[PR] Bump org.apache.groovy:groovy from 4.0.20 to 4.0.21 [maven-script-interpreter]

[via GitHub]

dependabot[bot] opened a new pull request, #119:
URL: https://github.com/apache/maven-script-interpreter/pull/119

   Bumps [org.apache.groovy:groovy](https://github.com/apache/groovy) from 
4.0.20 to 4.0.21.
   
   Commits
   
   See full diff in https://github.com/apache/groovy/commits;>compare view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.groovy:groovy=maven=4.0.20=4.0.21)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump org.apache.groovy:groovy-bom from 4.0.20 to 4.0.21 [maven-invoker-plugin]

[via GitHub]

dependabot[bot] opened a new pull request, #223:
URL: https://github.com/apache/maven-invoker-plugin/pull/223

   Bumps [org.apache.groovy:groovy-bom](https://github.com/apache/groovy) from 
4.0.20 to 4.0.21.
   
   Commits
   
   See full diff in https://github.com/apache/groovy/commits;>compare view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.groovy:groovy-bom=maven=4.0.20=4.0.21)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-scm]

[via GitHub]

CrazyHZM merged PR #206:
URL: https://github.com/apache/maven-scm/pull/206


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Updated] (MJAR-296) No way to suppress default excludes in maven-jar-plugin

[Slawomir Jaranowski (Jira)]

 [ 
https://issues.apache.org/jira/browse/MJAR-296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Slawomir Jaranowski updated MJAR-296:
-
Issue Type: New Feature  (was: Improvement)

> No way to suppress default excludes in maven-jar-plugin
> ---
>
> Key: MJAR-296
> URL: https://issues.apache.org/jira/browse/MJAR-296
> Project: Maven JAR Plugin
>  Issue Type: New Feature
>Affects Versions: 3.3.0
>Reporter: G.Vaysman
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.4.0
>
> Attachments: jar-default-excludes.zip
>
>
> With the default excludes being expanded further (see 
> org.codehaus.plexus.util.AbstractScanner.{*}_DEFAULTEXCLUDES_{*}), a resource 
> directory **/ChangeSet/** will never be included in the JAR artifact.
> Some plugins (maven-resources-plugin, maven-assembly-plugin) already allow 
> suppressing the exclusion, but not the maven-jar-plugin. Code analysis of the 
> JarMojo -> DirectoryScanner call path confirms that there is no way to affect 
> the FileSet configuration. 
> Again, with ever expanding list of *_DEFAULTEXCLUDES,_* this, on our opinion, 
> is quite detrimental, and due to backward compatibility, changing 
> resource/package path (say, to ChangeSet2) is not an option. 
> I am attaching a very simple project that shows two things:
>  # The jar plugin skips adding the **/ChangeSet/** files
>  # The resources plugin is configured not to skip (addDefaultExcludes) and 
> behaves properly



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (MJAR-239) Class-Path order has changed is incorrect when adding ManifestEntries

[Slawomir Jaranowski (Jira)]

 [ 
https://issues.apache.org/jira/browse/MJAR-239?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Slawomir Jaranowski updated MJAR-239:
-
Labels: up-for-grabs  (was: )

> Class-Path order has changed is incorrect when adding ManifestEntries
> -
>
> Key: MJAR-239
> URL: https://issues.apache.org/jira/browse/MJAR-239
> Project: Maven JAR Plugin
>  Issue Type: Bug
>Affects Versions: 3.0.2
>Reporter: Roy Arnon
>Priority: Major
>  Labels: up-for-grabs
> Fix For: waiting-for-feedback
>
> Attachments: MANIFEST-end.MF, MANIFEST-start.MF, test_case.zip
>
>
> It seems that in maven-jar-plugin 3.0.2 - that uses maven-archiver-3.11, 
> which is where I think the bug is - the order of the added Class-Path entries 
> in manifest file has changed between 3.0.1 (which added them to start of 
> entries) and 3.0.2 (which adds them to bottom).
> I have attached a minimal test case to display this issue.
> There are 2 pom files - pom.xml generates the manifest with the entries at 
> start, and pom-old.xml generates the manifest with the entries at the end.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (MJAR-265) Resources not copied

[Slawomir Jaranowski (Jira)]

 [ 
https://issues.apache.org/jira/browse/MJAR-265?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Slawomir Jaranowski reassigned MJAR-265:


Assignee: Slawomir Jaranowski

> Resources not copied
> 
>
> Key: MJAR-265
> URL: https://issues.apache.org/jira/browse/MJAR-265
> Project: Maven JAR Plugin
>  Issue Type: New Feature
>Affects Versions: 3.1.2
> Environment: windows 7, Maven 3.3.9 Java version: 1.7.0_80
>Reporter: vincent c
>Assignee: Slawomir Jaranowski
>Priority: Minor
> Fix For: 3.4.0
>
> Attachments: example.7z
>
>
> I have a folder named *.metadata* that is in the target/classes folder.
> But it is not copied to the jar archive. It looks like a default exclusion 
> filter is used.
> It is working with version maven-jar-plugin:2.3 but version 2.4 and upper it 
> is not.
>  
> The issue seams to be also discussed on 
> [stackoverflow|https://stackoverflow.com/questions/55514758/maven-jar-plugin-does-not-include-gitignore-file/55522970#55522970].



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (MJAR-296) No way to suppress default excludes in maven-jar-plugin

[Slawomir Jaranowski (Jira)]

 [ 
https://issues.apache.org/jira/browse/MJAR-296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Slawomir Jaranowski closed MJAR-296.

Resolution: Fixed

> No way to suppress default excludes in maven-jar-plugin
> ---
>
> Key: MJAR-296
> URL: https://issues.apache.org/jira/browse/MJAR-296
> Project: Maven JAR Plugin
>  Issue Type: Improvement
>Affects Versions: 3.3.0
>Reporter: G.Vaysman
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.4.0
>
> Attachments: jar-default-excludes.zip
>
>
> With the default excludes being expanded further (see 
> org.codehaus.plexus.util.AbstractScanner.{*}_DEFAULTEXCLUDES_{*}), a resource 
> directory **/ChangeSet/** will never be included in the JAR artifact.
> Some plugins (maven-resources-plugin, maven-assembly-plugin) already allow 
> suppressing the exclusion, but not the maven-jar-plugin. Code analysis of the 
> JarMojo -> DirectoryScanner call path confirms that there is no way to affect 
> the FileSet configuration. 
> Again, with ever expanding list of *_DEFAULTEXCLUDES,_* this, on our opinion, 
> is quite detrimental, and due to backward compatibility, changing 
> resource/package path (say, to ChangeSet2) is not an option. 
> I am attaching a very simple project that shows two things:
>  # The jar plugin skips adding the **/ChangeSet/** files
>  # The resources plugin is configured not to skip (addDefaultExcludes) and 
> behaves properly



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (MJAR-265) Resources not copied

[Slawomir Jaranowski (Jira)]

 [ 
https://issues.apache.org/jira/browse/MJAR-265?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Slawomir Jaranowski closed MJAR-265.

Resolution: Fixed

> Resources not copied
> 
>
> Key: MJAR-265
> URL: https://issues.apache.org/jira/browse/MJAR-265
> Project: Maven JAR Plugin
>  Issue Type: New Feature
>Affects Versions: 3.1.2
> Environment: windows 7, Maven 3.3.9 Java version: 1.7.0_80
>Reporter: vincent c
>Priority: Minor
> Fix For: 3.4.0
>
> Attachments: example.7z
>
>
> I have a folder named *.metadata* that is in the target/classes folder.
> But it is not copied to the jar archive. It looks like a default exclusion 
> filter is used.
> It is working with version maven-jar-plugin:2.3 but version 2.4 and upper it 
> is not.
>  
> The issue seams to be also discussed on 
> [stackoverflow|https://stackoverflow.com/questions/55514758/maven-jar-plugin-does-not-include-gitignore-file/55522970#55522970].



