **/ChangeSet/** will never be included in the JAR artifact. > Some plugins (maven-resources-plugin, maven-assembly-plugin) already allow > suppressing the exclusion, but not the maven-jar-plugin. Code analysis of the > JarMojo -> DirectoryScanner call path confirms that there is no way to affect > the FileSet configuration. > Again, with ever expanding list of *_DEFAULTEXCLUDES,_* this, on our opinion, > is quite detrimental, and due to backward compatibility, changing > resource/package path (say, to ChangeSet2) is not an option. > I am attaching a very simple project that shows two things: > # The jar plugin skips adding the **/ChangeSet/** files > # The resources plugin is configured not to skip (addDefaultExcludes) and > behaves properly -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MJAR-296] Allow including files excluded by default. [maven-jar-plugin]
slawekjaranowski commented on code in PR #67: URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1556394734 ## src/it/MJAR-296/pom.xml: ## @@ -0,0 +1,49 @@ + + +http://maven.apache.org/POM/4.0.0; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd;> + 4.0.0 + + org.apache.maven.plugins + mjar-296-suppress-default-excludes + mjar-296-suppress-default-excludes + Verifies that the resulting jar includes files excluded by default + jar + 1.0-SNAPSHOT + + +UTF-8 + 2023-11-19T13:25:58Z + + + + + +org.apache.maven.plugins +maven-jar-plugin +@project.version@ + + false Review Comment: we also need a test with true value -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MJAR-296] Allow including files excluded by default. [maven-jar-plugin]
slawekjaranowski commented on code in PR #67: URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1556394300 ## src/it/MJAR-296/src/main/resources/.gitignore: ## Review Comment: `.gitignore` is not excluded by default: https://github.com/codehaus-plexus/plexus-utils/blob/master/src/main/java/org/codehaus/plexus/util/AbstractScanner.java -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MPMD-379) Upgrade to use PMD 7.0.0 by default
[ https://issues.apache.org/jira/browse/MPMD-379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835025#comment-17835025 ] ASF GitHub Bot commented on MPMD-379: - michael-o commented on code in PR #144: URL: https://github.com/apache/maven-pmd-plugin/pull/144#discussion_r1556376942 ## src/it/MPMD-379-JDK21/invoker.properties: ## @@ -0,0 +1,28 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +invoker.java.version = 1.8+ + +# available toolchains under linux: +# https://github.com/apache/infrastructure-p6/blob/production/modules/build_nodes/files/toolchains.xml + +# the jdk toolchain "21:openjdk" is selected in pom.xml +invoker.toolchain.jdk.version = 21 +invoker.toolchain.jdk.vendor = openjdk Review Comment: Then there is no need to restrict the vendor if any vendor will do. I guess a lot of people will also use Zulu which will not run here. ## src/main/java/org/apache/maven/plugins/pmd/PmdReport.java: ## @@ -63,16 +63,19 @@ @Mojo(name = "pmd", threadSafe = true, requiresDependencyResolution = ResolutionScope.TEST) public class PmdReport extends AbstractPmdReport { /** - * The target JDK to analyze based on. Should match the source used in the compiler plugin. Valid values - * with the default PMD version are + * The target JDK to analyze based on. Should match the source used in the compiler plugin. + * Valid values depend on the used PMD version. With the default PMD version valid values are * currently 1.3, 1.4, 1.5, 1.6, 1.7, * 1.8, 9, 10, 11, 12, 13, * 14, 15, 16, 17, 18, 19, - * and 20. + * 20, 21, and 22. Review Comment: Let's do so. > Upgrade to use PMD 7.0.0 by default > --- > > Key: MPMD-379 > URL: https://issues.apache.org/jira/browse/MPMD-379 > Project: Maven PMD Plugin > Issue Type: Improvement > Components: CPD, PMD >Reporter: Andreas Dangel >Assignee: Andreas Dangel >Priority: Major > Fix For: next-release > > > Add support for the new major version of PMD. > This gives support for analyzing Java 21 code. > The upgrade from PMD 6 to PMD 7 is a major upgrade, that might impact > end-users, if they use custom rulesets (see > [https://maven.apache.org/plugins/maven-pmd-plugin/examples/usingRuleSets.html]) > or if they override the dependencies to upgrade PMD at runtime and currently > use PMD 6.x (see > [https://maven.apache.org/plugins/maven-pmd-plugin/examples/upgrading-PMD-at-runtime.html]). > > Most likely, end-users have to review their rulesets and migrate them to PMD > 7. Rules might have been renamed or replaced. See > [https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html] and > [https://docs.pmd-code.org/latest/pmd_userdocs_migrating_to_pmd7.html] . > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MPMD-379] PMD 7.0.0 support [maven-pmd-plugin]
michael-o commented on code in PR #144: URL: https://github.com/apache/maven-pmd-plugin/pull/144#discussion_r1556376942 ## src/it/MPMD-379-JDK21/invoker.properties: ## @@ -0,0 +1,28 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +invoker.java.version = 1.8+ + +# available toolchains under linux: +# https://github.com/apache/infrastructure-p6/blob/production/modules/build_nodes/files/toolchains.xml + +# the jdk toolchain "21:openjdk" is selected in pom.xml +invoker.toolchain.jdk.version = 21 +invoker.toolchain.jdk.vendor = openjdk Review Comment: Then there is no need to restrict the vendor if any vendor will do. I guess a lot of people will also use Zulu which will not run here. ## src/main/java/org/apache/maven/plugins/pmd/PmdReport.java: ## @@ -63,16 +63,19 @@ @Mojo(name = "pmd", threadSafe = true, requiresDependencyResolution = ResolutionScope.TEST) public class PmdReport extends AbstractPmdReport { /** - * The target JDK to analyze based on. Should match the source used in the compiler plugin. Valid values - * with the default PMD version are + * The target JDK to analyze based on. Should match the source used in the compiler plugin. + * Valid values depend on the used PMD version. With the default PMD version valid values are * currently 1.3, 1.4, 1.5, 1.6, 1.7, * 1.8, 9, 10, 11, 12, 13, * 14, 15, 16, 17, 18, 19, - * and 20. + * 20, 21, and 22. Review Comment: Let's do so. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-surefire]
dependabot[bot] opened a new pull request, #731: URL: https://github.com/apache/maven-surefire/pull/731 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-shared-utils]
dependabot[bot] opened a new pull request, #176: URL: https://github.com/apache/maven-shared-utils/pull/176 Bumps commons-io:commons-io from 2.16.0 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MPMD-379) Upgrade to use PMD 7.0.0 by default
