[PR] Bump commons-cli:commons-cli from 1.6.0 to 1.7.0 [maven-indexer]
dependabot[bot] opened a new pull request, #360: URL: https://github.com/apache/maven-indexer/pull/360 Bumps commons-cli:commons-cli from 1.6.0 to 1.7.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven.reporting:maven-reporting-api from 4.0.0-M9 to 4.0.0-M11 [maven-site-plugin]
dependabot[bot] opened a new pull request, #182: URL: https://github.com/apache/maven-site-plugin/pull/182 Bumps [org.apache.maven.reporting:maven-reporting-api](https://github.com/apache/maven-reporting-api) from 4.0.0-M9 to 4.0.0-M11. Commits https://github.com/apache/maven-reporting-api/commit/c59f51a325d696c71d184137958d8c03b60d4cbe;>c59f51a [maven-release-plugin] prepare release maven-reporting-api-4.0.0-M11 https://github.com/apache/maven-reporting-api/commit/c60211df4f36d794414673ca62a5ea30e5f056ab;>c60211d [MSHARED-1379] Upgrade to Doxia 2.0.0-M10 https://github.com/apache/maven-reporting-api/commit/8d228f7466227386b759cd3cbd464f2fc3e7b932;>8d228f7 [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven-reporting-api/commit/51a0dbe1cfa73e4dfcdfc715de419ceb47765709;>51a0dbe [maven-release-plugin] prepare release maven-reporting-api-4.0.0-M10 https://github.com/apache/maven-reporting-api/commit/14d42d97f9008ad5b90248ee7007fd0bef8a1874;>14d42d9 [MSHARED-1349] Upgrade to Doxia 2.0.0-M9 https://github.com/apache/maven-reporting-api/commit/094fa38234ebefa4d69ac40a827a069d3aa3c533;>094fa38 Add .checkstyle to .gitignore https://github.com/apache/maven-reporting-api/commit/b117d49b014fb0e443afaa1d75d02ef9a033b91d;>b117d49 Bump maven-gh-actions-shared to v3 https://github.com/apache/maven-reporting-api/commit/62f121f7aa0a96377c810e51975fcea8ca6407b9;>62f121f Update dependabot.yml https://github.com/apache/maven-reporting-api/commit/0cab34594c59f1ab3e7cf4c4b61e75d2976faa90;>0cab345 [maven-release-plugin] prepare for next development iteration See full diff in https://github.com/apache/maven-reporting-api/compare/maven-reporting-api-4.0.0-M9...maven-reporting-api-4.0.0-M11;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump commons-cli:commons-cli from 1.6.0 to 1.7.0 [maven-doxia-converter]
dependabot[bot] opened a new pull request, #70: URL: https://github.com/apache/maven-doxia-converter/pull/70 Bumps commons-cli:commons-cli from 1.6.0 to 1.7.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MWRAPPER-59) Inline MavenWrapperDownloader.java into mvnw
[ https://issues.apache.org/jira/browse/MWRAPPER-59?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838418#comment-17838418 ] James Z.M. Gao commented on MWRAPPER-59: [~cstamas] This issue can be merged since the only-script type is merged and published > Inline MavenWrapperDownloader.java into mvnw > > > Key: MWRAPPER-59 > URL: https://issues.apache.org/jira/browse/MWRAPPER-59 > Project: Maven Wrapper > Issue Type: Improvement > Components: Maven Wrapper Scripts >Affects Versions: 3.1.0 >Reporter: James Z.M. Gao >Priority: Major > > by inlining a lean version of MavenWrapperDownloader.java into `mnvw` script, > we can remove the `source` installing type, and avoid reuse an outdated > MavenWrapperDownloader.class -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MWRAPPER-76) Error "{6}" was unexpected at this time (Windows 10)
[
https://issues.apache.org/jira/browse/MWRAPPER-76?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838417#comment-17838417
]
James Z.M. Gao commented on MWRAPPER-76:
[~svein] [~Artur-] are the new type `only-script` also affected by this issue?
> Error "{6}" was unexpected at this time (Windows 10)
>
>
> Key: MWRAPPER-76
> URL: https://issues.apache.org/jira/browse/MWRAPPER-76
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.1.1
>Reporter: Svein
>Priority: Major
>
> {color:#00}Testes and i worked on this path: C:\tmp\New (2)\{6}
> folder\my-app57(2). The problem is the ')' character.{color}
> {color:#00}My solution is:{color}
> {color:#00}@setlocal EnableDelayedExpansion and !WRAPPER_JAR!.{color}
>
> {code:java}
> @setlocal EnableDelayedExpansion
> powershell -Command "&{"^
> "$webclient = new-object System.Net.WebClient;"^
> "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and
> [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
> "$webclient.Credentials = new-object
> System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
> "}"^
> "[Net.ServicePointManager]::SecurityProtocol =
> [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%',
> '!WRAPPER_JAR!')"^
> "}"
> @endlocal
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MWRAPPER-124) MavenWrapperDownloader uses new URL(String), which is deprecated in Java 21
[
https://issues.apache.org/jira/browse/MWRAPPER-124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838410#comment-17838410
]
ASF GitHub Bot commented on MWRAPPER-124:
-
gzm55 opened a new pull request, #133:
URL: https://github.com/apache/maven-wrapper/pull/133
Following this checklist to help us incorporate your
contribution quickly and easily:
- [ ] Make sure there is a [JIRA
issue](https://issues.apache.org/jira/browse/MWRAPPER) filed
for the change (usually before you start working on it). Trivial
changes like typos do not
require a JIRA issue. Your pull request should address just this
issue, without
pulling in other changes.
- [ ] Each commit in the pull request should have a meaningful subject line
and body.
- [ ] Format the pull request title like `[MWRAPPER-XXX] - Fixes bug in
ApproximateQuantiles`,
where you replace `MWRAPPER-XXX` with the appropriate JIRA issue.
Best practice
is to use the JIRA issue title in the pull request title and in the
first line of the
commit message.
- [ ] Write a pull request description that is detailed enough to
understand what the pull request does, how, and why.
- [ ] Run `mvn clean verify` to make sure basic checks pass. A more
thorough check will
be performed on your pull request automatically.
- [ ] You have run the integration tests successfully (`mvn -Prun-its clean
verify`).
If your pull request is about ~20 lines of code you don't need to sign an
[Individual Contributor License
Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure
please ask on the developers list.
To make clear that you license your contribution under
the [Apache License Version 2.0, January
2004](http://www.apache.org/licenses/LICENSE-2.0)
you have to acknowledge this by using the following check-box.