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MJAR-296) No way to suppress default excludes in maven-jar-plugin

[ASF GitHub Bot (Jira)]

[ 
https://issues.apache.org/jira/browse/MJAR-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835533#comment-17835533
 ] 

ASF GitHub Bot commented on MJAR-296:
-

slawekjaranowski merged PR #67:
URL: https://github.com/apache/maven-jar-plugin/pull/67




> No way to suppress default excludes in maven-jar-plugin
> ---
>
> Key: MJAR-296
> URL: https://issues.apache.org/jira/browse/MJAR-296
> Project: Maven JAR Plugin
>  Issue Type: Improvement
>Affects Versions: 3.3.0
>Reporter: G.Vaysman
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.4.0
>
> Attachments: jar-default-excludes.zip
>
>
> With the default excludes being expanded further (see 
> org.codehaus.plexus.util.AbstractScanner.{*}_DEFAULTEXCLUDES_{*}), a resource 
> directory **/ChangeSet/** will never be included in the JAR artifact.
> Some plugins (maven-resources-plugin, maven-assembly-plugin) already allow 
> suppressing the exclusion, but not the maven-jar-plugin. Code analysis of the 
> JarMojo -> DirectoryScanner call path confirms that there is no way to affect 
> the FileSet configuration. 
> Again, with ever expanding list of *_DEFAULTEXCLUDES,_* this, on our opinion, 
> is quite detrimental, and due to backward compatibility, changing 
> resource/package path (say, to ChangeSet2) is not an option. 
> I am attaching a very simple project that shows two things:
>  # The jar plugin skips adding the **/ChangeSet/** files
>  # The resources plugin is configured not to skip (addDefaultExcludes) and 
> behaves properly



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MJAR-296] Allow including files excluded by default. [maven-jar-plugin]

[via GitHub]

slawekjaranowski merged PR #67:
URL: https://github.com/apache/maven-jar-plugin/pull/67


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Assigned] (MPOM-480) Remove maven-site-plugin:attach-descriptor from ASF parent

[Slawomir Jaranowski (Jira)]

 [ 
https://issues.apache.org/jira/browse/MPOM-480?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Slawomir Jaranowski reassigned MPOM-480:


Assignee: Slawomir Jaranowski

> Remove maven-site-plugin:attach-descriptor from ASF parent
> --
>
> Key: MPOM-480
> URL: https://issues.apache.org/jira/browse/MPOM-480
> Project: Maven POMs
>  Issue Type: Improvement
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: ASF-32
>
>
> We have defined {{maven-site-plugin:attach-descriptor}} in {{build/plugins}}
> It cause to *every* ASF projects have execute this goals - but it is only 
> needed for parents pom and only in case when parent want to publish site 
> descriptor.
> In child projects such task is not needed.
> Each ASF project should manage it and add this only in place where is needed, 
> with *inherited* set to {*}false{*}, as example:
> {code:xml}
> 
>   org.apache.maven.plugins
>   maven-site-plugin
>   false
>   
> 
>   attach-descriptor
>   
> attach-descriptor
>   
> 
>   
> 
> {code}
> After removing from ASF parent we can simplify next step of releasing ASF 
> parent - special manually maintained documentation layout.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (MPOM-480) Remove maven-site-plugin:attach-descriptor from ASF parent

[Slawomir Jaranowski (Jira)]

 [ 
https://issues.apache.org/jira/browse/MPOM-480?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Slawomir Jaranowski updated MPOM-480:
-
Fix Version/s: ASF-32

> Remove maven-site-plugin:attach-descriptor from ASF parent
> --
>
> Key: MPOM-480
> URL: https://issues.apache.org/jira/browse/MPOM-480
> Project: Maven POMs
>  Issue Type: Improvement
>Reporter: Slawomir Jaranowski
>Priority: Major
> Fix For: ASF-32
>
>
> We have defined {{maven-site-plugin:attach-descriptor}} in {{build/plugins}}
> It cause to *every* ASF projects have execute this goals - but it is only 
> needed for parents pom and only in case when parent want to publish site 
> descriptor.
> In child projects such task is not needed.
> Each ASF project should manage it and add this only in place where is needed, 
> with *inherited* set to {*}false{*}, as example:
> {code:xml}
> 
>   org.apache.maven.plugins
>   maven-site-plugin
>   false
>   
> 
>   attach-descriptor
>   
> attach-descriptor
>   
> 
>   
> 
> {code}
> After removing from ASF parent we can simplify next step of releasing ASF 
> parent - special manually maintained documentation layout.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (MPOM-480) Remove maven-site-plugin:attach-descriptor from ASF parent

[Slawomir Jaranowski (Jira)]

Slawomir Jaranowski created MPOM-480:


 Summary: Remove maven-site-plugin:attach-descriptor from ASF parent
 Key: MPOM-480
 URL: https://issues.apache.org/jira/browse/MPOM-480
 Project: Maven POMs
  Issue Type: Improvement
Reporter: Slawomir Jaranowski


We have defined {{maven-site-plugin:attach-descriptor}} in {{build/plugins}}

It cause to *every* ASF projects have execute this goals - but it is only 
needed for parents pom and only in case when parent want to publish site 
descriptor.

In child projects such task is not needed.

Each ASF project should manage it and add this only in place where is needed, 
with *inherited* set to {*}false{*}, as example:
{code:xml}

  org.apache.maven.plugins
  maven-site-plugin
  false
  

  attach-descriptor
  
attach-descriptor
  

  

{code}
After removing from ASF parent we can simplify next step of releasing ASF 
parent - special manually maintained documentation layout.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MJAR-296] Allow including files excluded by default. [maven-jar-plugin]

[via GitHub]

slawekjaranowski commented on code in PR #67:
URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1558229755


##
src/main/java/org/apache/maven/plugins/jar/AbstractJarMojo.java:
##
@@ -169,6 +170,38 @@ public abstract class AbstractJarMojo extends AbstractMojo 
{
 @Parameter(property = "maven.jar.detectMultiReleaseJar", defaultValue = 
"true")
 private boolean detectMultiReleaseJar;
 
+/**
+ * If set to {@code false}, the files that by default are excluded from 
the resulting archive,

Review Comment:
   done



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MJAR-296) No way to suppress default excludes in maven-jar-plugin

[ASF GitHub Bot (Jira)]

[ 
https://issues.apache.org/jira/browse/MJAR-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835522#comment-17835522
 ] 

ASF GitHub Bot commented on MJAR-296:
-

slawekjaranowski commented on code in PR #67:
URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1558229755


##
src/main/java/org/apache/maven/plugins/jar/AbstractJarMojo.java:
##
@@ -169,6 +170,38 @@ public abstract class AbstractJarMojo extends AbstractMojo 
{
 @Parameter(property = "maven.jar.detectMultiReleaseJar", defaultValue = 
"true")
 private boolean detectMultiReleaseJar;
 
+/**
+ * If set to {@code false}, the files that by default are excluded from 
the resulting archive,