[ https://issues.apache.org/jira/browse/MPMD-379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835013#comment-17835013 ] ASF GitHub Bot commented on MPMD-379: - adangel commented on code in PR #144: URL: https://github.com/apache/maven-pmd-plugin/pull/144#discussion_r1556244511 ## src/it/MPMD-379-JDK21/invoker.properties: ## @@ -0,0 +1,28 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +invoker.java.version = 1.8+ + +# available toolchains under linux: +# https://github.com/apache/infrastructure-p6/blob/production/modules/build_nodes/files/toolchains.xml + +# the jdk toolchain "21:openjdk" is selected in pom.xml +invoker.toolchain.jdk.version = 21 +invoker.toolchain.jdk.vendor = openjdk Review Comment: This is more like a smoke test (small project for java 21 that is compiled and analyzed), so any vendor will do, as long it is java 21. It's not testing compatibility with a specific vendor, but just compatibility with java 21. OpenJDK seems to be the tool chain, that is available on apache's jenkins instance. > Upgrade to use PMD 7.0.0 by default > --- > > Key: MPMD-379 > URL: https://issues.apache.org/jira/browse/MPMD-379 > Project: Maven PMD Plugin > Issue Type: Improvement > Components: CPD, PMD >Reporter: Andreas Dangel >Assignee: Andreas Dangel >Priority: Major > Fix For: next-release > > > Add support for the new major version of PMD. > This gives support for analyzing Java 21 code. > The upgrade from PMD 6 to PMD 7 is a major upgrade, that might impact > end-users, if they use custom rulesets (see > [https://maven.apache.org/plugins/maven-pmd-plugin/examples/usingRuleSets.html]) > or if they override the dependencies to upgrade PMD at runtime and currently > use PMD 6.x (see > [https://maven.apache.org/plugins/maven-pmd-plugin/examples/upgrading-PMD-at-runtime.html]). > > Most likely, end-users have to review their rulesets and migrate them to PMD > 7. Rules might have been renamed or replaced. See > [https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html] and > [https://docs.pmd-code.org/latest/pmd_userdocs_migrating_to_pmd7.html] . > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MPMD-379] PMD 7.0.0 support [maven-pmd-plugin]
adangel commented on code in PR #144: URL: https://github.com/apache/maven-pmd-plugin/pull/144#discussion_r1556244511 ## src/it/MPMD-379-JDK21/invoker.properties: ## @@ -0,0 +1,28 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +invoker.java.version = 1.8+ + +# available toolchains under linux: +# https://github.com/apache/infrastructure-p6/blob/production/modules/build_nodes/files/toolchains.xml + +# the jdk toolchain "21:openjdk" is selected in pom.xml +invoker.toolchain.jdk.version = 21 +invoker.toolchain.jdk.vendor = openjdk Review Comment: This is more like a smoke test (small project for java 21 that is compiled and analyzed), so any vendor will do, as long it is java 21. It's not testing compatibility with a specific vendor, but just compatibility with java 21. OpenJDK seems to be the tool chain, that is available on apache's jenkins instance. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MPMD-379) Upgrade to use PMD 7.0.0 by default
[ https://issues.apache.org/jira/browse/MPMD-379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835012#comment-17835012 ] ASF GitHub Bot commented on MPMD-379: - adangel commented on code in PR #144: URL: https://github.com/apache/maven-pmd-plugin/pull/144#discussion_r1556242531 ## src/main/java/org/apache/maven/plugins/pmd/PmdReport.java: ## @@ -63,16 +63,19 @@ @Mojo(name = "pmd", threadSafe = true, requiresDependencyResolution = ResolutionScope.TEST) public class PmdReport extends AbstractPmdReport { /** - * The target JDK to analyze based on. Should match the source used in the compiler plugin. Valid values - * with the default PMD version are + * The target JDK to analyze based on. Should match the source used in the compiler plugin. + * Valid values depend on the used PMD version. With the default PMD version valid values are * currently 1.3, 1.4, 1.5, 1.6, 1.7, * 1.8, 9, 10, 11, 12, 13, * 14, 15, 16, 17, 18, 19, - * and 20. + * 20, 21, and 22. Review Comment: Yes, they are still supported. But true, it's questionable, how useful these are. We could thin out the list and keep only 8, 11, 17, 21 and refer to https://docs.pmd-code.org/latest/pmd_languages_java.html for the full list. > Upgrade to use PMD 7.0.0 by default > --- > > Key: MPMD-379 > URL: https://issues.apache.org/jira/browse/MPMD-379 > Project: Maven PMD Plugin > Issue Type: Improvement > Components: CPD, PMD >Reporter: Andreas Dangel >Assignee: Andreas Dangel >Priority: Major > Fix For: next-release > > > Add support for the new major version of PMD. > This gives support for analyzing Java 21 code. > The upgrade from PMD 6 to PMD 7 is a major upgrade, that might impact > end-users, if they use custom rulesets (see > [https://maven.apache.org/plugins/maven-pmd-plugin/examples/usingRuleSets.html]) > or if they override the dependencies to upgrade PMD at runtime and currently > use PMD 6.x (see > [https://maven.apache.org/plugins/maven-pmd-plugin/examples/upgrading-PMD-at-runtime.html]). > > Most likely, end-users have to review their rulesets and migrate them to PMD > 7. Rules might have been renamed or replaced. See > [https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html] and > [https://docs.pmd-code.org/latest/pmd_userdocs_migrating_to_pmd7.html] . > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MPMD-379] PMD 7.0.0 support [maven-pmd-plugin]
adangel commented on code in PR #144: URL: https://github.com/apache/maven-pmd-plugin/pull/144#discussion_r1556242531 ## src/main/java/org/apache/maven/plugins/pmd/PmdReport.java: ## @@ -63,16 +63,19 @@ @Mojo(name = "pmd", threadSafe = true, requiresDependencyResolution = ResolutionScope.TEST) public class PmdReport extends AbstractPmdReport { /** - * The target JDK to analyze based on. Should match the source used in the compiler plugin. Valid values - * with the default PMD version are + * The target JDK to analyze based on. Should match the source used in the compiler plugin. + * Valid values depend on the used PMD version. With the default PMD version valid values are * currently 1.3, 1.4, 1.5, 1.6, 1.7, * 1.8, 9, 10, 11, 12, 13, * 14, 15, 16, 17, 18, 19, - * and 20. + * 20, 21, and 22. Review Comment: Yes, they are still supported. But true, it's questionable, how useful these are. We could thin out the list and keep only 8, 11, 17, 21 and refer to https://docs.pmd-code.org/latest/pmd_languages_java.html for the full list. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-io:commons-io from 2.15.1 to 2.16.1 [maven-filtering]