- [ ] I hereby declare this contribution to be licenced under the [Apache
License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
- [ ] In any other case, please file an [Apache Individual Contributor
License Agreement](https://www.apache.org/licenses/icla.pdf).
port pr https://github.com/apache/maven-wrapper/pull/120
Test Method:
```bash
sed -n '/public class Downloader/,/\t}/p'
maven-wrapper-distribution/src/resources/only-mvnw > Downloader.java
jenv shell 21 ## or 1.7, 1.8, 11, 17
javac -version
javac Downloader.java -Xlint:all -Werror
```
Passed lint compile test with jdk 1.7, 1.8, 11, 17 and 21
> MavenWrapperDownloader uses new URL(String), which is deprecated in Java 21
> ---
>
> Key: MWRAPPER-124
> URL: https://issues.apache.org/jira/browse/MWRAPPER-124
> Project: Maven Wrapper
> Issue Type: Improvement
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Russell Howe
>Assignee: Sylwester Lachiewicz
>Priority: Normal
> Fix For: 3.3.0
>
>
> {code:java}
> new URL(String)
> {code}
> was deprecated in Java 21:
> [https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/net/URL.html#constructor-deprecation]
> The Maven Wrapper docs say that Java 7+ is supported, so we can switch to
> using
> {code:java}
> URI.create(String).toURL()
> {code}
> instead, which is supported in Java 7
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[PR] [MWRAPPER-124] port MWRAPPER-124 fix to only-script [maven-wrapper]
gzm55 opened a new pull request, #133: URL: https://github.com/apache/maven-wrapper/pull/133 Following this checklist to help us incorporate your contribution quickly and easily: - [ ] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/MWRAPPER) filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes. - [ ] Each commit in the pull request should have a meaningful subject line and body. - [ ] Format the pull request title like `[MWRAPPER-XXX] - Fixes bug in ApproximateQuantiles`, where you replace `MWRAPPER-XXX` with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message. - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [ ] Run `mvn clean verify` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically. - [ ] You have run the integration tests successfully (`mvn -Prun-its clean verify`). If your pull request is about ~20 lines of code you don't need to sign an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure please ask on the developers list. To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) you have to acknowledge this by using the following check-box. - [ ] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) - [ ] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf). port pr https://github.com/apache/maven-wrapper/pull/120 Test Method: ```bash sed -n '/public class Downloader/,/\t}/p' maven-wrapper-distribution/src/resources/only-mvnw > Downloader.java jenv shell 21 ## or 1.7, 1.8, 11, 17 javac -version javac Downloader.java -Xlint:all -Werror ``` Passed lint compile test with jdk 1.7, 1.8, 11, 17 and 21 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-8097) Validate that each dependency->type is a type registered in an artifact handler
[
https://issues.apache.org/jira/browse/MNG-8097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838375#comment-17838375
]
Herve Boutemy commented on MNG-8097:
perhaps just adding an INFO message "using default extension = type,
addedToClasspath=false, includesDependency=false for dependency xxx"?
not really a warning, just a fact
> Validate that each dependency->type is a type registered in an artifact
> handler
> ---
>
> Key: MNG-8097
> URL: https://issues.apache.org/jira/browse/MNG-8097
> Project: Maven
> Issue Type: New Feature
>Reporter: Konrad Windszus
>Priority: Major
>
> Currently often the dependency's type is being set to the extension and the
> resolution is lenient, i.e. if there is no artifact handler defining the
> value given in {{dependency->type}} resolution transparently uses the type as
> extension.
> That can potentially lead to two issues:
> 1. Resolution might fail with surprising error messages like
> {code}
> Could not resolve dependencies for project : The following artifacts
> could not be resolved: : Could not transfer artifact
> ::: from/to ...
> {code}
> This is an issue for all types not defined by Maven Core itself, e.g. for
> https://jackrabbit.apache.org/filevault-package-maven-plugin/index.html which
> registers an artifact handler for type {{content-package}} with extension
> {{zip}}.
> 2. The information {{addedToClasspath}}, {{includesDependencies}} and
> {{classifier}} from the artifact handler is not evaluated
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] Ignore smart-builder core extension, if present. [maven-mvnd]
cstamas merged PR #916: URL: https://github.com/apache/maven-mvnd/pull/916 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] Detect smart builder in .mvn/extensions.xml and ignore it [maven-mvnd]
cstamas closed issue #912: Detect smart builder in .mvn/extensions.xml and ignore it URL: https://github.com/apache/maven-mvnd/issues/912 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven.shared:maven-shared-components from 41 to 42 [maven-shared-utils]
dependabot[bot] opened a new pull request, #178: URL: https://github.com/apache/maven-shared-utils/pull/178 Bumps [org.apache.maven.shared:maven-shared-components](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven.shared:maven-shared-components's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven.shared:maven-shared-components from 41 to 42 [maven-archiver]
dependabot[bot] opened a new pull request, #58: URL: https://github.com/apache/maven-archiver/pull/58 Bumps [org.apache.maven.shared:maven-shared-components](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven.shared:maven-shared-components's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MRESOLVER-535][MRESOLVER-538] Add decorator ability to graph dumper; show ranges [maven-resolver]
cstamas merged PR #464: URL: https://github.com/apache/maven-resolver/pull/464 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MRESOLVER-535) DependencyGraphDumper should be configurable
[ https://issues.apache.org/jira/browse/MRESOLVER-535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak closed MRESOLVER-535. - Resolution: Fixed > DependencyGraphDumper should be configurable > > > Key: MRESOLVER-535 > URL: https://issues.apache.org/jira/browse/MRESOLVER-535 > Project: Maven Resolver > Issue Type: Improvement > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > > In a sense, we just accumulate what all it prints out (see class history), > but this should be in fact somehow configurable. > Maybe refactor all the output into "decorator" (appender)? And the let ctor > just accept a collection of them (with some predefined collections for some > defaults)? As then, user/caller is fully in charge what the dumper is writing > out, plus, is extensible with original "decorator" idea. > Original decorator idea was that I had a lookup table of some "extra info", > and decorator was basically appending info from that lookup table. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MRESOLVER-538) In dirty tree, nodes coming from range (and parents having ranges) should be detectable
[ https://issues.apache.org/jira/browse/MRESOLVER-538?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak closed MRESOLVER-538. - Resolution: Fixed > In dirty tree, nodes coming from range (and parents having ranges) should be > detectable > --- > > Key: MRESOLVER-538 > URL: https://issues.apache.org/jira/browse/MRESOLVER-538 > Project: Maven Resolver > Issue Type: Improvement > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > > In short: today no command (ie. dependency:tree) allows one to figure out is > there a range in transitive hull or not. It MAY be deduced, but only by > verbose tree and searching for some patterns. Presence of range on node (and > children) should be marked clearly. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRESOLVER-535) DependencyGraphDumper should be configurable
[ https://issues.apache.org/jira/browse/MRESOLVER-535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838353#comment-17838353 ] ASF GitHub Bot commented on MRESOLVER-535: -- cstamas merged PR #464: URL: https://github.com/apache/maven-resolver/pull/464 > DependencyGraphDumper should be configurable > > > Key: MRESOLVER-535 > URL: https://issues.apache.org/jira/browse/MRESOLVER-535 > Project: Maven Resolver > Issue Type: Improvement > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > > In a sense, we just accumulate what all it prints out (see class history), > but this should be in fact somehow configurable. > Maybe refactor all the output into "decorator" (appender)? And the let ctor > just accept a collection of them (with some predefined collections for some > defaults)? As then, user/caller is fully in charge what the dumper is writing > out, plus, is extensible with original "decorator" idea. > Original decorator idea was that I had a lookup table of some "extra info", > and decorator was basically appending info from that lookup table. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (MDEP-922) dependency:analyze-exclusions - should report issue only in current project
[ https://issues.apache.org/jira/browse/MDEP-922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski reassigned MDEP-922: Assignee: Slawomir Jaranowski > dependency:analyze-exclusions - should report issue only in current project > --- > > Key: MDEP-922 > URL: https://issues.apache.org/jira/browse/MDEP-922 > Project: Maven Dependency Plugin > Issue Type: Dependency upgrade > Components: analyze-exclusions >Affects Versions: 3.7.0 >Reporter: Slawomir Jaranowski >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: 3.7.0 > > > eg > - we can have parent *A1* with dependencyManagement and exclusion which is > maintained in external project > - when we use dependency managed by *A1* in other project - issue should be > not reported -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Bump org.apache.maven:maven-parent from 41 to 42 [maven-resolver]