Review Comment:
   done





> No way to suppress default excludes in maven-jar-plugin
> ---
>
> Key: MJAR-296
> URL: https://issues.apache.org/jira/browse/MJAR-296
> Project: Maven JAR Plugin
>  Issue Type: Improvement
>Affects Versions: 3.3.0
>Reporter: G.Vaysman
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.4.0
>
> Attachments: jar-default-excludes.zip
>
>
> With the default excludes being expanded further (see 
> org.codehaus.plexus.util.AbstractScanner.{*}_DEFAULTEXCLUDES_{*}), a resource 
> directory **/ChangeSet/** will never be included in the JAR artifact.
> Some plugins (maven-resources-plugin, maven-assembly-plugin) already allow 
> suppressing the exclusion, but not the maven-jar-plugin. Code analysis of the 
> JarMojo -> DirectoryScanner call path confirms that there is no way to affect 
> the FileSet configuration. 
> Again, with ever expanding list of *_DEFAULTEXCLUDES,_* this, on our opinion, 
> is quite detrimental, and due to backward compatibility, changing 
> resource/package path (say, to ChangeSet2) is not an option. 
> I am attaching a very simple project that shows two things:
>  # The jar plugin skips adding the **/ChangeSet/** files
>  # The resources plugin is configured not to skip (addDefaultExcludes) and 
> behaves properly



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MPOM-478) Remove manually maintained history from site

[ASF GitHub Bot (Jira)]

[ 
https://issues.apache.org/jira/browse/MPOM-478?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835521#comment-17835521
 ] 

ASF GitHub Bot commented on MPOM-478:
-

slawekjaranowski opened a new pull request, #508:
URL: https://github.com/apache/maven-site/pull/508

   References:
   - https://github.com/apache/maven-apache-parent/pull/206
   - https://github.com/apache/maven-parent/pull/169




> Remove manually maintained history from site
> 
>
> Key: MPOM-478
> URL: https://issues.apache.org/jira/browse/MPOM-478
> Project: Maven POMs
>  Issue Type: Improvement
>  Components: asf, maven
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: ASF-32, MAVEN-42
>
>
> We have history of releases eg:
> [https://maven.apache.org/pom/asf/#history]
> [https://maven.apache.org/pom/maven/#history]
> [https://maven.apache.org/pom/maven/maven-plugins/#history]
> We can replace it by link to GitHub tags/releases and everybody can find what 
> is interesting for them.
>  
> All of them are manually edited during release preparing.
> We should avoid manual steps during release.
> Site [https://maven.apache.org/developers/release/parent-pom-release.html] - 
> should be updated after it.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MPOM-478] Remove manually maintained history from site [maven-apache-parent]

[via GitHub]

slawekjaranowski merged PR #206:
URL: https://github.com/apache/maven-apache-parent/pull/206


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] [MPOM-478] Remove manually maintained history from site [maven-parent]

[via GitHub]

slawekjaranowski merged PR #169:
URL: https://github.com/apache/maven-parent/pull/169


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MPMD-379) Upgrade to use PMD 7.0.0 by default

[ASF GitHub Bot (Jira)]

[ 
https://issues.apache.org/jira/browse/MPMD-379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835494#comment-17835494
 ] 

ASF GitHub Bot commented on MPMD-379:
-

adangel commented on code in PR #144:
URL: https://github.com/apache/maven-pmd-plugin/pull/144#discussion_r1558052460


##
src/it/MPMD-379-JDK21/invoker.properties:
##
@@ -0,0 +1,28 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.java.version = 1.8+
+
+# available toolchains under linux:
+# 
https://github.com/apache/infrastructure-p6/blob/production/modules/build_nodes/files/toolchains.xml
+
+# the jdk toolchain "21:openjdk" is selected in pom.xml
+invoker.toolchain.jdk.version = 21
+invoker.toolchain.jdk.vendor = openjdk

Review Comment:
   Removed the vendor restriction.



##
src/it/MPMD-379-JDK21/invoker.properties:
##
@@ -0,0 +1,28 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.java.version = 1.8+
+
+# available toolchains under linux:
+# 
https://github.com/apache/infrastructure-p6/blob/production/modules/build_nodes/files/toolchains.xml
+
+# the jdk toolchain "21:openjdk" is selected in pom.xml
+invoker.toolchain.jdk.version = 21
+invoker.toolchain.jdk.vendor = openjdk

Review Comment:
   Removed the vendor restriction for toolchain.





> Upgrade to use PMD 7.0.0 by default
> ---
>
> Key: MPMD-379
> URL: https://issues.apache.org/jira/browse/MPMD-379
> Project: Maven PMD Plugin
>  Issue Type: Improvement
>  Components: CPD, PMD
>Reporter: Andreas Dangel
>Assignee: Andreas Dangel
>Priority: Major
> Fix For: next-release
>
>
> Add support for the new major version of PMD.
> This gives support for analyzing Java 21 code.
> The upgrade from PMD 6 to PMD 7 is a major upgrade, that might impact 
> end-users, if they use custom rulesets (see 
> [https://maven.apache.org/plugins/maven-pmd-plugin/examples/usingRuleSets.html])
>  or if they override the dependencies to upgrade PMD at runtime and currently 
> use PMD 6.x (see 
> [https://maven.apache.org/plugins/maven-pmd-plugin/examples/upgrading-PMD-at-runtime.html]).
>  
> Most likely, end-users have to review their rulesets and migrate them to PMD 
> 7. Rules might have been renamed or replaced. See 
> [https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html] and 
> [https://docs.pmd-code.org/latest/pmd_userdocs_migrating_to_pmd7.html] .
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MPMD-379] PMD 7.0.0 support [maven-pmd-plugin]

[via GitHub]

adangel commented on code in PR #144:
URL: https://github.com/apache/maven-pmd-plugin/pull/144#discussion_r1558052460


##
src/it/MPMD-379-JDK21/invoker.properties:
##
@@ -0,0 +1,28 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.java.version = 1.8+
+
+# available toolchains under linux:
+# 
https://github.com/apache/infrastructure-p6/blob/production/modules/build_nodes/files/toolchains.xml
+
+# the jdk toolchain "21:openjdk" is selected in pom.xml
+invoker.toolchain.jdk.version = 21
+invoker.toolchain.jdk.vendor = openjdk

Review Comment:
   Removed the vendor restriction.



##
src/it/MPMD-379-JDK21/invoker.properties:
##
@@ -0,0 +1,28 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.java.version = 1.8+
+
+# available toolchains under linux:
+# 
https://github.com/apache/infrastructure-p6/blob/production/modules/build_nodes/files/toolchains.xml
+
+# the jdk toolchain "21:openjdk" is selected in pom.xml
+invoker.toolchain.jdk.version = 21
+invoker.toolchain.jdk.vendor = openjdk

Review Comment:
   Removed the vendor restriction for toolchain.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MPMD-379) Upgrade to use PMD 7.0.0 by default

[ASF GitHub Bot (Jira)]

[ 
https://issues.apache.org/jira/browse/MPMD-379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835493#comment-17835493
 ] 

ASF GitHub Bot commented on MPMD-379:
-

adangel commented on code in PR #144:
URL: https://github.com/apache/maven-pmd-plugin/pull/144#discussion_r1558052212


##
src/main/java/org/apache/maven/plugins/pmd/PmdReport.java:
##
@@ -63,16 +63,19 @@
 @Mojo(name = "pmd", threadSafe = true, requiresDependencyResolution = 
ResolutionScope.TEST)
 public class PmdReport extends AbstractPmdReport {
 /**
- * The target JDK to analyze based on. Should match the source used in the 
compiler plugin. Valid values
- * with the default PMD version are
+ * The target JDK to analyze based on. Should match the source used in the 
compiler plugin.
+ * Valid values depend on the used PMD version. With the default PMD 
version valid values are
  * currently 1.3, 1.4, 1.5, 
1.6, 1.7,
  * 1.8, 9, 10, 11, 
12, 13,
  * 14, 15, 16, 17, 
18, 19,
- * and 20.
+ * 20, 21, and 22.