dependabot[bot] opened a new pull request, #101: URL: https://github.com/apache/maven-filtering/pull/101 Bumps commons-io:commons-io from 2.15.1 to 2.16.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.15.1=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SCM-939) Assume SCM is present
[ https://issues.apache.org/jira/browse/SCM-939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17834922#comment-17834922 ] ASF GitHub Bot commented on SCM-939: michael-o commented on PR #150: URL: https://github.com/apache/maven-scm/pull/150#issuecomment-2042791182 > > @nielsbasjes I did a few updates... > > Yes of course. Please change/copy/do what you think is best with my partial contribution. Feel free to take it over completely because I do not have enough understanding of several key components to finish it. For me, this looks decent now, but I want to make a few more checks. @kwin Do you want to review? > Assume SCM is present > - > > Key: SCM-939 > URL: https://issues.apache.org/jira/browse/SCM-939 > Project: Maven SCM > Issue Type: Bug >Reporter: Elliotte Rusty Harold >Priority: Minor > > We have a lot of tests that do something like this: > > if ( !ScmTestCase.isSystemCmd( SvnScmTestUtils.SVN_COMMAND_LINE ) ) > { > ScmTestCase.printSystemCmdUnavail( SvnScmTestUtils.SVN_COMMAND_LINE, > getName() ); > return; > } > > We should instead use org.*junit*.*Assume* here so these are marked as > skipped rather than passed. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SCM-939) Assume SCM is present
[ https://issues.apache.org/jira/browse/SCM-939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17834919#comment-17834919 ] ASF GitHub Bot commented on SCM-939: nielsbasjes commented on PR #150: URL: https://github.com/apache/maven-scm/pull/150#issuecomment-2042770331 > @nielsbasjes I did a few updates... Yes of course. Please change/copy/do what you think is best with my partial contribution. Feel free to take it over completely because I do not have enough understanding of several key components to finish it. > Assume SCM is present > - > > Key: SCM-939 > URL: https://issues.apache.org/jira/browse/SCM-939 > Project: Maven SCM > Issue Type: Bug >Reporter: Elliotte Rusty Harold >Priority: Minor > > We have a lot of tests that do something like this: > > if ( !ScmTestCase.isSystemCmd( SvnScmTestUtils.SVN_COMMAND_LINE ) ) > { > ScmTestCase.printSystemCmdUnavail( SvnScmTestUtils.SVN_COMMAND_LINE, > getName() ); > return; > } > > We should instead use org.*junit*.*Assume* here so these are marked as > skipped rather than passed. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Update artifact-handlers.apt [maven]
kwin commented on PR #1466: URL: https://github.com/apache/maven/pull/1466#issuecomment-2042676447 Well for me extension is mostly connected to files used outside a repo -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [SCM-939] Towards JUnit4 ... DRAFT !! [maven-scm]
michael-o commented on PR #150: URL: https://github.com/apache/maven-scm/pull/150#issuecomment-2042610728 @nielsbasjes I did a few updates... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SCM-939) Assume SCM is present
[ https://issues.apache.org/jira/browse/SCM-939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17834906#comment-17834906 ] ASF GitHub Bot commented on SCM-939: michael-o commented on PR #150: URL: https://github.com/apache/maven-scm/pull/150#issuecomment-2042610728 @nielsbasjes I did a few updates... > Assume SCM is present > - > > Key: SCM-939 > URL: https://issues.apache.org/jira/browse/SCM-939 > Project: Maven SCM > Issue Type: Bug >Reporter: Elliotte Rusty Harold >Priority: Minor > > We have a lot of tests that do something like this: > > if ( !ScmTestCase.isSystemCmd( SvnScmTestUtils.SVN_COMMAND_LINE ) ) > { > ScmTestCase.printSystemCmdUnavail( SvnScmTestUtils.SVN_COMMAND_LINE, > getName() ); > return; > } > > We should instead use org.*junit*.*Assume* here so these are marked as > skipped rather than passed. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Update artifact-handlers.apt [maven]
cstamas commented on PR #1466: URL: https://github.com/apache/maven/pull/1466#issuecomment-2042536236 Am unsure is it meaningful at all to speak about artifacts "outside of repository"... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump jgitVersion from 5.13.2.202306221912-r to 5.13.3.202401111512-r [maven-scm]
michael-o commented on PR #201: URL: https://github.com/apache/maven-scm/pull/201#issuecomment-2042519825 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (SCM-1022) jgit push failure is not failing the build
[ https://issues.apache.org/jira/browse/SCM-1022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov closed SCM-1022. --- Resolution: Fixed Fixed with [d77b92ef8b3baa0e9ae3c60d25ee526291faa3c6|https://gitbox.apache.org/repos/asf?p=maven-scm.git=commit=d77b92ef8b3baa0e9ae3c60d25ee526291faa3c6]. > jgit push failure is not failing the build > -- > > Key: SCM-1022 > URL: https://issues.apache.org/jira/browse/SCM-1022 > Project: Maven SCM > Issue Type: Bug > Components: maven-scm-provider-jgit >Affects Versions: 2.0.1 >Reporter: Mattias Andersson >Assignee: Michael Osipov >Priority: Major > Fix For: 2.1.0 > > > If the push command fails, the maven build does not fail. This means binaries > are deployed, but the remote repo is not updated. The issue seems related to > SCM-854. > We use Gerrit and have the merge strategy set to "fast forward only". If > someone pushes a commit during the release job, only an INFO message is > logged, but the maven build is successful. > The same use case with the maven-scm-provider-gitexe (the default) fails the > build as expected (git push returns a non-zero exit code) > {code:java} > 10:28:03 [INFO] commit done: [maven-release-plugin] prepare release 2.15.0 > 10:28:03 [INFO] push changes to remote... refs/heads/master:refs/heads/master > 10:28:03 [INFO] fetch url: ssh://xxx@xxx > 10:28:03 [INFO] push url: ssh://xxx@xxx > 10:28:03 [INFO] getOrCreateProvider(EdDSA) created instance of > net.i2p.crypto.eddsa.EdDSASecurityProvider > 10:28:03 [INFO] No detected/configured IoServiceFactoryFactory using > Nio2ServiceFactoryFactory > 10:28:04 [INFO] REJECTED_NONFASTFORWARD - > RemoteRefUpdate[remoteName=refs/heads/master, REJECTED_NONFASTFORWARD, > 1eee06203068576ddcaae4eefe0ea15a52fb49ba...3102c82c6b62d4e86c75194569c2574ac722b6dd, > srcRef=refs/heads/master, message=null] > 10:28:04 [INFO] 12/17 prepare:scm-tag > 10:28:04 [INFO] Tagging release with the label 2.15.0... > 10:28:04 [INFO] push tag [2.15.0] to remote... > 10:28:04 [INFO] fetch url: ssh://xxx@xxx > 10:28:04 [INFO] push url: ssh://xxx@xxx > 10:28:05 [INFO] OK - RemoteRefUpdate[remoteName=refs/tags/2.15.0, OK, > ...968d97de8331ce19d43c719e870890def5ee65d9, > fastForward, srcRef=refs/tags/2.15.0, message=null]{code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SCM-1022) jgit push failure is not failing the build