cstamas commented on PR #472: URL: https://github.com/apache/maven-resolver/pull/472#issuecomment-2061984895 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-parent from 41 to 42 [maven-resolver]
dependabot[bot] closed pull request #472: Bump org.apache.maven:maven-parent from 41 to 42 URL: https://github.com/apache/maven-resolver/pull/472 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MDEP-922) dependency:analyze-exclusions - should report issue only in current project
[ https://issues.apache.org/jira/browse/MDEP-922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MDEP-922: - Affects Version/s: 3.7.0 > dependency:analyze-exclusions - should report issue only in current project > --- > > Key: MDEP-922 > URL: https://issues.apache.org/jira/browse/MDEP-922 > Project: Maven Dependency Plugin > Issue Type: Dependency upgrade >Affects Versions: 3.7.0 >Reporter: Slawomir Jaranowski >Priority: Major > Fix For: 3.7.0 > > > eg > - we can have parent *A1* with dependencyManagement and exclusion which is > maintained in external project > - when we use dependency managed by *A1* in other project - issue should be > not reported -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MRESOLVER-539] Use parent POM 42 [maven-resolver]
cstamas merged PR #473: URL: https://github.com/apache/maven-resolver/pull/473 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MDEP-921) Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0
[ https://issues.apache.org/jira/browse/MDEP-921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski closed MDEP-921. Resolution: Fixed > Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0 > -- > > Key: MDEP-921 > URL: https://issues.apache.org/jira/browse/MDEP-921 > Project: Maven Dependency Plugin > Issue Type: Dependency upgrade >Reporter: Slawomir Jaranowski >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: 3.7.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MDEP-922) dependency:analyze-exclusions - should report issue only in current project
[ https://issues.apache.org/jira/browse/MDEP-922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MDEP-922: - Component/s: analyze-exclusions > dependency:analyze-exclusions - should report issue only in current project > --- > > Key: MDEP-922 > URL: https://issues.apache.org/jira/browse/MDEP-922 > Project: Maven Dependency Plugin > Issue Type: Dependency upgrade > Components: analyze-exclusions >Affects Versions: 3.7.0 >Reporter: Slawomir Jaranowski >Priority: Major > Fix For: 3.7.0 > > > eg > - we can have parent *A1* with dependencyManagement and exclusion which is > maintained in external project > - when we use dependency managed by *A1* in other project - issue should be > not reported -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Bump org.apache.maven:maven-parent from 41 to 42 [maven-resolver]
dependabot[bot] commented on PR #472: URL: https://github.com/apache/maven-resolver/pull/472#issuecomment-2061985374 Looks like org.apache.maven:maven-parent is up-to-date now, so this is no longer needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MRESOLVER-539) Use parent POM 42
[ https://issues.apache.org/jira/browse/MRESOLVER-539?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak closed MRESOLVER-539. - Resolution: Fixed > Use parent POM 42 > - > > Key: MRESOLVER-539 > URL: https://issues.apache.org/jira/browse/MRESOLVER-539 > Project: Maven Resolver > Issue Type: Dependency upgrade >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRESOLVER-539) Use parent POM 42
[ https://issues.apache.org/jira/browse/MRESOLVER-539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838352#comment-17838352 ] ASF GitHub Bot commented on MRESOLVER-539: -- cstamas merged PR #473: URL: https://github.com/apache/maven-resolver/pull/473 > Use parent POM 42 > - > > Key: MRESOLVER-539 > URL: https://issues.apache.org/jira/browse/MRESOLVER-539 > Project: Maven Resolver > Issue Type: Dependency upgrade >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MDEP-922) dependency:analyze-exclusions - should report issue only in current project
[ https://issues.apache.org/jira/browse/MDEP-922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MDEP-922: - Fix Version/s: 3.7.0 > dependency:analyze-exclusions - should report issue only in current project > --- > > Key: MDEP-922 > URL: https://issues.apache.org/jira/browse/MDEP-922 > Project: Maven Dependency Plugin > Issue Type: Dependency upgrade >Reporter: Slawomir Jaranowski >Priority: Major > Fix For: 3.7.0 > > > eg > - we can have parent *A1* with dependencyManagement and exclusion which is > maintained in external project > - when we use dependency managed by *A1* in other project - issue should be > not reported -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MDEP-922) dependency:analyze-exclusions - should report issue only in current project
Slawomir Jaranowski created MDEP-922: Summary: dependency:analyze-exclusions - should report issue only in current project Key: MDEP-922 URL: https://issues.apache.org/jira/browse/MDEP-922 Project: Maven Dependency Plugin Issue Type: Dependency upgrade Reporter: Slawomir Jaranowski eg - we can have parent *A1* with dependencyManagement and exclusion which is maintained in external project - when we use dependency managed by *A1* in other project - issue should be not reported -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MDEP-917) dependency:analyze-exclusions - use Resolver API instead of ProjectBuilder
[
https://issues.apache.org/jira/browse/MDEP-917?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838350#comment-17838350
]
ASF GitHub Bot commented on MDEP-917:
-
slawekjaranowski merged PR #374:
URL: https://github.com/apache/maven-dependency-plugin/pull/374
> dependency:analyze-exclusions - use Resolver API instead of ProjectBuilder
> --
>
> Key: MDEP-917
> URL: https://issues.apache.org/jira/browse/MDEP-917
> Project: Maven Dependency Plugin
> Issue Type: Improvement
> Components: analyze-exclusions
>Affects Versions: 3.7.0
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.7.0
>
>
> I would like to try to use Resolver API instead of
> ProjectBuilder in {{analyze-exclusions}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Closed] (MDEP-917) dependency:analyze-exclusions - use Resolver API instead of ProjectBuilder
[
https://issues.apache.org/jira/browse/MDEP-917?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Slawomir Jaranowski closed MDEP-917.
Resolution: Fixed
> dependency:analyze-exclusions - use Resolver API instead of ProjectBuilder
> --
>
> Key: MDEP-917
> URL: https://issues.apache.org/jira/browse/MDEP-917
> Project: Maven Dependency Plugin
> Issue Type: Improvement
> Components: analyze-exclusions
>Affects Versions: 3.7.0
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.7.0
>
>
> I would like to try to use Resolver API instead of
> ProjectBuilder in {{analyze-exclusions}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [MDEP-917] dependency:analyze-exclusions - use Resolver API instead of ProjectBuilder [maven-dependency-plugin]
slawekjaranowski merged PR #374: URL: https://github.com/apache/maven-dependency-plugin/pull/374 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MWRAPPER-131) Downloader downloads directly into target file
[ https://issues.apache.org/jira/browse/MWRAPPER-131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838349#comment-17838349 ] ASF GitHub Bot commented on MWRAPPER-131: - cstamas merged PR #128: URL: https://github.com/apache/maven-wrapper/pull/128 > Downloader downloads directly into target file > -- > > Key: MWRAPPER-131 > URL: https://issues.apache.org/jira/browse/MWRAPPER-131 > Project: Maven Wrapper > Issue Type: Bug >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 3.3.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MWRAPPER-131) Downloader downloads directly into target file
[ https://issues.apache.org/jira/browse/MWRAPPER-131?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak closed MWRAPPER-131. Resolution: Fixed > Downloader downloads directly into target file > -- > > Key: MWRAPPER-131 > URL: https://issues.apache.org/jira/browse/MWRAPPER-131 > Project: Maven Wrapper > Issue Type: Bug >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 3.3.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MWRAPPER-131] Make downloader not stream into final target file [maven-wrapper]
cstamas merged PR #128: URL: https://github.com/apache/maven-wrapper/pull/128 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MWRAPPER-108) mvnw script fails silently when download fails
[ https://issues.apache.org/jira/browse/MWRAPPER-108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak closed MWRAPPER-108. Resolution: Fixed > mvnw script fails silently when download fails > -- > > Key: MWRAPPER-108 > URL: https://issues.apache.org/jira/browse/MWRAPPER-108 > Project: Maven Wrapper > Issue Type: Bug > Components: Maven Wrapper Scripts >Affects Versions: 3.2.0 >Reporter: selckin >Assignee: Benjamin Marwell >Priority: Major > Fix For: 3.3.0 > > > The wrapper only-mvnw script fail silently when the download fails, giving a > cryptic error when trying to run mvn > https://github.com/apache/maven-wrapper/pull/98 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tamas Cservenak closed MWRAPPER-103.