Review Comment:
   Done.





> Upgrade to use PMD 7.0.0 by default
> ---
>
> Key: MPMD-379
> URL: https://issues.apache.org/jira/browse/MPMD-379
> Project: Maven PMD Plugin
>  Issue Type: Improvement
>  Components: CPD, PMD
>Reporter: Andreas Dangel
>Assignee: Andreas Dangel
>Priority: Major
> Fix For: next-release
>
>
> Add support for the new major version of PMD.
> This gives support for analyzing Java 21 code.
> The upgrade from PMD 6 to PMD 7 is a major upgrade, that might impact 
> end-users, if they use custom rulesets (see 
> [https://maven.apache.org/plugins/maven-pmd-plugin/examples/usingRuleSets.html])
>  or if they override the dependencies to upgrade PMD at runtime and currently 
> use PMD 6.x (see 
> [https://maven.apache.org/plugins/maven-pmd-plugin/examples/upgrading-PMD-at-runtime.html]).
>  
> Most likely, end-users have to review their rulesets and migrate them to PMD 
> 7. Rules might have been renamed or replaced. See 
> [https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html] and 
> [https://docs.pmd-code.org/latest/pmd_userdocs_migrating_to_pmd7.html] .
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MPMD-379] PMD 7.0.0 support [maven-pmd-plugin]

[via GitHub]

adangel commented on code in PR #144:
URL: https://github.com/apache/maven-pmd-plugin/pull/144#discussion_r1558052212


##
src/main/java/org/apache/maven/plugins/pmd/PmdReport.java:
##
@@ -63,16 +63,19 @@
 @Mojo(name = "pmd", threadSafe = true, requiresDependencyResolution = 
ResolutionScope.TEST)
 public class PmdReport extends AbstractPmdReport {
 /**
- * The target JDK to analyze based on. Should match the source used in the 
compiler plugin. Valid values
- * with the default PMD version are
+ * The target JDK to analyze based on. Should match the source used in the 
compiler plugin.
+ * Valid values depend on the used PMD version. With the default PMD 
version valid values are
  * currently 1.3, 1.4, 1.5, 
1.6, 1.7,
  * 1.8, 9, 10, 11, 
12, 13,
  * 14, 15, 16, 17, 
18, 19,
- * and 20.
+ * 20, 21, and 22.

Review Comment:
   Done.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Closed] (MJAR-306) Defined versions of plugins in LifecycleMapping should be up-to day

[Slawomir Jaranowski (Jira)]

 [ 
https://issues.apache.org/jira/browse/MJAR-306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Slawomir Jaranowski closed MJAR-306.

Fix Version/s: 3.4.0
 Assignee: Slawomir Jaranowski
   Resolution: Fixed

> Defined versions of plugins in LifecycleMapping should be up-to day
> ---
>
> Key: MJAR-306
> URL: https://issues.apache.org/jira/browse/MJAR-306
> Project: Maven JAR Plugin
>  Issue Type: Dependency upgrade
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.4.0
>
>
> We add {{LifecycleMapping}} in MJAR-183 we should have up-to day plugins 
> versions



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MJAR-306) Defined versions of plugins in LifecycleMapping should be up-to day

[ASF GitHub Bot (Jira)]

[ 
https://issues.apache.org/jira/browse/MJAR-306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835481#comment-17835481
 ] 

ASF GitHub Bot commented on MJAR-306:
-

slawekjaranowski merged PR #82:
URL: https://github.com/apache/maven-jar-plugin/pull/82




> Defined versions of plugins in LifecycleMapping should be up-to day
> ---
>
> Key: MJAR-306
> URL: https://issues.apache.org/jira/browse/MJAR-306
> Project: Maven JAR Plugin
>  Issue Type: Dependency upgrade
>Reporter: Slawomir Jaranowski
>Priority: Major
>
> We add {{LifecycleMapping}} in MJAR-183 we should have up-to day plugins 
> versions



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MJAR-306] Use properties for plugins versions in LifecycleMapping [maven-jar-plugin]

[via GitHub]

slawekjaranowski merged PR #82:
URL: https://github.com/apache/maven-jar-plugin/pull/82


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-scm]

[via GitHub]

dependabot[bot] opened a new pull request, #206:
URL: https://github.com/apache/maven-scm/pull/206

   Bumps commons-io:commons-io from 2.16.0 to 2.16.1.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-enforcer]

[via GitHub]

dependabot[bot] opened a new pull request, #311:
URL: https://github.com/apache/maven-enforcer/pull/311

   Bumps commons-io:commons-io from 2.16.0 to 2.16.1.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MNG-8081) default profile activation should consider available system and user properties

[Matthew Jason Benson (Jira)]

[ 
https://issues.apache.org/jira/browse/MNG-8081?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835467#comment-17835467
 ] 

Matthew Jason Benson commented on MNG-8081:
---

[https://github.com/apache/maven/pull/1447] is *a* 3.9.x specific 
implementation of this request. It differs greatly from the 4.x implementation 
due to the latter utilizing v4-specific APIs. I would love some guidance as to 
what modifications I can make to reach a state of acceptability for inclusion 
in any future 3.9.x release.

> default profile activation should consider available system and user 
> properties
> ---
>
> Key: MNG-8081
> URL: https://issues.apache.org/jira/browse/MNG-8081
> Project: Maven
>  Issue Type: Improvement
>  Components: Profiles
>Affects Versions: 3.9.6, 4.0.0
>Reporter: Matthew Jason Benson
>Priority: Minor
>
> As discussed in my open PR, my use case is to compare between environment 
> variables e.g.:
> {code:java}
> 
>   
> env.FOO
> ${env.BAR}
>   
> {code}
> Limiting the interpolation to user/system properties means that there is no 
> mindf*ck resulting from profile activation order, etc., and keeps this 
> request nonthreatening.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-surefire]

[via GitHub]

CrazyHZM merged PR #731:
URL: https://github.com/apache/maven-surefire/pull/731


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-shared-utils]

[via GitHub]

CrazyHZM merged PR #176:
URL: https://github.com/apache/maven-shared-utils/pull/176


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-acr-plugin]

[via GitHub]

CrazyHZM merged PR #35:
URL: https://github.com/apache/maven-acr-plugin/pull/35


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-pmd-plugin]

[via GitHub]

CrazyHZM merged PR #147:
URL: https://github.com/apache/maven-pmd-plugin/pull/147


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-doxia]

[via GitHub]

CrazyHZM merged PR #207:
URL: https://github.com/apache/maven-doxia/pull/207


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-jxr]

[via GitHub]

CrazyHZM merged PR #110:
URL: https://github.com/apache/maven-jxr/pull/110


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-pdf-plugin]

[via GitHub]

CrazyHZM merged PR #51:
URL: https://github.com/apache/maven-pdf-plugin/pull/51


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-pdf-plugin]

[via GitHub]

dependabot[bot] opened a new pull request, #51:
URL: https://github.com/apache/maven-pdf-plugin/pull/51

   Bumps commons-io:commons-io from 2.16.0 to 2.16.1.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-jxr]

[via GitHub]

dependabot[bot] opened a new pull request, #110:
URL: https://github.com/apache/maven-jxr/pull/110

   Bumps commons-io:commons-io from 2.16.0 to 2.16.1.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-doxia]

[via GitHub]

dependabot[bot] opened a new pull request, #207:
URL: https://github.com/apache/maven-doxia/pull/207

   Bumps commons-io:commons-io from 2.16.0 to 2.16.1.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] [PR-104] bugfix / enhancements restoration of outputs on disk [maven-build-cache-extension]

[via GitHub]

martincekodhima commented on PR #104:
URL: 
https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2044951064

   Hey, we are running into the same issue as 
https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-1789473298.
 If the build is cached, the target folder is not being generated and neither 
is the jar. This causes issues if you have a script that depends on the jar 
being there. 
   