[ https://issues.apache.org/jira/browse/SCM-1022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17834886#comment-17834886 ] ASF GitHub Bot commented on SCM-1022: - michael-o closed pull request #203: [SCM-1022] - jgit push failure is not failing the build URL: https://github.com/apache/maven-scm/pull/203 > jgit push failure is not failing the build > -- > > Key: SCM-1022 > URL: https://issues.apache.org/jira/browse/SCM-1022 > Project: Maven SCM > Issue Type: Bug > Components: maven-scm-provider-jgit >Affects Versions: 2.0.1 >Reporter: Mattias Andersson >Assignee: Michael Osipov >Priority: Major > Fix For: 2.1.0 > > > If the push command fails, the maven build does not fail. This means binaries > are deployed, but the remote repo is not updated. The issue seems related to > SCM-854. > We use Gerrit and have the merge strategy set to "fast forward only". If > someone pushes a commit during the release job, only an INFO message is > logged, but the maven build is successful. > The same use case with the maven-scm-provider-gitexe (the default) fails the > build as expected (git push returns a non-zero exit code) > {code:java} > 10:28:03 [INFO] commit done: [maven-release-plugin] prepare release 2.15.0 > 10:28:03 [INFO] push changes to remote... refs/heads/master:refs/heads/master > 10:28:03 [INFO] fetch url: ssh://xxx@xxx > 10:28:03 [INFO] push url: ssh://xxx@xxx > 10:28:03 [INFO] getOrCreateProvider(EdDSA) created instance of > net.i2p.crypto.eddsa.EdDSASecurityProvider > 10:28:03 [INFO] No detected/configured IoServiceFactoryFactory using > Nio2ServiceFactoryFactory > 10:28:04 [INFO] REJECTED_NONFASTFORWARD - > RemoteRefUpdate[remoteName=refs/heads/master, REJECTED_NONFASTFORWARD, > 1eee06203068576ddcaae4eefe0ea15a52fb49ba...3102c82c6b62d4e86c75194569c2574ac722b6dd, > srcRef=refs/heads/master, message=null] > 10:28:04 [INFO] 12/17 prepare:scm-tag > 10:28:04 [INFO] Tagging release with the label 2.15.0... > 10:28:04 [INFO] push tag [2.15.0] to remote... > 10:28:04 [INFO] fetch url: ssh://xxx@xxx > 10:28:04 [INFO] push url: ssh://xxx@xxx > 10:28:05 [INFO] OK - RemoteRefUpdate[remoteName=refs/tags/2.15.0, OK, > ...968d97de8331ce19d43c719e870890def5ee65d9, > fastForward, srcRef=refs/tags/2.15.0, message=null]{code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [SCM-1022] - jgit push failure is not failing the build [maven-scm]
michael-o closed pull request #203: [SCM-1022] - jgit push failure is not failing the build URL: https://github.com/apache/maven-scm/pull/203 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SCM-1022) jgit push failure is not failing the build
[ https://issues.apache.org/jira/browse/SCM-1022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17834878#comment-17834878 ] ASF GitHub Bot commented on SCM-1022: - michael-o commented on PR #203: URL: https://github.com/apache/maven-scm/pull/203#issuecomment-2042404769 Let me run this again > jgit push failure is not failing the build > -- > > Key: SCM-1022 > URL: https://issues.apache.org/jira/browse/SCM-1022 > Project: Maven SCM > Issue Type: Bug > Components: maven-scm-provider-jgit >Affects Versions: 2.0.1 >Reporter: Mattias Andersson >Assignee: Michael Osipov >Priority: Major > Fix For: 2.1.0 > > > If the push command fails, the maven build does not fail. This means binaries > are deployed, but the remote repo is not updated. The issue seems related to > SCM-854. > We use Gerrit and have the merge strategy set to "fast forward only". If > someone pushes a commit during the release job, only an INFO message is > logged, but the maven build is successful. > The same use case with the maven-scm-provider-gitexe (the default) fails the > build as expected (git push returns a non-zero exit code) > {code:java} > 10:28:03 [INFO] commit done: [maven-release-plugin] prepare release 2.15.0 > 10:28:03 [INFO] push changes to remote... refs/heads/master:refs/heads/master > 10:28:03 [INFO] fetch url: ssh://xxx@xxx > 10:28:03 [INFO] push url: ssh://xxx@xxx > 10:28:03 [INFO] getOrCreateProvider(EdDSA) created instance of > net.i2p.crypto.eddsa.EdDSASecurityProvider > 10:28:03 [INFO] No detected/configured IoServiceFactoryFactory using > Nio2ServiceFactoryFactory > 10:28:04 [INFO] REJECTED_NONFASTFORWARD - > RemoteRefUpdate[remoteName=refs/heads/master, REJECTED_NONFASTFORWARD, > 1eee06203068576ddcaae4eefe0ea15a52fb49ba...3102c82c6b62d4e86c75194569c2574ac722b6dd, > srcRef=refs/heads/master, message=null] > 10:28:04 [INFO] 12/17 prepare:scm-tag > 10:28:04 [INFO] Tagging release with the label 2.15.0... > 10:28:04 [INFO] push tag [2.15.0] to remote... > 10:28:04 [INFO] fetch url: ssh://xxx@xxx > 10:28:04 [INFO] push url: ssh://xxx@xxx > 10:28:05 [INFO] OK - RemoteRefUpdate[remoteName=refs/tags/2.15.0, OK, > ...968d97de8331ce19d43c719e870890def5ee65d9, > fastForward, srcRef=refs/tags/2.15.0, message=null]{code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [SCM-1022] - jgit push failure is not failing the build [maven-scm]
michael-o commented on PR #203: URL: https://github.com/apache/maven-scm/pull/203#issuecomment-2042404769 Let me run this again -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump bouncycastleVersion from 1.77 to 1.78 [maven-resolver]
dependabot[bot] closed pull request #459: Bump bouncycastleVersion from 1.77 to 1.78 URL: https://github.com/apache/maven-resolver/pull/459 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump bouncycastleVersion from 1.77 to 1.78 [maven-resolver]
dependabot[bot] commented on PR #459: URL: https://github.com/apache/maven-resolver/pull/459#issuecomment-2042382718 Looks like these dependencies are up-to-date now, so this is no longer needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump bouncycastleVersion from 1.77 to 1.78 [maven-resolver]
cstamas commented on PR #459: URL: https://github.com/apache/maven-resolver/pull/459#issuecomment-2042382193 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MRESOLVER-523) Update GPG generator to Bouncycastle 1.78
[ https://issues.apache.org/jira/browse/MRESOLVER-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17834874#comment-17834874 ] ASF GitHub Bot commented on MRESOLVER-523: -- cstamas merged PR #460: URL: https://github.com/apache/maven-resolver/pull/460 > Update GPG generator to Bouncycastle 1.78 > - > > Key: MRESOLVER-523 > URL: https://issues.apache.org/jira/browse/MRESOLVER-523 > Project: Maven Resolver > Issue Type: Dependency upgrade > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MRESOLVER-523) Update GPG generator to Bouncycastle 1.78