Resolution: Fixed
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised. Investigate or delete
> /d/a/quarkus/quarkus/.mvn/wrapper/maven-wrapper.jar to attempt a clean
> download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MWRAPPER-108) mvnw script fails silently when download fails
[ https://issues.apache.org/jira/browse/MWRAPPER-108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838346#comment-17838346 ] ASF GitHub Bot commented on MWRAPPER-108: - cstamas merged PR #130: URL: https://github.com/apache/maven-wrapper/pull/130 > mvnw script fails silently when download fails > -- > > Key: MWRAPPER-108 > URL: https://issues.apache.org/jira/browse/MWRAPPER-108 > Project: Maven Wrapper > Issue Type: Bug > Components: Maven Wrapper Scripts >Affects Versions: 3.2.0 >Reporter: selckin >Assignee: Benjamin Marwell >Priority: Major > Fix For: 3.3.0 > > > The wrapper only-mvnw script fail silently when the download fails, giving a > cryptic error when trying to run mvn > https://github.com/apache/maven-wrapper/pull/98 -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MWRAPPER-108] Emit clear error message when download fails on U*IX [maven-wrapper]
cstamas merged PR #130: URL: https://github.com/apache/maven-wrapper/pull/130 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838345#comment-17838345
]
ASF GitHub Bot commented on MWRAPPER-103:
-
cstamas merged PR #132:
URL: https://github.com/apache/maven-wrapper/pull/132
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised. Investigate or delete
> /d/a/quarkus/quarkus/.mvn/wrapper/maven-wrapper.jar to attempt a clean
> download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [MWRAPPER-103] Apply recommended workaround [maven-wrapper]
cstamas merged PR #132: URL: https://github.com/apache/maven-wrapper/pull/132 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven.shared:maven-shared-components from 41 to 42 [maven-shared-resources]
dependabot[bot] opened a new pull request, #13: URL: https://github.com/apache/maven-shared-resources/pull/13 Bumps [org.apache.maven.shared:maven-shared-components](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven.shared:maven-shared-components's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven.shared:maven-shared-components from 41 to 42 [maven-shared-incremental]
dependabot[bot] opened a new pull request, #30: URL: https://github.com/apache/maven-shared-incremental/pull/30 Bumps [org.apache.maven.shared:maven-shared-components](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven.shared:maven-shared-components's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven.shared:maven-shared-components from 41 to 42 [maven-filtering]
dependabot[bot] opened a new pull request, #103: URL: https://github.com/apache/maven-filtering/pull/103 Bumps [org.apache.maven.shared:maven-shared-components](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven.shared:maven-shared-components's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven.plugins:maven-plugins from 41 to 42 [maven-deploy-plugin]
dependabot[bot] opened a new pull request, #52: URL: https://github.com/apache/maven-deploy-plugin/pull/52 Bumps [org.apache.maven.plugins:maven-plugins](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven.plugins:maven-plugins's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MDEP-921] Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0 [maven-dependency-plugin]
slawekjaranowski merged PR #376: URL: https://github.com/apache/maven-dependency-plugin/pull/376 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MDEP-921) Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0
[ https://issues.apache.org/jira/browse/MDEP-921?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838292#comment-17838292 ] ASF GitHub Bot commented on MDEP-921: - slawekjaranowski merged PR #376: URL: https://github.com/apache/maven-dependency-plugin/pull/376 > Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0 > -- > > Key: MDEP-921 > URL: https://issues.apache.org/jira/browse/MDEP-921 > Project: Maven Dependency Plugin > Issue Type: Dependency upgrade >Reporter: Slawomir Jaranowski >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: 3.7.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MDEP-921) Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0
Slawomir Jaranowski created MDEP-921: Summary: Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0 Key: MDEP-921 URL: https://issues.apache.org/jira/browse/MDEP-921 Project: Maven Dependency Plugin Issue Type: Dependency upgrade Reporter: Slawomir Jaranowski Assignee: Slawomir Jaranowski Fix For: 3.7.0 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[PR] Bump org.apache.maven:maven-parent from 41 to 42 [maven-scm]
dependabot[bot] opened a new pull request, #208: URL: https://github.com/apache/maven-scm/pull/208 Bumps [org.apache.maven:maven-parent](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven:maven-parent's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0 [maven-scm]
dependabot[bot] opened a new pull request, #207: URL: https://github.com/apache/maven-scm/pull/207 Bumps org.apache.commons:commons-text from 1.11.0 to 1.12.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven.plugins:maven-plugins from 41 to 42 [maven-help-plugin]
dependabot[bot] opened a new pull request, #110: URL: https://github.com/apache/maven-help-plugin/pull/110 Bumps [org.apache.maven.plugins:maven-plugins](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven.plugins:maven-plugins's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-7388) Support Java prerequisites for Maven plugins
[
https://issues.apache.org/jira/browse/MNG-7388?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838247#comment-17838247
]
Konrad Windszus commented on MNG-7388:
--
[~jnord_cbs] Indeed, thanks for noticing.
> Support Java prerequisites for Maven plugins
>
>
> Key: MNG-7388
> URL: https://issues.apache.org/jira/browse/MNG-7388
> Project: Maven
> Issue Type: Improvement
>Reporter: Konrad Windszus
>Priority: Major
>
> Currently only the minimum Maven version can be explicitly required for a
> Maven plugin via {{prerequisites->maven}}. The same should be possible for
> the Java version, as Maven plugins compiled for Java 11 won't run on Java 8
> and currently only emit the nasty "UnsupportedClassVersion" errors.
> The plugin reporting plugin uses some heuristics in
> https://github.com/apache/maven-plugin-tools/blob/c6d0808b92423b969f8d2aac500b7263399d0373/maven-plugin-plugin/src/main/java/org/apache/maven/plugin/plugin/PluginReport.java#L739,
> but this is only considered for the plugin documentation but never at run
> time. This metadata should be evaluated similar to prerequisites.maven at
> https://github.com/apache/maven/blob/0080e845884922814d26914d0ae9f59b084bee35/maven-core/src/main/java/org/apache/maven/lifecycle/internal/MojoExecutor.java#L173
> This requires a Maven model change though, and therefore can only end up in
> Maven 5.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (MNG-7388) Support Java prerequisites for Maven plugins
[
https://issues.apache.org/jira/browse/MNG-7388?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus resolved MNG-7388.