   @kbuntrock Was that fixed in 
https://github.com/apache/maven-build-cache-extension/pull/92 or is that fixed 
with this MR? 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-pmd-plugin]

[via GitHub]

dependabot[bot] opened a new pull request, #147:
URL: https://github.com/apache/maven-pmd-plugin/pull/147

   Bumps commons-io:commons-io from 2.16.0 to 2.16.1.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-acr-plugin]

[via GitHub]

dependabot[bot] opened a new pull request, #35:
URL: https://github.com/apache/maven-acr-plugin/pull/35

   Bumps commons-io:commons-io from 2.16.0 to 2.16.1.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.15.1 to 2.16.0 [maven-ear-plugin]

[via GitHub]

dependabot[bot] commented on PR #110:
URL: https://github.com/apache/maven-ear-plugin/pull/110#issuecomment-2044559499

   Superseded by #112.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump commons-io:commons-io from 2.15.1 to 2.16.1 [maven-ear-plugin]

[via GitHub]

dependabot[bot] opened a new pull request, #112:
URL: https://github.com/apache/maven-ear-plugin/pull/112

   Bumps commons-io:commons-io from 2.15.1 to 2.16.1.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.15.1=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.15.1 to 2.16.0 [maven-ear-plugin]

[via GitHub]

dependabot[bot] closed pull request #110: Bump commons-io:commons-io from 
2.15.1 to 2.16.0
URL: https://github.com/apache/maven-ear-plugin/pull/110


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MJAR-296) No way to suppress default excludes in maven-jar-plugin

[ASF GitHub Bot (Jira)]

[ 
https://issues.apache.org/jira/browse/MJAR-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835325#comment-17835325
 ] 

ASF GitHub Bot commented on MJAR-296:
-

michael-o commented on code in PR #67:
URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1557301724


##
src/it/MJAR-296-exclude-default/pom.xml:
##
@@ -0,0 +1,58 @@
+
+
+http://maven.apache.org/POM/4.0.0;
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/maven-v4_0_0.xsd;>
+  4.0.0
+
+  org.apache.maven.plugins
+  mjar-296-exclude-default
+  mjar-296-suppress-default-excludes
+  Verifies that the resulting jar not includes files excluded by 
default
+  jar
+  1.0-SNAPSHOT
+
+  
+UTF-8
+
2023-11-19T13:25:58Z
+  
+
+  
+
+  
+
+  org.apache.maven.plugins
+  maven-resources-plugin
+  @version.maven-resources-plugin@
+  
+false

Review Comment:
   Totally right, thanks!





> No way to suppress default excludes in maven-jar-plugin
> ---
>
> Key: MJAR-296
> URL: https://issues.apache.org/jira/browse/MJAR-296
> Project: Maven JAR Plugin
>  Issue Type: Improvement
>Affects Versions: 3.3.0
>Reporter: G.Vaysman
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.4.0
>
> Attachments: jar-default-excludes.zip
>
>
> With the default excludes being expanded further (see 
> org.codehaus.plexus.util.AbstractScanner.{*}_DEFAULTEXCLUDES_{*}), a resource 
> directory **/ChangeSet/** will never be included in the JAR artifact.
> Some plugins (maven-resources-plugin, maven-assembly-plugin) already allow 
> suppressing the exclusion, but not the maven-jar-plugin. Code analysis of the 
> JarMojo -> DirectoryScanner call path confirms that there is no way to affect 
> the FileSet configuration. 
> Again, with ever expanding list of *_DEFAULTEXCLUDES,_* this, on our opinion, 
> is quite detrimental, and due to backward compatibility, changing 
> resource/package path (say, to ChangeSet2) is not an option. 
> I am attaching a very simple project that shows two things:
>  # The jar plugin skips adding the **/ChangeSet/** files
>  # The resources plugin is configured not to skip (addDefaultExcludes) and 
> behaves properly



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MJAR-296] Allow including files excluded by default. [maven-jar-plugin]

[via GitHub]

michael-o commented on code in PR #67:
URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1557301724


##
src/it/MJAR-296-exclude-default/pom.xml:
##
@@ -0,0 +1,58 @@
+
+
+http://maven.apache.org/POM/4.0.0;
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/maven-v4_0_0.xsd;>
+  4.0.0
+
+  org.apache.maven.plugins
+  mjar-296-exclude-default
+  mjar-296-suppress-default-excludes
+  Verifies that the resulting jar not includes files excluded by 
default
+  jar
+  1.0-SNAPSHOT
+
+  
+UTF-8
+
2023-11-19T13:25:58Z
+  
+
+  
+
+  
+
+  org.apache.maven.plugins
+  maven-resources-plugin
+  @version.maven-resources-plugin@
+  
+false

Review Comment:
   Totally right, thanks!



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MJAR-296) No way to suppress default excludes in maven-jar-plugin

[ASF GitHub Bot (Jira)]

[ 
https://issues.apache.org/jira/browse/MJAR-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835324#comment-17835324
 ] 

ASF GitHub Bot commented on MJAR-296:
-

michael-o commented on code in PR #67:
URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1557300514


##
src/it/MJAR-296-exclude-default/setup.groovy:
##
@@ -0,0 +1,29 @@
+import java.nio.file.Files
+import java.nio.file.Paths
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// excluded files are not copied by m-invoker-p - so we need create one
+
+def resDir = basedir.toPath().resolve("src/main/resources")
+Files.createDirectories(resDir)
+Files.createFile(resDir.resolve(".cvsignore"))
+
+return true

Review Comment:
   My bad, let's leave as-is.





> No way to suppress default excludes in maven-jar-plugin
> ---
>
> Key: MJAR-296
> URL: https://issues.apache.org/jira/browse/MJAR-296
> Project: Maven JAR Plugin
>  Issue Type: Improvement
>Affects Versions: 3.3.0
>Reporter: G.Vaysman
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.4.0
>
> Attachments: jar-default-excludes.zip
>
>
> With the default excludes being expanded further (see 
> org.codehaus.plexus.util.AbstractScanner.{*}_DEFAULTEXCLUDES_{*}), a resource 
> directory **/ChangeSet/** will never be included in the JAR artifact.
> Some plugins (maven-resources-plugin, maven-assembly-plugin) already allow 
> suppressing the exclusion, but not the maven-jar-plugin. Code analysis of the 
> JarMojo -> DirectoryScanner call path confirms that there is no way to affect 
> the FileSet configuration. 
> Again, with ever expanding list of *_DEFAULTEXCLUDES,_* this, on our opinion, 
> is quite detrimental, and due to backward compatibility, changing 
> resource/package path (say, to ChangeSet2) is not an option. 
> I am attaching a very simple project that shows two things:
>  # The jar plugin skips adding the **/ChangeSet/** files
>  # The resources plugin is configured not to skip (addDefaultExcludes) and 
> behaves properly



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MJAR-296] Allow including files excluded by default. [maven-jar-plugin]