[ https://issues.apache.org/jira/browse/MRESOLVER-523?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak closed MRESOLVER-523. - Resolution: Fixed > Update GPG generator to Bouncycastle 1.78 > - > > Key: MRESOLVER-523 > URL: https://issues.apache.org/jira/browse/MRESOLVER-523 > Project: Maven Resolver > Issue Type: Dependency upgrade > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MRESOLVER-523] Update GPG generator BC to 1.78 [maven-resolver]
cstamas merged PR #460: URL: https://github.com/apache/maven-resolver/pull/460 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MRESOLVER-518) Improvements for version selector
[ https://issues.apache.org/jira/browse/MRESOLVER-518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17834869#comment-17834869 ] ASF GitHub Bot commented on MRESOLVER-518: -- cstamas commented on PR #450: URL: https://github.com/apache/maven-resolver/pull/450#issuecomment-2042356577 ping, any other comments to this PR? > Improvements for version selector > - > > Key: MRESOLVER-518 > URL: https://issues.apache.org/jira/browse/MRESOLVER-518 > Project: Maven Resolver > Issue Type: New Feature > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > > Currently Resolver "silently" resolves conflict based on "nearest" strategy, > without any assumption about selected version (simply the fact it is "nearer > to root" makes it win). > Extend this logic by ability to fail collection in case of version conflict, > version divergence and "version incompatibility" for start. As it may come > handy, and user may want to fix the build differently than Maven would. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MRESOLVER-518] Version selector improvements [maven-resolver]
cstamas commented on PR #450: URL: https://github.com/apache/maven-resolver/pull/450#issuecomment-2042356577 ping, any other comments to this PR? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MRESOLVER-525) Update test dep testcointainers-redis to 2.2.2
[ https://issues.apache.org/jira/browse/MRESOLVER-525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak closed MRESOLVER-525. - Resolution: Fixed > Update test dep testcointainers-redis to 2.2.2 > -- > > Key: MRESOLVER-525 > URL: https://issues.apache.org/jira/browse/MRESOLVER-525 > Project: Maven Resolver > Issue Type: Dependency upgrade > Components: Resolver >Reporter: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Bump com.redis:testcontainers-redis from 2.2.1 to 2.2.2 [maven-resolver]
cstamas merged PR #451: URL: https://github.com/apache/maven-resolver/pull/451 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MRESOLVER-525) Update test dep testcointainers-redis to 2.2.2
Tamas Cservenak created MRESOLVER-525: - Summary: Update test dep testcointainers-redis to 2.2.2 Key: MRESOLVER-525 URL: https://issues.apache.org/jira/browse/MRESOLVER-525 Project: Maven Resolver Issue Type: Dependency upgrade Components: Resolver Reporter: Tamas Cservenak Fix For: 2.0.0, 2.0.0-alpha-11 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SCM-1022) jgit push failure is not failing the build
[ https://issues.apache.org/jira/browse/SCM-1022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17834866#comment-17834866 ] ASF GitHub Bot commented on SCM-1022: - attiand commented on PR #203: URL: https://github.com/apache/maven-scm/pull/203#issuecomment-2042327072 Status.UP_TO_DATE is now successful. Added TCK testUpToDatePush. > jgit push failure is not failing the build > -- > > Key: SCM-1022 > URL: https://issues.apache.org/jira/browse/SCM-1022 > Project: Maven SCM > Issue Type: Bug > Components: maven-scm-provider-jgit >Affects Versions: 2.0.1 >Reporter: Mattias Andersson >Assignee: Michael Osipov >Priority: Major > Fix For: 2.1.0 > > > If the push command fails, the maven build does not fail. This means binaries > are deployed, but the remote repo is not updated. The issue seems related to > SCM-854. > We use Gerrit and have the merge strategy set to "fast forward only". If > someone pushes a commit during the release job, only an INFO message is > logged, but the maven build is successful. > The same use case with the maven-scm-provider-gitexe (the default) fails the > build as expected (git push returns a non-zero exit code) > {code:java} > 10:28:03 [INFO] commit done: [maven-release-plugin] prepare release 2.15.0 > 10:28:03 [INFO] push changes to remote... refs/heads/master:refs/heads/master > 10:28:03 [INFO] fetch url: ssh://xxx@xxx > 10:28:03 [INFO] push url: ssh://xxx@xxx > 10:28:03 [INFO] getOrCreateProvider(EdDSA) created instance of > net.i2p.crypto.eddsa.EdDSASecurityProvider > 10:28:03 [INFO] No detected/configured IoServiceFactoryFactory using > Nio2ServiceFactoryFactory > 10:28:04 [INFO] REJECTED_NONFASTFORWARD - > RemoteRefUpdate[remoteName=refs/heads/master, REJECTED_NONFASTFORWARD, > 1eee06203068576ddcaae4eefe0ea15a52fb49ba...3102c82c6b62d4e86c75194569c2574ac722b6dd, > srcRef=refs/heads/master, message=null] > 10:28:04 [INFO] 12/17 prepare:scm-tag > 10:28:04 [INFO] Tagging release with the label 2.15.0... > 10:28:04 [INFO] push tag [2.15.0] to remote... > 10:28:04 [INFO] fetch url: ssh://xxx@xxx > 10:28:04 [INFO] push url: ssh://xxx@xxx > 10:28:05 [INFO] OK - RemoteRefUpdate[remoteName=refs/tags/2.15.0, OK, > ...968d97de8331ce19d43c719e870890def5ee65d9, > fastForward, srcRef=refs/tags/2.15.0, message=null]{code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [SCM-1022] - jgit push failure is not failing the build [maven-scm]
attiand commented on PR #203: URL: https://github.com/apache/maven-scm/pull/203#issuecomment-2042327072 Status.UP_TO_DATE is now successful. Added TCK testUpToDatePush. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MRESOLVER-524) Update Hazelcast to 5.3.7
[ https://issues.apache.org/jira/browse/MRESOLVER-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak closed MRESOLVER-524. - Resolution: Fixed > Update Hazelcast to 5.3.7 > - > > Key: MRESOLVER-524 > URL: https://issues.apache.org/jira/browse/MRESOLVER-524 > Project: Maven Resolver > Issue Type: Dependency upgrade > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Bump com.redis:testcontainers-redis from 2.2.1 to 2.2.2 [maven-resolver]
cstamas commented on PR #451: URL: https://github.com/apache/maven-resolver/pull/451#issuecomment-2042323294 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump com.hazelcast:hazelcast from 5.3.6 to 5.3.7 [maven-resolver]
cstamas merged PR #458: URL: https://github.com/apache/maven-resolver/pull/458 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MRESOLVER-524) Update Hazelcast to 5.3.7