--
Resolution: Duplicate
> Support Java prerequisites for Maven plugins
>
>
> Key: MNG-7388
> URL: https://issues.apache.org/jira/browse/MNG-7388
> Project: Maven
> Issue Type: Improvement
>Reporter: Konrad Windszus
>Priority: Major
>
> Currently only the minimum Maven version can be explicitly required for a
> Maven plugin via {{prerequisites->maven}}. The same should be possible for
> the Java version, as Maven plugins compiled for Java 11 won't run on Java 8
> and currently only emit the nasty "UnsupportedClassVersion" errors.
> The plugin reporting plugin uses some heuristics in
> https://github.com/apache/maven-plugin-tools/blob/c6d0808b92423b969f8d2aac500b7263399d0373/maven-plugin-plugin/src/main/java/org/apache/maven/plugin/plugin/PluginReport.java#L739,
> but this is only considered for the plugin documentation but never at run
> time. This metadata should be evaluated similar to prerequisites.maven at
> https://github.com/apache/maven/blob/0080e845884922814d26914d0ae9f59b084bee35/maven-core/src/main/java/org/apache/maven/lifecycle/internal/MojoExecutor.java#L173
> This requires a Maven model change though, and therefore can only end up in
> Maven 5.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[PR] Bump org.apache.maven.plugins:maven-plugins from 41 to 42 [maven-compiler-plugin]
dependabot[bot] opened a new pull request, #235: URL: https://github.com/apache/maven-compiler-plugin/pull/235 Bumps [org.apache.maven.plugins:maven-plugins](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven.plugins:maven-plugins's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MRESOLVER-538) In dirty tree, nodes coming from range (and parents having ranges) should be detectable
[ https://issues.apache.org/jira/browse/MRESOLVER-538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838229#comment-17838229 ] Tamas Cservenak commented on MRESOLVER-538: --- Done as part of MRESOLVER-535 > In dirty tree, nodes coming from range (and parents having ranges) should be > detectable > --- > > Key: MRESOLVER-538 > URL: https://issues.apache.org/jira/browse/MRESOLVER-538 > Project: Maven Resolver > Issue Type: Improvement > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > > In short: today no command (ie. dependency:tree) allows one to figure out is > there a range in transitive hull or not. It MAY be deduced, but only by > verbose tree and searching for some patterns. Presence of range on node (and > children) should be marked clearly. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (MRESOLVER-538) In dirty tree, nodes coming from range (and parents having ranges) should be detectable
[ https://issues.apache.org/jira/browse/MRESOLVER-538?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak reassigned MRESOLVER-538: - Assignee: Tamas Cservenak > In dirty tree, nodes coming from range (and parents having ranges) should be > detectable > --- > > Key: MRESOLVER-538 > URL: https://issues.apache.org/jira/browse/MRESOLVER-538 > Project: Maven Resolver > Issue Type: Improvement > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > > In short: today no command (ie. dependency:tree) allows one to figure out is > there a range in transitive hull or not. It MAY be deduced, but only by > verbose tree and searching for some patterns. Presence of range on node (and > children) should be marked clearly. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7388) Support Java prerequisites for Maven plugins
[
https://issues.apache.org/jira/browse/MNG-7388?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838218#comment-17838218
]
James Nord commented on MNG-7388:
-
dupe of https://issues.apache.org/jira/browse/MNG-7566 which is now fixed for
Maven4?
> Support Java prerequisites for Maven plugins
>
>
> Key: MNG-7388
> URL: https://issues.apache.org/jira/browse/MNG-7388
> Project: Maven
> Issue Type: Improvement
>Reporter: Konrad Windszus
>Priority: Major
>
> Currently only the minimum Maven version can be explicitly required for a
> Maven plugin via {{prerequisites->maven}}. The same should be possible for
> the Java version, as Maven plugins compiled for Java 11 won't run on Java 8
> and currently only emit the nasty "UnsupportedClassVersion" errors.
> The plugin reporting plugin uses some heuristics in
> https://github.com/apache/maven-plugin-tools/blob/c6d0808b92423b969f8d2aac500b7263399d0373/maven-plugin-plugin/src/main/java/org/apache/maven/plugin/plugin/PluginReport.java#L739,
> but this is only considered for the plugin documentation but never at run
> time. This metadata should be evaluated similar to prerequisites.maven at
> https://github.com/apache/maven/blob/0080e845884922814d26914d0ae9f59b084bee35/maven-core/src/main/java/org/apache/maven/lifecycle/internal/MojoExecutor.java#L173
> This requires a Maven model change though, and therefore can only end up in
> Maven 5.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[PR] Bump org.apache.maven.plugins:maven-plugins from 41 to 42 [maven-antrun-plugin]
dependabot[bot] opened a new pull request, #96: URL: https://github.com/apache/maven-antrun-plugin/pull/96 Bumps [org.apache.maven.plugins:maven-plugins](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven.plugins:maven-plugins's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MSITE-1006) MSITE-723 causes duplicate document rendering and log output
[
https://issues.apache.org/jira/browse/MSITE-1006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838193#comment-17838193
]
Michael Osipov commented on MSITE-1006:
---
Don't confuse reports with generated documents. There is no issue with reports
vs. documents, but solely generated documents. Currently they override reports
and editable documents, but that his implemented ugly.
> MSITE-723 causes duplicate document rendering and log output
>
>
> Key: MSITE-1006
> URL: https://issues.apache.org/jira/browse/MSITE-1006
> Project: Maven Site Plugin
> Issue Type: Bug
> Components: doxia integration
>Affects Versions: 4.0.0-M13
>Reporter: Michael Osipov
>Assignee: Michael Osipov
>Priority: Major
> Fix For: 4.0.0, 4.0.0-M14
>
>
> Consider the following output:
> {noformat}
> ...
> [INFO] --- maven-site-plugin:3.12.1:site (default-site) @ doxia-skin-model ---
> [INFO] configuring report plugin
> org.apache.maven.plugins:maven-project-info-reports-plugin:3.4.5
> [INFO] 15 reports configured for maven-project-info-reports-plugin:3.4.5:
> index, summary, dependency-info, modules, team, scm, issue-management,
> mailing-lists, dependency-management, dependencies, dependency-convergence,
> ci-management, plugin-management, plugins, distribution-management
> [INFO] Rendering site with default locale English (en)
> [INFO] Relativizing decoration links with respect to localized project URL:
> https://maven.apache.org/doxia/doxia-sitetools/doxia-skin-model/
> [INFO] Rendering content with
> org.apache.maven.skins:maven-fluido-skin:jar:1.11.2 skin.
> [INFO] Skipped "About" report
> (maven-project-info-reports-plugin:3.4.5:index), file "index.html" already
> exists.
> [INFO] Rendering 2 Doxia documents: 1 apt, 1 xdoc
> [INFO] Generating "Summary" report ---
> maven-project-info-reports-plugin:3.4.5:summary
> [INFO] Generating "Dependency Information" report ---
> maven-project-info-reports-plugin:3.4.5:dependency-info
> [INFO] Generating "Team" report ---
> maven-project-info-reports-plugin:3.4.5:team
> [INFO] Generating "Source Code Management" report ---
> maven-project-info-reports-plugin:3.4.5:scm
> [INFO] Generating "Issue Management" report ---
> maven-project-info-reports-plugin:3.4.5:issue-management
> [INFO] Generating "Mailing Lists" report---
> maven-project-info-reports-plugin:3.4.5:mailing-lists
> [INFO] Generating "Dependency Management" report ---
> maven-project-info-reports-plugin:3.4.5:dependency-management
> [INFO] Generating "Dependencies" report ---
> maven-project-info-reports-plugin:3.4.5:dependencies
> [INFO] Generating "Dependency Convergence" report ---
> maven-project-info-reports-plugin:3.4.5:dependency-convergence
> [INFO] Generating "CI Management" report---
> maven-project-info-reports-plugin:3.4.5:ci-management
> [INFO] Generating "Plugin Management" report---
> maven-project-info-reports-plugin:3.4.5:plugin-management
> [INFO] Generating "Plugins" report ---
> maven-project-info-reports-plugin:3.4.5:plugins
> [INFO] Generating "Distribution Management" report ---
> maven-project-info-reports-plugin:3.4.5:distribution-management
> [INFO] Rendering 1 generated Doxia document: 1 xdoc
> ...