[via GitHub]

michael-o commented on code in PR #67:
URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1557300514


##
src/it/MJAR-296-exclude-default/setup.groovy:
##
@@ -0,0 +1,29 @@
+import java.nio.file.Files
+import java.nio.file.Paths
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// excluded files are not copied by m-invoker-p - so we need create one
+
+def resDir = basedir.toPath().resolve("src/main/resources")
+Files.createDirectories(resDir)
+Files.createFile(resDir.resolve(".cvsignore"))
+
+return true

Review Comment:
   My bad, let's leave as-is.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MJAR-296) No way to suppress default excludes in maven-jar-plugin

[ASF GitHub Bot (Jira)]

[ 
https://issues.apache.org/jira/browse/MJAR-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835309#comment-17835309
 ] 

ASF GitHub Bot commented on MJAR-296:
-

slawekjaranowski commented on code in PR #67:
URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1557256798


##
src/it/MJAR-296-exclude-default/pom.xml:
##
@@ -0,0 +1,58 @@
+
+
+http://maven.apache.org/POM/4.0.0;
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/maven-v4_0_0.xsd;>
+  4.0.0
+
+  org.apache.maven.plugins
+  mjar-296-exclude-default
+  mjar-296-suppress-default-excludes
+  Verifies that the resulting jar not includes files excluded by 
default
+  jar
+  1.0-SNAPSHOT
+
+  
+UTF-8
+
2023-11-19T13:25:58Z
+  
+
+  
+
+  
+
+  org.apache.maven.plugins
+  maven-resources-plugin
+  @version.maven-resources-plugin@
+  
+false

Review Comment:
   it is param for m-resource-p - all resources should be copied and finally 
should be filtered by m-jar-p





> No way to suppress default excludes in maven-jar-plugin
> ---
>
> Key: MJAR-296
> URL: https://issues.apache.org/jira/browse/MJAR-296
> Project: Maven JAR Plugin
>  Issue Type: Improvement
>Affects Versions: 3.3.0
>Reporter: G.Vaysman
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.4.0
>
> Attachments: jar-default-excludes.zip
>
>
> With the default excludes being expanded further (see 
> org.codehaus.plexus.util.AbstractScanner.{*}_DEFAULTEXCLUDES_{*}), a resource 
> directory **/ChangeSet/** will never be included in the JAR artifact.
> Some plugins (maven-resources-plugin, maven-assembly-plugin) already allow 
> suppressing the exclusion, but not the maven-jar-plugin. Code analysis of the 
> JarMojo -> DirectoryScanner call path confirms that there is no way to affect 
> the FileSet configuration. 
> Again, with ever expanding list of *_DEFAULTEXCLUDES,_* this, on our opinion, 
> is quite detrimental, and due to backward compatibility, changing 
> resource/package path (say, to ChangeSet2) is not an option. 
> I am attaching a very simple project that shows two things:
>  # The jar plugin skips adding the **/ChangeSet/** files
>  # The resources plugin is configured not to skip (addDefaultExcludes) and 
> behaves properly



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MJAR-296] Allow including files excluded by default. [maven-jar-plugin]

[via GitHub]

slawekjaranowski commented on code in PR #67:
URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1557256798


##
src/it/MJAR-296-exclude-default/pom.xml:
##
@@ -0,0 +1,58 @@
+
+
+http://maven.apache.org/POM/4.0.0;
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/maven-v4_0_0.xsd;>
+  4.0.0
+
+  org.apache.maven.plugins
+  mjar-296-exclude-default
+  mjar-296-suppress-default-excludes
+  Verifies that the resulting jar not includes files excluded by 
default
+  jar
+  1.0-SNAPSHOT
+
+  
+UTF-8
+
2023-11-19T13:25:58Z
+  
+
+  
+
+  
+
+  org.apache.maven.plugins
+  maven-resources-plugin
+  @version.maven-resources-plugin@
+  
+false

Review Comment:
   it is param for m-resource-p - all resources should be copied and finally 
should be filtered by m-jar-p



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MJAR-296) No way to suppress default excludes in maven-jar-plugin

[ASF GitHub Bot (Jira)]

[ 
https://issues.apache.org/jira/browse/MJAR-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835307#comment-17835307
 ] 

ASF GitHub Bot commented on MJAR-296:
-

slawekjaranowski commented on code in PR #67:
URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1557255168


##
src/it/MJAR-296-exclude-default/setup.groovy:
##
@@ -0,0 +1,29 @@
+import java.nio.file.Files
+import java.nio.file.Paths
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// excluded files are not copied by m-invoker-p - so we need create one
+
+def resDir = basedir.toPath().resolve("src/main/resources")
+Files.createDirectories(resDir)
+Files.createFile(resDir.resolve(".cvsignore"))
+
+return true

Review Comment:
   m-invoke-p will skip default excludes files during copping ... so we need 
create one
   I can try with: 
https://maven.apache.org/plugins/maven-invoker-plugin/integration-test-mojo.html#cloneAllFiles





> No way to suppress default excludes in maven-jar-plugin
> ---
>
> Key: MJAR-296
> URL: https://issues.apache.org/jira/browse/MJAR-296
> Project: Maven JAR Plugin
>  Issue Type: Improvement
>Affects Versions: 3.3.0
>Reporter: G.Vaysman
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.4.0
>
> Attachments: jar-default-excludes.zip
>
>
> With the default excludes being expanded further (see 
> org.codehaus.plexus.util.AbstractScanner.{*}_DEFAULTEXCLUDES_{*}), a resource 
> directory **/ChangeSet/** will never be included in the JAR artifact.
> Some plugins (maven-resources-plugin, maven-assembly-plugin) already allow 
> suppressing the exclusion, but not the maven-jar-plugin. Code analysis of the 
> JarMojo -> DirectoryScanner call path confirms that there is no way to affect 
> the FileSet configuration. 
> Again, with ever expanding list of *_DEFAULTEXCLUDES,_* this, on our opinion, 
> is quite detrimental, and due to backward compatibility, changing 
> resource/package path (say, to ChangeSet2) is not an option. 
> I am attaching a very simple project that shows two things:
>  # The jar plugin skips adding the **/ChangeSet/** files
>  # The resources plugin is configured not to skip (addDefaultExcludes) and 
> behaves properly



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MJAR-296] Allow including files excluded by default. [maven-jar-plugin]

[via GitHub]

slawekjaranowski commented on code in PR #67:
URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1557255168


##
src/it/MJAR-296-exclude-default/setup.groovy:
##
@@ -0,0 +1,29 @@
+import java.nio.file.Files
+import java.nio.file.Paths
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// excluded files are not copied by m-invoker-p - so we need create one
+
+def resDir = basedir.toPath().resolve("src/main/resources")
+Files.createDirectories(resDir)
+Files.createFile(resDir.resolve(".cvsignore"))
+
+return true

Review Comment:
   m-invoke-p will skip default excludes files during copping ... so we need 
create one
   I can try with: 
https://maven.apache.org/plugins/maven-invoker-plugin/integration-test-mojo.html#cloneAllFiles



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump mavenVersion from 3.6.3 to 3.8.8 [maven-scripting-plugin]

[via GitHub]

dependabot[bot] commented on PR #29:
URL: 
https://github.com/apache/maven-scripting-plugin/pull/29#issuecomment-2044458406

   OK, I won't notify you about any of these dependencies again, unless you 
re-open this PR.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump mavenVersion from 3.6.3 to 3.8.8 [maven-scripting-plugin]