Tamas Cservenak created MRESOLVER-524: - Summary: Update Hazelcast to 5.3.7 Key: MRESOLVER-524 URL: https://issues.apache.org/jira/browse/MRESOLVER-524 Project: Maven Resolver Issue Type: Dependency upgrade Components: Resolver Reporter: Tamas Cservenak Fix For: 2.0.0, 2.0.0-alpha-11 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (MRESOLVER-524) Update Hazelcast to 5.3.7
[ https://issues.apache.org/jira/browse/MRESOLVER-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak reassigned MRESOLVER-524: - Assignee: Tamas Cservenak > Update Hazelcast to 5.3.7 > - > > Key: MRESOLVER-524 > URL: https://issues.apache.org/jira/browse/MRESOLVER-524 > Project: Maven Resolver > Issue Type: Dependency upgrade > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRESOLVER-523) Update GPG generator to Bouncycastle 1.78
[ https://issues.apache.org/jira/browse/MRESOLVER-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17834865#comment-17834865 ] ASF GitHub Bot commented on MRESOLVER-523: -- cstamas opened a new pull request, #460: URL: https://github.com/apache/maven-resolver/pull/460 Update BC to 1.78 --- https://issues.apache.org/jira/browse/MRESOLVER-523 > Update GPG generator to Bouncycastle 1.78 > - > > Key: MRESOLVER-523 > URL: https://issues.apache.org/jira/browse/MRESOLVER-523 > Project: Maven Resolver > Issue Type: Dependency upgrade > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (MRESOLVER-523) Update GPG generator to Bouncycastle 1.78
[ https://issues.apache.org/jira/browse/MRESOLVER-523?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak reassigned MRESOLVER-523: - Assignee: Tamas Cservenak > Update GPG generator to Bouncycastle 1.78 > - > > Key: MRESOLVER-523 > URL: https://issues.apache.org/jira/browse/MRESOLVER-523 > Project: Maven Resolver > Issue Type: Dependency upgrade > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MRESOLVER-523) Update GPG generator to Bouncycastle 1.78
Tamas Cservenak created MRESOLVER-523: - Summary: Update GPG generator to Bouncycastle 1.78 Key: MRESOLVER-523 URL: https://issues.apache.org/jira/browse/MRESOLVER-523 Project: Maven Resolver Issue Type: Dependency upgrade Components: Resolver Reporter: Tamas Cservenak Fix For: 2.0.0, 2.0.0-alpha-11 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MGPG-116) Up the file size limit to 64K
[ https://issues.apache.org/jira/browse/MGPG-116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak updated MGPG-116: - Issue Type: Improvement (was: Task) > Up the file size limit to 64K > - > > Key: MGPG-116 > URL: https://issues.apache.org/jira/browse/MGPG-116 > Project: Maven GPG Plugin > Issue Type: Improvement >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 3.2.3 > > > The refd document talks about "key size" (that is very rarely 16K), but the > file we are loading up is armored: Base64 encoded + formatted + newlines and > may have arbitrary amount of comments added as well. > In short, the wiki talks about the "key size" as in memory, while this file > have much of the overhead, plus, it may be collection of keys... -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SCM-1022) jgit push failure is not failing the build
[ https://issues.apache.org/jira/browse/SCM-1022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17834834#comment-17834834 ] ASF GitHub Bot commented on SCM-1022: - kwin commented on code in PR #203: URL: https://github.com/apache/maven-scm/pull/203#discussion_r1555400678 ## maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/src/main/java/org/apache/maven/scm/provider/git/jgit/command/checkin/JGitCheckInCommand.java: ## @@ -139,7 +141,19 @@ protected CheckInScmResult executeCheckInCommand( } RefSpec refSpec = new RefSpec(Constants.R_HEADS + branch + ":" + Constants.R_HEADS + branch); logger.info("push changes to remote... " + refSpec); -JGitUtils.push(git, (GitScmProviderRepository) repo, refSpec); +Iterable pushResultList = JGitUtils.push(git, (GitScmProviderRepository) repo, refSpec); + +for (PushResult pushResult : pushResultList) { +for (RemoteRefUpdate remoteRefUpdate : pushResult.getRemoteUpdates()) { +if (remoteRefUpdate.getStatus() != RemoteRefUpdate.Status.OK) { Review Comment: I think up2date is no error condition either: https://archive.eclipse.org/jgit/docs/jgit-2.0.0.201206130900-r/apidocs/org/eclipse/jgit/transport/RemoteRefUpdate.Status.html#UP_TO_DATE > jgit push failure is not failing the build > -- > > Key: SCM-1022 > URL: https://issues.apache.org/jira/browse/SCM-1022 > Project: Maven SCM > Issue Type: Bug > Components: maven-scm-provider-jgit >Affects Versions: 2.0.1 >Reporter: Mattias Andersson >Assignee: Michael Osipov >Priority: Major > Fix For: 2.1.0 > > > If the push command fails, the maven build does not fail. This means binaries > are deployed, but the remote repo is not updated. The issue seems related to > SCM-854. > We use Gerrit and have the merge strategy set to "fast forward only". If > someone pushes a commit during the release job, only an INFO message is > logged, but the maven build is successful. > The same use case with the maven-scm-provider-gitexe (the default) fails the > build as expected (git push returns a non-zero exit code) > {code:java} > 10:28:03 [INFO] commit done: [maven-release-plugin] prepare release 2.15.0 > 10:28:03 [INFO] push changes to remote... refs/heads/master:refs/heads/master > 10:28:03 [INFO] fetch url: ssh://xxx@xxx > 10:28:03 [INFO] push url: ssh://xxx@xxx > 10:28:03 [INFO] getOrCreateProvider(EdDSA) created instance of > net.i2p.crypto.eddsa.EdDSASecurityProvider > 10:28:03 [INFO] No detected/configured IoServiceFactoryFactory using > Nio2ServiceFactoryFactory > 10:28:04 [INFO] REJECTED_NONFASTFORWARD - > RemoteRefUpdate[remoteName=refs/heads/master, REJECTED_NONFASTFORWARD, > 1eee06203068576ddcaae4eefe0ea15a52fb49ba...3102c82c6b62d4e86c75194569c2574ac722b6dd, > srcRef=refs/heads/master, message=null] > 10:28:04 [INFO] 12/17 prepare:scm-tag > 10:28:04 [INFO] Tagging release with the label 2.15.0... > 10:28:04 [INFO] push tag [2.15.0] to remote... > 10:28:04 [INFO] fetch url: ssh://xxx@xxx > 10:28:04 [INFO] push url: ssh://xxx@xxx > 10:28:05 [INFO] OK - RemoteRefUpdate[remoteName=refs/tags/2.15.0, OK, > ...968d97de8331ce19d43c719e870890def5ee65d9, > fastForward, srcRef=refs/tags/2.15.0, message=null]{code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [SCM-1022] - jgit push failure is not failing the build [maven-scm]