> {noformat}
> Let's locate these two handwritten documents:
> {noformat}
> ~/var/Projekte/maven-doxia-sitetools (master =)
> $ tree doxia-skin-model/src/site/
> doxia-skin-model/src/site/
> ├── apt
> │ └── index.apt
> └── site.xml
> 2 directories, 2 files
> {noformat}
> There aren't. This is caused by MSITE-723 which add generated documents for
> the first round of rendering (non-editable ones), then does the rendering,
> does reports and then allows generated documents to overwrite report output
> by running generated rendering again.
> This is suboptimal since it causes:
> * Duplicate rendering
> * Deceiving log output
> * Maven Fluido Skin generates an "Edit Button" for such content sind the
> editable flag is set to true:
> view-source:https://maven.apache.org/doxia/doxia-sitetools-archives/doxia-sitetools-2.0.0-M16/doxia-skin-model/skin.html
> The solution to the problem is to flag the document renderer for such output
> with Sitetools to allow unconditional overwrite. We need to fix Doxia
> Sitetools first and then we can fix in this plugin.
> Block in question:
> https://github.com/apache/maven-site-plugin/blob/036997f9a70b7394d9a9771ede04a686aca834e1/src/main/java/org/apache/maven/plugins/site/render/SiteMojo.java#L123-L167
> This needs to be {{true}}:
> https://maven.apache.org/doxia/doxia-sitetools/doxia-site-renderer/xref/org/apache/maven/doxia/siterenderer/DoxiaDocumentRenderer.html#L61
--
This message was sent by Atlassian Jira
[PR] Bump org.apache.maven.plugins:maven-plugins from 41 to 42 [maven-doap-plugin]
dependabot[bot] opened a new pull request, #26: URL: https://github.com/apache/maven-doap-plugin/pull/26 Bumps [org.apache.maven.plugins:maven-plugins](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven.plugins:maven-plugins's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven:maven-parent from 41 to 42 [maven-plugin-tools]
dependabot[bot] opened a new pull request, #279: URL: https://github.com/apache/maven-plugin-tools/pull/279 Bumps [org.apache.maven:maven-parent](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven:maven-parent's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Assigned] (MRESOLVER-539) Use parent POM 42
[ https://issues.apache.org/jira/browse/MRESOLVER-539?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak reassigned MRESOLVER-539: - Assignee: Tamas Cservenak > Use parent POM 42 > - > > Key: MRESOLVER-539 > URL: https://issues.apache.org/jira/browse/MRESOLVER-539 > Project: Maven Resolver > Issue Type: Dependency upgrade >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRESOLVER-539) Use parent POM 42
[ https://issues.apache.org/jira/browse/MRESOLVER-539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838174#comment-17838174 ] ASF GitHub Bot commented on MRESOLVER-539: -- cstamas opened a new pull request, #473: URL: https://github.com/apache/maven-resolver/pull/473 --- https://issues.apache.org/jira/browse/MRESOLVER-539 > Use parent POM 42 > - > > Key: MRESOLVER-539 > URL: https://issues.apache.org/jira/browse/MRESOLVER-539 > Project: Maven Resolver > Issue Type: Dependency upgrade >Reporter: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-11 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MRESOLVER-539) Use parent POM 42
Tamas Cservenak created MRESOLVER-539: - Summary: Use parent POM 42 Key: MRESOLVER-539 URL: https://issues.apache.org/jira/browse/MRESOLVER-539 Project: Maven Resolver Issue Type: Dependency upgrade Reporter: Tamas Cservenak Fix For: 2.0.0, 2.0.0-alpha-11 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRESOLVER-536) Skip setting last modified time when FS does not support it
[
https://issues.apache.org/jira/browse/MRESOLVER-536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838169#comment-17838169
]
ASF GitHub Bot commented on MRESOLVER-536:
--
cstamas merged PR #471:
URL: https://github.com/apache/maven-resolver/pull/471
> Skip setting last modified time when FS does not support it
> ---
>
> Key: MRESOLVER-536
> URL: https://issues.apache.org/jira/browse/MRESOLVER-536
> Project: Maven Resolver
> Issue Type: Improvement
> Components: Resolver
>Affects Versions: 1.9.18
>Reporter: Jurrie Overgoor
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 2.0.0, 1.9.19, 2.0.0-alpha-11
>
> Attachments: Stacktrace.txt
>
>
> When Maven resolver downloads a file and writes it to disk, it tries to set
> the last modified time on it. There are filesystems that do not support the
> "set last modified time" operation. In that case the operation will fail, and
> the Maven build will error out with a {{FileSystemException}}. Attached is
> (the last part of) such a stack track trace.
> I encountered such a file system when running in a Kubernetes (Openshift
> actually, but that's Kubernetes based) cloud setup. I mapped the {{~/.m2}}
> directory to a Persistent Volume Claim so that files downloaded in one build
> are retained in the next build. I explicitly set the access mode to
> ReadWriteMany (a.k.a. RWX, a.k.a. Shared Access) so that multiple build nodes
> can use the same PVC. The PVC is provisioned by a [`file.csi.azure.com`
> provisioner|https://learn.microsoft.com/en-us/azure/aks/azure-files-csi]. And
> that translates to a file system that does not support setting the last
> modified time on a file. Thus the call to
> {{java.nio.file.Files.setLastModifiedTime(Path, FileTime)}} in
> {{org.eclipse.aether.transport.http.HttpTransporter.EntityGetter.handle(CloseableHttpResponse)org.eclipse.aether.transport.http.HttpTransporter.EntityGetter.handle(CloseableHttpResponse)}}
> comes crashing down.