[via GitHub]

dependabot[bot] closed pull request #29: Bump mavenVersion from 3.6.3 to 3.8.8
URL: https://github.com/apache/maven-scripting-plugin/pull/29


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump mavenVersion from 3.6.3 to 3.8.8 [maven-scripting-plugin]

[via GitHub]

slachiewicz commented on PR #29:
URL: 
https://github.com/apache/maven-scripting-plugin/pull/29#issuecomment-2044458296

   @dependabot ignore this dependency


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump slf4jVersion from 1.7.36 to 2.0.12 [maven-jarsigner]

[via GitHub]

dependabot[bot] commented on PR #22:
URL: https://github.com/apache/maven-jarsigner/pull/22#issuecomment-2044457756

   OK, I won't notify you about version 2.x.x again, unless you re-open this PR.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump slf4jVersion from 1.7.36 to 2.0.12 [maven-jarsigner]

[via GitHub]

dependabot[bot] closed pull request #22: Bump slf4jVersion from 1.7.36 to 2.0.12
URL: https://github.com/apache/maven-jarsigner/pull/22


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump slf4jVersion from 1.7.36 to 2.0.12 [maven-jarsigner]

[via GitHub]

slachiewicz commented on PR #22:
URL: https://github.com/apache/maven-jarsigner/pull/22#issuecomment-2044457656

   @dependabot ignore this major version


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-build-cache-extension]

[via GitHub]

slachiewicz merged PR #142:
URL: https://github.com/apache/maven-build-cache-extension/pull/142


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump slf4jVersion from 1.7.36 to 2.0.12 [maven-build-cache-extension]

[via GitHub]

dependabot[bot] commented on PR #141:
URL: 
https://github.com/apache/maven-build-cache-extension/pull/141#issuecomment-2044455851

   OK, I won't notify you about version 2.x.x again, unless you re-open this PR.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump slf4jVersion from 1.7.36 to 2.0.12 [maven-build-cache-extension]

[via GitHub]

dependabot[bot] closed pull request #141: Bump slf4jVersion from 1.7.36 to 
2.0.12
URL: https://github.com/apache/maven-build-cache-extension/pull/141


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump slf4jVersion from 1.7.36 to 2.0.12 [maven-build-cache-extension]

[via GitHub]

slachiewicz commented on PR #141:
URL: 
https://github.com/apache/maven-build-cache-extension/pull/141#issuecomment-2044455721

   @dependabot ignore this major version


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump org.jacoco:jacoco-maven-plugin from 0.8.11 to 0.8.12 [maven-doxia-converter]

[via GitHub]

slachiewicz merged PR #65:
URL: https://github.com/apache/maven-doxia-converter/pull/65


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.15.1 to 2.16.1 [maven-filtering]

[via GitHub]

slachiewicz commented on PR #101:
URL: https://github.com/apache/maven-filtering/pull/101#issuecomment-2044452972

   @dependabot ignore this dependency
   
   #96 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-doxia-converter]

[via GitHub]

slachiewicz merged PR #66:
URL: https://github.com/apache/maven-doxia-converter/pull/66


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.15.1 to 2.16.1 [maven-filtering]

[via GitHub]

dependabot[bot] commented on PR #101:
URL: https://github.com/apache/maven-filtering/pull/101#issuecomment-2044453079

   OK, I won't notify you about commons-io:commons-io again, unless you re-open 
this PR.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.15.1 to 2.16.1 [maven-filtering]

[via GitHub]

dependabot[bot] closed pull request #101: Bump commons-io:commons-io from 
2.15.1 to 2.16.1
URL: https://github.com/apache/maven-filtering/pull/101


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-assembly-plugin]

[via GitHub]

slachiewicz merged PR #201:
URL: https://github.com/apache/maven-assembly-plugin/pull/201


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Updated] (MASSEMBLY-1027) Upgrade commons-io:commons-io to 2.16.1

[Sylwester Lachiewicz (Jira)]

 [ 
https://issues.apache.org/jira/browse/MASSEMBLY-1027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sylwester Lachiewicz updated MASSEMBLY-1027:

Summary: Upgrade commons-io:commons-io to 2.16.1  (was: Upgrade 
commons-io:commons-io to 2.16.0)

> Upgrade commons-io:commons-io to 2.16.1
> ---
>
> Key: MASSEMBLY-1027
> URL: https://issues.apache.org/jira/browse/MASSEMBLY-1027
> Project: Maven Assembly Plugin
>  Issue Type: Dependency upgrade
>Reporter: Sylwester Lachiewicz
>Assignee: Sylwester Lachiewicz
>Priority: Major
> Fix For: next-release
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] Bump slf4jVersion from 1.7.36 to 2.0.12 [maven-javadoc-plugin]

[via GitHub]

dependabot[bot] commented on PR #274:
URL: 
https://github.com/apache/maven-javadoc-plugin/pull/274#issuecomment-205522

   OK, I won't notify you about version 2.x.x again, unless you re-open this PR.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump slf4jVersion from 1.7.36 to 2.0.12 [maven-javadoc-plugin]

[via GitHub]

dependabot[bot] closed pull request #274: Bump slf4jVersion from 1.7.36 to 
2.0.12
URL: https://github.com/apache/maven-javadoc-plugin/pull/274


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump slf4jVersion from 1.7.36 to 2.0.12 [maven-javadoc-plugin]

[via GitHub]

slachiewicz commented on PR #274:
URL: 
https://github.com/apache/maven-javadoc-plugin/pull/274#issuecomment-205445

   @dependabot ignore this major version 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump commons-io:commons-io from 2.6 to 2.16.1 [maven-wagon]

[via GitHub]

dependabot[bot] opened a new pull request, #110:
URL: https://github.com/apache/maven-wagon/pull/110

   Bumps commons-io:commons-io from 2.6 to 2.16.1.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.6=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.6 to 2.16.0 [maven-wagon]

[via GitHub]

dependabot[bot] closed pull request #109: Bump commons-io:commons-io from 2.6 
to 2.16.0
URL: https://github.com/apache/maven-wagon/pull/109


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Bump commons-io:commons-io from 2.6 to 2.16.0 [maven-wagon]

[via GitHub]

dependabot[bot] commented on PR #109:
URL: https://github.com/apache/maven-wagon/pull/109#issuecomment-2044390859

   Superseded by #110.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-build-cache-extension]

[via GitHub]

dependabot[bot] opened a new pull request, #142:
URL: https://github.com/apache/maven-build-cache-extension/pull/142

   Bumps commons-io:commons-io from 2.16.0 to 2.16.1.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MJAR-296) No way to suppress default excludes in maven-jar-plugin

[ASF GitHub Bot (Jira)]

[ 
https://issues.apache.org/jira/browse/MJAR-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835184#comment-17835184
 ] 

ASF GitHub Bot commented on MJAR-296:
-

michael-o commented on code in PR #67:
URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1557063948


##
src/it/MJAR-296-exclude-default/setup.groovy:
##
@@ -0,0 +1,29 @@
+import java.nio.file.Files
+import java.nio.file.Paths
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// excluded files are not copied by m-invoker-p - so we need create one
+
+def resDir = basedir.toPath().resolve("src/main/resources")
+Files.createDirectories(resDir)
+Files.createFile(resDir.resolve(".cvsignore"))
+
+return true

Review Comment:
   Why not simply add them to revision control instead of creating them?