kwin commented on code in PR #203: URL: https://github.com/apache/maven-scm/pull/203#discussion_r1555400678 ## maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/src/main/java/org/apache/maven/scm/provider/git/jgit/command/checkin/JGitCheckInCommand.java: ## @@ -139,7 +141,19 @@ protected CheckInScmResult executeCheckInCommand( } RefSpec refSpec = new RefSpec(Constants.R_HEADS + branch + ":" + Constants.R_HEADS + branch); logger.info("push changes to remote... " + refSpec); -JGitUtils.push(git, (GitScmProviderRepository) repo, refSpec); +Iterable pushResultList = JGitUtils.push(git, (GitScmProviderRepository) repo, refSpec); + +for (PushResult pushResult : pushResultList) { +for (RemoteRefUpdate remoteRefUpdate : pushResult.getRemoteUpdates()) { +if (remoteRefUpdate.getStatus() != RemoteRefUpdate.Status.OK) { Review Comment: I think up2date is no error condition either: https://archive.eclipse.org/jgit/docs/jgit-2.0.0.201206130900-r/apidocs/org/eclipse/jgit/transport/RemoteRefUpdate.Status.html#UP_TO_DATE -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SCM-1022) jgit push failure is not failing the build
[ https://issues.apache.org/jira/browse/SCM-1022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17834833#comment-17834833 ] ASF GitHub Bot commented on SCM-1022: - kwin commented on code in PR #203: URL: https://github.com/apache/maven-scm/pull/203#discussion_r1555398863 ## maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/src/test/java/org/apache/maven/scm/provider/git/jgit/command/checkin/JGitCheckinCommandTest.java: ## @@ -0,0 +1,104 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.maven.scm.provider.git.jgit.command.checkin; + +import java.io.File; +import java.io.IOException; + +import org.apache.maven.scm.PlexusJUnit4TestSupport; +import org.apache.maven.scm.ScmFileSet; +import org.apache.maven.scm.ScmTestCase; +import org.apache.maven.scm.command.checkin.CheckInScmResult; +import org.apache.maven.scm.command.checkout.CheckOutScmResult; +import org.apache.maven.scm.provider.git.GitScmTestUtils; +import org.apache.maven.scm.repository.ScmRepository; +import org.codehaus.plexus.util.FileUtils; +import org.junit.Test; + +import static org.junit.Assert.assertFalse; + +public class JGitCheckinCommandTest extends ScmTestCase { Review Comment: I think a push which doesn't add any commits should never be an error (neither in JGit nor in GitExe). If there is an up2date check being necessary in maven-release-plugin that needs to be triggered separately. I would therefore appreciate to add the test to the TCK but assert that it is returning a success status. > jgit push failure is not failing the build > -- > > Key: SCM-1022 > URL: https://issues.apache.org/jira/browse/SCM-1022 > Project: Maven SCM > Issue Type: Bug > Components: maven-scm-provider-jgit >Affects Versions: 2.0.1 >Reporter: Mattias Andersson >Assignee: Michael Osipov >Priority: Major > Fix For: 2.1.0 > > > If the push command fails, the maven build does not fail. This means binaries > are deployed, but the remote repo is not updated. The issue seems related to > SCM-854. > We use Gerrit and have the merge strategy set to "fast forward only". If > someone pushes a commit during the release job, only an INFO message is > logged, but the maven build is successful. > The same use case with the maven-scm-provider-gitexe (the default) fails the > build as expected (git push returns a non-zero exit code) > {code:java} > 10:28:03 [INFO] commit done: [maven-release-plugin] prepare release 2.15.0 > 10:28:03 [INFO] push changes to remote... refs/heads/master:refs/heads/master > 10:28:03 [INFO] fetch url: ssh://xxx@xxx > 10:28:03 [INFO] push url: ssh://xxx@xxx > 10:28:03 [INFO] getOrCreateProvider(EdDSA) created instance of > net.i2p.crypto.eddsa.EdDSASecurityProvider > 10:28:03 [INFO] No detected/configured IoServiceFactoryFactory using > Nio2ServiceFactoryFactory > 10:28:04 [INFO] REJECTED_NONFASTFORWARD - > RemoteRefUpdate[remoteName=refs/heads/master, REJECTED_NONFASTFORWARD, > 1eee06203068576ddcaae4eefe0ea15a52fb49ba...3102c82c6b62d4e86c75194569c2574ac722b6dd, > srcRef=refs/heads/master, message=null] > 10:28:04 [INFO] 12/17 prepare:scm-tag > 10:28:04 [INFO] Tagging release with the label 2.15.0... > 10:28:04 [INFO] push tag [2.15.0] to remote... > 10:28:04 [INFO] fetch url: ssh://xxx@xxx > 10:28:04 [INFO] push url: ssh://xxx@xxx > 10:28:05 [INFO] OK - RemoteRefUpdate[remoteName=refs/tags/2.15.0, OK, > ...968d97de8331ce19d43c719e870890def5ee65d9, > fastForward, srcRef=refs/tags/2.15.0, message=null]{code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [SCM-1022] - jgit push failure is not failing the build [maven-scm]
kwin commented on code in PR #203: URL: https://github.com/apache/maven-scm/pull/203#discussion_r1555398863 ## maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/src/test/java/org/apache/maven/scm/provider/git/jgit/command/checkin/JGitCheckinCommandTest.java: ## @@ -0,0 +1,104 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.maven.scm.provider.git.jgit.command.checkin; + +import java.io.File; +import java.io.IOException; + +import org.apache.maven.scm.PlexusJUnit4TestSupport; +import org.apache.maven.scm.ScmFileSet; +import org.apache.maven.scm.ScmTestCase; +import org.apache.maven.scm.command.checkin.CheckInScmResult; +import org.apache.maven.scm.command.checkout.CheckOutScmResult; +import org.apache.maven.scm.provider.git.GitScmTestUtils; +import org.apache.maven.scm.repository.ScmRepository; +import org.codehaus.plexus.util.FileUtils; +import org.junit.Test; + +import static org.junit.Assert.assertFalse; + +public class JGitCheckinCommandTest extends ScmTestCase { Review Comment: I think a push which doesn't add any commits should never be an error (neither in JGit nor in GitExe). If there is an up2date check being necessary in maven-release-plugin that needs to be triggered separately. I would therefore appreciate to add the test to the TCK but assert that it is returning a success status. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SCM-914) InfoItem.lastChangedDate is leaky abstraction
[ https://issues.apache.org/jira/browse/SCM-914?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17834831#comment-17834831 ] Konrad Windszus commented on SCM-914: - Fixed in https://github.com/apache/maven-scm/commit/a297237e98b405ba4a323247137eaffcf8e20593. > InfoItem.lastChangedDate is leaky abstraction > - > > Key: SCM-914 > URL: https://issues.apache.org/jira/browse/SCM-914 > Project: Maven SCM > Issue Type: Bug > Components: maven-scm-api >Reporter: Tobias Gruetzmacher >Assignee: Konrad Windszus >Priority: Minor > Fix For: 2.1.0 > > > I was looking into implementing > [https://github.com/mojohaus/buildnumber-maven-plugin/pull/16] in a sane way, > but had to conclude that InfoItem.lastChangedDate is unfortunately just a > string and not a Data, so will leak the console output of different providers > to the user. > Does anybody see a sane way to fix this API and create a sane abstraction for > different SCMs? If yes, I would try to go ahead with the following tasks: > # Fix InfoItem, so that lastChangedDate is a Date > # Fix the current providers filling this field (svnexe and svnjava AFAICS - > aside: why is svnjava not part of the maven-scm repository?) > # Implement this feature for at least gitexe (and maybe jgit) so I can use > it for my usecase > Ideas, comments? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (SCM-914) InfoItem.lastChangedDate is leaky abstraction