> There is no good way to query if the FS supports the call. So I resorted to
> wrapping the call in a `try .. catch` block. This seems to work. Maven
> downloads dependencies again, and my build progresses.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [MRESOLVER-536] Followup change: log failures [maven-resolver]
cstamas merged PR #471: URL: https://github.com/apache/maven-resolver/pull/471 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven:maven-parent from 41 to 42 [maven-jxr]
dependabot[bot] opened a new pull request, #111: URL: https://github.com/apache/maven-jxr/pull/111 Bumps [org.apache.maven:maven-parent](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven:maven-parent's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838162#comment-17838162
]
ASF GitHub Bot commented on MWRAPPER-103:
-
cstamas commented on code in PR #132:
URL: https://github.com/apache/maven-wrapper/pull/132#discussion_r1568774598
##
maven-wrapper-distribution/src/resources/mvnw.cmd:
##
@@ -160,6 +160,7 @@ FOR /F "usebackq tokens=1,2 delims==" %%A IN
("%MAVEN_PROJECTBASEDIR%\.mvn\wrapp
)
IF NOT %WRAPPER_SHA_256_SUM%=="" (
powershell -Command "&{"^
+ "Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function
Get-FileHash"^
Review Comment:
even if it is to avoid, will add to be consistent with existing PS code
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
>
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838160#comment-17838160
]
ASF GitHub Bot commented on MWRAPPER-103:
-
cstamas commented on code in PR #132:
URL: https://github.com/apache/maven-wrapper/pull/132#discussion_r1568771457
##
maven-wrapper-distribution/src/resources/mvnw.cmd:
##
@@ -160,6 +160,7 @@ FOR /F "usebackq tokens=1,2 delims==" %%A IN
("%MAVEN_PROJECTBASEDIR%\.mvn\wrapp
)
IF NOT %WRAPPER_SHA_256_SUM%=="" (
powershell -Command "&{"^
+ "Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function
Get-FileHash"^
Review Comment:
Hm, no idea, but Google found me this:
https://poshcode.gitbook.io/powershell-practice-and-style/style-guide/code-layout-and-formatting#avoid-using-semicolons-as-line-terminators
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
>
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838159#comment-17838159
]
ASF GitHub Bot commented on MWRAPPER-103:
-
jorsol commented on code in PR #132:
URL: https://github.com/apache/maven-wrapper/pull/132#discussion_r1568764174
##
maven-wrapper-distribution/src/resources/mvnw.cmd:
##
@@ -160,6 +160,7 @@ FOR /F "usebackq tokens=1,2 delims==" %%A IN
("%MAVEN_PROJECTBASEDIR%\.mvn\wrapp
)
IF NOT %WRAPPER_SHA_256_SUM%=="" (
powershell -Command "&{"^
+ "Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function
Get-FileHash"^
Review Comment:
I assume that a `;` is needed at the end of Get-FileHash.
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised.
Re: [PR] [MWRAPPER-103] Apply recommended workaround [maven-wrapper]
jorsol commented on code in PR #132:
URL: https://github.com/apache/maven-wrapper/pull/132#discussion_r1568764174
##
maven-wrapper-distribution/src/resources/mvnw.cmd:
##
@@ -160,6 +160,7 @@ FOR /F "usebackq tokens=1,2 delims==" %%A IN
("%MAVEN_PROJECTBASEDIR%\.mvn\wrapp
)
IF NOT %WRAPPER_SHA_256_SUM%=="" (
powershell -Command "&{"^
+ "Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function
Get-FileHash"^
Review Comment:
I assume that a `;` is needed at the end of Get-FileHash.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[PR] Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0 [maven-doxia]
dependabot[bot] opened a new pull request, #211: URL: https://github.com/apache/maven-doxia/pull/211 Bumps org.apache.commons:commons-text from 1.11.0 to 1.12.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven.plugins:maven-plugins from 41 to 42 [maven-pdf-plugin]
dependabot[bot] opened a new pull request, #53: URL: https://github.com/apache/maven-pdf-plugin/pull/53 Bumps [org.apache.maven.plugins:maven-plugins](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven.plugins:maven-plugins's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MWRAPPER-103] Apply recommended workaround [maven-wrapper]
cstamas commented on PR #132: URL: https://github.com/apache/maven-wrapper/pull/132#issuecomment-2061147476 Unsure is thie import module needed for other use of Get-FileHash as well? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838158#comment-17838158
]
ASF GitHub Bot commented on MWRAPPER-103:
-
cstamas commented on PR #132:
URL: https://github.com/apache/maven-wrapper/pull/132#issuecomment-2061147476
Unsure is thie import module needed for other use of Get-FileHash as well?
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised. Investigate or delete
> /d/a/quarkus/quarkus/.mvn/wrapper/maven-wrapper.jar to attempt a clean
> download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838151#comment-17838151
]
ASF GitHub Bot commented on MWRAPPER-103:
-
cstamas opened a new pull request, #132:
URL: https://github.com/apache/maven-wrapper/pull/132
As Marcono1234 on JIRA issue recommended, added workaround just before the
use of `Get-FileHash` call.
---
https://issues.apache.org/jira/browse/MWRAPPER-103
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised. Investigate or delete
> /d/a/quarkus/quarkus/.mvn/wrapper/maven-wrapper.jar to attempt a clean
> download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.
> {noformat}
>
--
This message was sent by Atlassian
Re: [PR] [MWRAPPER-103] Workaround: demote check to Warning [maven-wrapper]
cstamas commented on PR #131: URL: https://github.com/apache/maven-wrapper/pull/131#issuecomment-2061137170 Next attempt: https://github.com/apache/maven-wrapper/pull/132 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MWRAPPER-103] Apply recommended workaround [maven-wrapper]
cstamas commented on code in PR #132:
URL: https://github.com/apache/maven-wrapper/pull/132#discussion_r1568774598
##
maven-wrapper-distribution/src/resources/mvnw.cmd:
##
@@ -160,6 +160,7 @@ FOR /F "usebackq tokens=1,2 delims==" %%A IN
("%MAVEN_PROJECTBASEDIR%\.mvn\wrapp
)
IF NOT %WRAPPER_SHA_256_SUM%=="" (
powershell -Command "&{"^
+ "Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function
Get-FileHash"^
Review Comment:
even if it is to avoid, will add to be consistent with existing PS code
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[PR] Bump org.apache.maven:maven-parent from 41 to 42 [maven-dist-tool]
dependabot[bot] opened a new pull request, #54: URL: https://github.com/apache/maven-dist-tool/pull/54 Bumps [org.apache.maven:maven-parent](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven:maven-parent's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven.reporting:maven-reporting-api from 4.0.0-M2 to 4.0.0-M11 [maven-dist-tool]
dependabot[bot] opened a new pull request, #53: URL: https://github.com/apache/maven-dist-tool/pull/53 Bumps [org.apache.maven.reporting:maven-reporting-api](https://github.com/apache/maven-reporting-api) from 4.0.0-M2 to 4.0.0-M11. Commits https://github.com/apache/maven-reporting-api/commit/c59f51a325d696c71d184137958d8c03b60d4cbe;>c59f51a [maven-release-plugin] prepare release maven-reporting-api-4.0.0-M11 https://github.com/apache/maven-reporting-api/commit/c60211df4f36d794414673ca62a5ea30e5f056ab;>c60211d [MSHARED-1379] Upgrade to Doxia 2.0.0-M10 https://github.com/apache/maven-reporting-api/commit/8d228f7466227386b759cd3cbd464f2fc3e7b932;>8d228f7 [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven-reporting-api/commit/51a0dbe1cfa73e4dfcdfc715de419ceb47765709;>51a0dbe [maven-release-plugin] prepare release maven-reporting-api-4.0.0-M10 https://github.com/apache/maven-reporting-api/commit/14d42d97f9008ad5b90248ee7007fd0bef8a1874;>14d42d9 [MSHARED-1349] Upgrade to Doxia 2.0.0-M9 https://github.com/apache/maven-reporting-api/commit/094fa38234ebefa4d69ac40a827a069d3aa3c533;>094fa38 Add .checkstyle to .gitignore https://github.com/apache/maven-reporting-api/commit/b117d49b014fb0e443afaa1d75d02ef9a033b91d;>b117d49 Bump maven-gh-actions-shared to v3 https://github.com/apache/maven-reporting-api/commit/62f121f7aa0a96377c810e51975fcea8ca6407b9;>62f121f Update dependabot.yml https://github.com/apache/maven-reporting-api/commit/0cab34594c59f1ab3e7cf4c4b61e75d2976faa90;>0cab345 [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven-reporting-api/commit/20513784ee721a94e7862b7359f03e612c9afee7;>2051378 [maven-release-plugin] prepare release maven-reporting-api-4.0.0-M9 Additional commits viewable in https://github.com/apache/maven-reporting-api/compare/maven-reporting-api-4.0.0-M2...maven-reporting-api-4.0.0-M11;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MWRAPPER-103] Apply recommended workaround [maven-wrapper]
cstamas commented on code in PR #132:
URL: https://github.com/apache/maven-wrapper/pull/132#discussion_r1568771457
##
maven-wrapper-distribution/src/resources/mvnw.cmd:
##
@@ -160,6 +160,7 @@ FOR /F "usebackq tokens=1,2 delims==" %%A IN
("%MAVEN_PROJECTBASEDIR%\.mvn\wrapp
)
IF NOT %WRAPPER_SHA_256_SUM%=="" (
powershell -Command "&{"^
+ "Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function
Get-FileHash"^
Review Comment:
Hm, no idea, but Google found me this:
https://poshcode.gitbook.io/powershell-practice-and-style/style-guide/code-layout-and-formatting#avoid-using-semicolons-as-line-terminators
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[PR] Bump org.apache.maven:maven-parent from 41 to 42 [maven-doxia]
dependabot[bot] opened a new pull request, #210: URL: https://github.com/apache/maven-doxia/pull/210 Bumps [org.apache.maven:maven-parent](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven:maven-parent's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838139#comment-17838139
]
ASF GitHub Bot commented on MWRAPPER-103:
-
jorsol commented on PR #131:
URL: https://github.com/apache/maven-wrapper/pull/131#issuecomment-2061113392
The issue affects the `wrapperSha256Sum` from `mvnw`, not `only-mvnw`,
actually the only-mvnw does not validate the `wrapperSha256Sum` since it
doesn't download the jar.