##
src/main/java/org/apache/maven/plugins/jar/AbstractJarMojo.java:
##
@@ -169,6 +170,38 @@ public abstract class AbstractJarMojo extends AbstractMojo 
{
 @Parameter(property = "maven.jar.detectMultiReleaseJar", defaultValue = 
"true")
 private boolean detectMultiReleaseJar;
 
+/**
+ * If set to {@code false}, the files that by default are excluded from 
the resulting archive,

Review Comment:
   files and directories



##
src/it/MJAR-296-exclude-default/pom.xml:
##
@@ -0,0 +1,58 @@
+
+
+http://maven.apache.org/POM/4.0.0;
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/maven-v4_0_0.xsd;>
+  4.0.0
+
+  org.apache.maven.plugins
+  mjar-296-exclude-default
+  mjar-296-suppress-default-excludes
+  Verifies that the resulting jar not includes files excluded by 
default
+  jar
+  1.0-SNAPSHOT
+
+  
+UTF-8
+
2023-11-19T13:25:58Z
+  
+
+  
+
+  
+
+  org.apache.maven.plugins
+  maven-resources-plugin
+  @version.maven-resources-plugin@
+  
+false

Review Comment:
   I wonder why this is `false`, but the `.cvsignore` is excluded`





> No way to suppress default excludes in maven-jar-plugin
> ---
>
> Key: MJAR-296
> URL: https://issues.apache.org/jira/browse/MJAR-296
> Project: Maven JAR Plugin
>  Issue Type: Improvement
>Affects Versions: 3.3.0
>Reporter: G.Vaysman
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.4.0
>
> Attachments: jar-default-excludes.zip
>
>
> With the default excludes being expanded further (see 
> org.codehaus.plexus.util.AbstractScanner.{*}_DEFAULTEXCLUDES_{*}), a resource 
> directory **/ChangeSet/** will never be included in the JAR artifact.
> Some plugins (maven-resources-plugin, maven-assembly-plugin) already allow 
> suppressing the exclusion, but not the maven-jar-plugin. Code analysis of the 
> JarMojo -> DirectoryScanner call path confirms that there is no way to affect 
> the FileSet configuration. 
> Again, with ever expanding list of *_DEFAULTEXCLUDES,_* this, on our opinion, 
> is quite detrimental, and due to backward compatibility, changing 
> resource/package path (say, to ChangeSet2) is not an option. 
> I am attaching a very simple project that shows two things:
>  # The jar plugin skips adding the **/ChangeSet/** files
>  # The resources plugin is configured not to skip (addDefaultExcludes) and 
> behaves properly



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MJAR-296] Allow including files excluded by default. [maven-jar-plugin]

[via GitHub]

michael-o commented on code in PR #67:
URL: https://github.com/apache/maven-jar-plugin/pull/67#discussion_r1557063948


##
src/it/MJAR-296-exclude-default/setup.groovy:
##
@@ -0,0 +1,29 @@
+import java.nio.file.Files
+import java.nio.file.Paths
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// excluded files are not copied by m-invoker-p - so we need create one
+
+def resDir = basedir.toPath().resolve("src/main/resources")
+Files.createDirectories(resDir)
+Files.createFile(resDir.resolve(".cvsignore"))
+
+return true

Review Comment:
   Why not simply add them to revision control instead of creating them?



##
src/main/java/org/apache/maven/plugins/jar/AbstractJarMojo.java:
##
@@ -169,6 +170,38 @@ public abstract class AbstractJarMojo extends AbstractMojo 
{
 @Parameter(property = "maven.jar.detectMultiReleaseJar", defaultValue = 
"true")
 private boolean detectMultiReleaseJar;
 
+/**
+ * If set to {@code false}, the files that by default are excluded from 
the resulting archive,

Review Comment:
   files and directories



##
src/it/MJAR-296-exclude-default/pom.xml:
##
@@ -0,0 +1,58 @@
+
+
+http://maven.apache.org/POM/4.0.0;
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/maven-v4_0_0.xsd;>
+  4.0.0
+
+  org.apache.maven.plugins
+  mjar-296-exclude-default
+  mjar-296-suppress-default-excludes
+  Verifies that the resulting jar not includes files excluded by 
default
+  jar
+  1.0-SNAPSHOT
+
+  
+UTF-8
+
2023-11-19T13:25:58Z
+  
+
+  
+
+  
+
+  org.apache.maven.plugins
+  maven-resources-plugin
+  @version.maven-resources-plugin@
+  
+false

Review Comment:
   I wonder why this is `false`, but the `.cvsignore` is excluded`



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-source-plugin]

[via GitHub]

dependabot[bot] opened a new pull request, #27:
URL: https://github.com/apache/maven-source-plugin/pull/27

   Bumps commons-io:commons-io from 2.16.0 to 2.16.1.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commons-io:commons-io=maven=2.16.0=2.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MBUILDCACHE-71) buildinfo.xml should be stored after storing the project's artifacts

[ASF GitHub Bot (Jira)]

[ 
https://issues.apache.org/jira/browse/MBUILDCACHE-71?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835163#comment-17835163
 ] 

ASF GitHub Bot commented on MBUILDCACHE-71:
---

amirhadadi commented on PR #138:
URL: 
https://github.com/apache/maven-build-cache-extension/pull/138#issuecomment-2044228334

   @olamy would it be possible to create a new release?




> buildinfo.xml should be stored after storing the project's artifacts
> 
>
> Key: MBUILDCACHE-71
> URL: https://issues.apache.org/jira/browse/MBUILDCACHE-71
> Project: Maven Build Cache Extension
>  Issue Type: Improvement
>Affects Versions: 1.0.1
>Reporter: Amir Hadadi
>Assignee: Olivier Lamy
>Priority: Major
>  Labels: pull-request-available
> Fix For: 1.2.0
>
>
> In certain failure cases it's possible that only part of a module artifacts 
> get stored in the local and remote storage. In that case if buildinfo.xml got 
> stored, the extension will later incorrectly attempt to restore the partially 
> cached build.
> Because buildinfo.xml is used as an indication that the cached artifacts 
> exist, I propose to reorder the logic in 
> {code:java}
> CacheControllerImpl.save(){code}
>  so that 
> {code:java}
> localCache.saveBuildInfo(cacheResult, build);{code}
> will happen after the project's artifacts are stored.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] [MBUILDCACHE-71] Store the build info after storing the artifacts. [maven-build-cache-extension]

[via GitHub]

amirhadadi commented on PR #138:
URL: 
https://github.com/apache/maven-build-cache-extension/pull/138#issuecomment-2044228334

   @olamy would it be possible to create a new release?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (MPOM-478) Remove manually maintained history from site

[Herve Boutemy (Jira)]

[ 
https://issues.apache.org/jira/browse/MPOM-478?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835160#comment-17835160
 ] 

Herve Boutemy commented on MPOM-478:


good idea: these links were useful with svn because ViewVC did not help much: 
but with GitHub UX, they are not necessary any more
let's benefit from it to simplify the release process

> Remove manually maintained history from site
> 
>
> Key: MPOM-478
> URL: https://issues.apache.org/jira/browse/MPOM-478
> Project: Maven POMs
>  Issue Type: Improvement
>  Components: asf, maven
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: ASF-32, MAVEN-42
>
>
> We have history of releases eg:
> [https://maven.apache.org/pom/asf/#history]
> [https://maven.apache.org/pom/maven/#history]
> [https://maven.apache.org/pom/maven/maven-plugins/#history]
> We can replace it by link to GitHub tags/releases and everybody can find what 
> is interesting for them.
>  
> All of them are manually edited during release preparing.
> We should avoid manual steps during release.
> Site [https://maven.apache.org/developers/release/parent-pom-release.html] - 
> should be updated after it.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)