[ https://issues.apache.org/jira/browse/SCM-914?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konrad Windszus resolved SCM-914. - Fix Version/s: 2.1.0 Resolution: Fixed > InfoItem.lastChangedDate is leaky abstraction > - > > Key: SCM-914 > URL: https://issues.apache.org/jira/browse/SCM-914 > Project: Maven SCM > Issue Type: Bug > Components: maven-scm-api >Reporter: Tobias Gruetzmacher >Assignee: Konrad Windszus >Priority: Minor > Fix For: 2.1.0 > > > I was looking into implementing > [https://github.com/mojohaus/buildnumber-maven-plugin/pull/16] in a sane way, > but had to conclude that InfoItem.lastChangedDate is unfortunately just a > string and not a Data, so will leak the console output of different providers > to the user. > Does anybody see a sane way to fix this API and create a sane abstraction for > different SCMs? If yes, I would try to go ahead with the following tasks: > # Fix InfoItem, so that lastChangedDate is a Date > # Fix the current providers filling this field (svnexe and svnjava AFAICS - > aside: why is svnjava not part of the maven-scm repository?) > # Implement this feature for at least gitexe (and maybe jgit) so I can use > it for my usecase > Ideas, comments? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SCM-914) InfoItem.lastChangedDate is leaky abstraction
[ https://issues.apache.org/jira/browse/SCM-914?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17834829#comment-17834829 ] ASF GitHub Bot commented on SCM-914: kwin merged PR #193: URL: https://github.com/apache/maven-scm/pull/193 > InfoItem.lastChangedDate is leaky abstraction > - > > Key: SCM-914 > URL: https://issues.apache.org/jira/browse/SCM-914 > Project: Maven SCM > Issue Type: Bug > Components: maven-scm-api >Reporter: Tobias Gruetzmacher >Assignee: Konrad Windszus >Priority: Minor > > I was looking into implementing > [https://github.com/mojohaus/buildnumber-maven-plugin/pull/16] in a sane way, > but had to conclude that InfoItem.lastChangedDate is unfortunately just a > string and not a Data, so will leak the console output of different providers > to the user. > Does anybody see a sane way to fix this API and create a sane abstraction for > different SCMs? If yes, I would try to go ahead with the following tasks: > # Fix InfoItem, so that lastChangedDate is a Date > # Fix the current providers filling this field (svnexe and svnjava AFAICS - > aside: why is svnjava not part of the maven-scm repository?) > # Implement this feature for at least gitexe (and maybe jgit) so I can use > it for my usecase > Ideas, comments? -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [SCM-914] Introduce properly typed last modified date [maven-scm]
kwin merged PR #193: URL: https://github.com/apache/maven-scm/pull/193 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SCM-1022) jgit push failure is not failing the build
[ https://issues.apache.org/jira/browse/SCM-1022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17834827#comment-17834827 ] ASF GitHub Bot commented on SCM-1022: - michael-o commented on PR #203: URL: https://github.com/apache/maven-scm/pull/203#issuecomment-2042108540 @kwin Any objections? > jgit push failure is not failing the build > -- > > Key: SCM-1022 > URL: https://issues.apache.org/jira/browse/SCM-1022 > Project: Maven SCM > Issue Type: Bug > Components: maven-scm-provider-jgit >Affects Versions: 2.0.1 >Reporter: Mattias Andersson >Assignee: Michael Osipov >Priority: Major > Fix For: 2.1.0 > > > If the push command fails, the maven build does not fail. This means binaries > are deployed, but the remote repo is not updated. The issue seems related to > SCM-854. > We use Gerrit and have the merge strategy set to "fast forward only". If > someone pushes a commit during the release job, only an INFO message is > logged, but the maven build is successful. > The same use case with the maven-scm-provider-gitexe (the default) fails the > build as expected (git push returns a non-zero exit code) > {code:java} > 10:28:03 [INFO] commit done: [maven-release-plugin] prepare release 2.15.0 > 10:28:03 [INFO] push changes to remote... refs/heads/master:refs/heads/master > 10:28:03 [INFO] fetch url: ssh://xxx@xxx > 10:28:03 [INFO] push url: ssh://xxx@xxx > 10:28:03 [INFO] getOrCreateProvider(EdDSA) created instance of > net.i2p.crypto.eddsa.EdDSASecurityProvider > 10:28:03 [INFO] No detected/configured IoServiceFactoryFactory using > Nio2ServiceFactoryFactory > 10:28:04 [INFO] REJECTED_NONFASTFORWARD - > RemoteRefUpdate[remoteName=refs/heads/master, REJECTED_NONFASTFORWARD, > 1eee06203068576ddcaae4eefe0ea15a52fb49ba...3102c82c6b62d4e86c75194569c2574ac722b6dd, > srcRef=refs/heads/master, message=null] > 10:28:04 [INFO] 12/17 prepare:scm-tag > 10:28:04 [INFO] Tagging release with the label 2.15.0... > 10:28:04 [INFO] push tag [2.15.0] to remote... > 10:28:04 [INFO] fetch url: ssh://xxx@xxx > 10:28:04 [INFO] push url: ssh://xxx@xxx > 10:28:05 [INFO] OK - RemoteRefUpdate[remoteName=refs/tags/2.15.0, OK, > ...968d97de8331ce19d43c719e870890def5ee65d9, > fastForward, srcRef=refs/tags/2.15.0, message=null]{code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [SCM-1022] - jgit push failure is not failing the build [maven-scm]
michael-o commented on PR #203: URL: https://github.com/apache/maven-scm/pull/203#issuecomment-2042108540 @kwin Any objections? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump com.kohlschutter.junixsocket:junixsocket-core from 2.9.0 to 2.9.1 [maven-gpg-plugin]
dependabot[bot] closed pull request #92: Bump com.kohlschutter.junixsocket:junixsocket-core from 2.9.0 to 2.9.1 URL: https://github.com/apache/maven-gpg-plugin/pull/92 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump com.kohlschutter.junixsocket:junixsocket-core from 2.9.0 to 2.9.1 [maven-gpg-plugin]
dependabot[bot] commented on PR #92: URL: https://github.com/apache/maven-gpg-plugin/pull/92#issuecomment-2042094844 Looks like com.kohlschutter.junixsocket:junixsocket-core is up-to-date now, so this is no longer needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump bouncycastleVersion from 1.77 to 1.78 [maven-gpg-plugin]
dependabot[bot] closed pull request #91: Bump bouncycastleVersion from 1.77 to 1.78 URL: https://github.com/apache/maven-gpg-plugin/pull/91 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org