In the end, this is not the fix for the issue reported, the trouble is that
`only-mvnw` does different things than `mvnw`, so it seems that using
`only-mvnw` works and `mvnw` don't.
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised. Investigate or delete
>
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838152#comment-17838152
]
ASF GitHub Bot commented on MWRAPPER-103:
-
cstamas commented on PR #131:
URL: https://github.com/apache/maven-wrapper/pull/131#issuecomment-2061137170
Next attempt: https://github.com/apache/maven-wrapper/pull/132
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised. Investigate or delete
> /d/a/quarkus/quarkus/.mvn/wrapper/maven-wrapper.jar to attempt a clean
> download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838149#comment-17838149
]
ASF GitHub Bot commented on MWRAPPER-103:
-
cstamas commented on PR #131:
URL: https://github.com/apache/maven-wrapper/pull/131#issuecomment-2061129221
Yup, that is my problem as well: "not sure" :smile:
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised. Investigate or delete
> /d/a/quarkus/quarkus/.mvn/wrapper/maven-wrapper.jar to attempt a clean
> download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [MWRAPPER-103] Workaround: demote check to Warning [maven-wrapper]
cstamas commented on PR #131: URL: https://github.com/apache/maven-wrapper/pull/131#issuecomment-2061129221 Yup, that is my problem as well: "not sure" :smile: -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838141#comment-17838141
]
ASF GitHub Bot commented on MWRAPPER-103:
-
cstamas commented on PR #131:
URL: https://github.com/apache/maven-wrapper/pull/131#issuecomment-2061120774
Oh, got it now. Ok, am closing this one out then, as I missed the topic.
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised. Investigate or delete
> /d/a/quarkus/quarkus/.mvn/wrapper/maven-wrapper.jar to attempt a clean
> download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838140#comment-17838140
]
ASF GitHub Bot commented on MWRAPPER-103:
-
cstamas closed pull request #131: [MWRAPPER-103] Workaround: demote check to
Warning
URL: https://github.com/apache/maven-wrapper/pull/131
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised. Investigate or delete
> /d/a/quarkus/quarkus/.mvn/wrapper/maven-wrapper.jar to attempt a clean
> download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838142#comment-17838142
]
ASF GitHub Bot commented on MWRAPPER-103:
-
jorsol commented on PR #131:
URL: https://github.com/apache/maven-wrapper/pull/131#issuecomment-2061121345
Since the default is now `only-mvnw`, maybe the current workaround is to
simply remove the lines from:
https://github.com/apache/maven-wrapper/blob/c9a3e67e5295c41b4a9bc4fd4babe81d20e7e18f/maven-wrapper-distribution/src/resources/mvnw.cmd#L156-L172
Or comment the `if ERRORLEVEL 1 goto error`.
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised. Investigate or delete
> /d/a/quarkus/quarkus/.mvn/wrapper/maven-wrapper.jar to attempt a clean
> download.
> If you
Re: [PR] [MWRAPPER-103] Workaround: demote check to Warning [maven-wrapper]
jorsol commented on PR #131: URL: https://github.com/apache/maven-wrapper/pull/131#issuecomment-2061121345 Since the default is now `only-mvnw`, maybe the current workaround is to simply remove the lines from: https://github.com/apache/maven-wrapper/blob/c9a3e67e5295c41b4a9bc4fd4babe81d20e7e18f/maven-wrapper-distribution/src/resources/mvnw.cmd#L156-L172 Or comment the `if ERRORLEVEL 1 goto error`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MWRAPPER-103] Workaround: demote check to Warning [maven-wrapper]
cstamas commented on PR #131: URL: https://github.com/apache/maven-wrapper/pull/131#issuecomment-2061120774 Oh, got it now. Ok, am closing this one out then, as I missed the topic. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MWRAPPER-103] Workaround: demote check to Warning [maven-wrapper]
cstamas closed pull request #131: [MWRAPPER-103] Workaround: demote check to Warning URL: https://github.com/apache/maven-wrapper/pull/131 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MWRAPPER-103] Workaround: demote check to Warning [maven-wrapper]
jorsol commented on PR #131: URL: https://github.com/apache/maven-wrapper/pull/131#issuecomment-2061113392 The issue affects the `wrapperSha256Sum` from `mvnw`, not `only-mvnw`, actually the only-mvnw does not validate the `wrapperSha256Sum` since it doesn't download the jar. In the end, this is not the fix for the issue reported, the trouble is that `only-mvnw` does different things than `mvnw`, so it seems that using `only-mvnw` works and `mvnw` don't. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838131#comment-17838131
]
ASF GitHub Bot commented on MWRAPPER-103:
-
cstamas commented on PR #131:
URL: https://github.com/apache/maven-wrapper/pull/131#issuecomment-2061082217
@gsmet eyes please. Disclaimer: I am not Win guy, so if you can bring on
someone to verify, please do so.
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised. Investigate or delete
> /d/a/quarkus/quarkus/.mvn/wrapper/maven-wrapper.jar to attempt a clean
> download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tamas Cservenak reassigned MWRAPPER-103:
Assignee: Tamas Cservenak
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised. Investigate or delete
> /d/a/quarkus/quarkus/.mvn/wrapper/maven-wrapper.jar to attempt a clean
> download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838132#comment-17838132
]
ASF GitHub Bot commented on MWRAPPER-103:
-
cstamas commented on PR #131:
URL: https://github.com/apache/maven-wrapper/pull/131#issuecomment-2061082617
@jorsol eyes please
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised. Investigate or delete
> /d/a/quarkus/quarkus/.mvn/wrapper/maven-wrapper.jar to attempt a clean
> download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [MWRAPPER-103] Workaround: demote check to Warning [maven-wrapper]
cstamas commented on PR #131: URL: https://github.com/apache/maven-wrapper/pull/131#issuecomment-2061082617 @jorsol eyes please -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MWRAPPER-103] Workaround: demote check to Warning [maven-wrapper]
cstamas commented on PR #131: URL: https://github.com/apache/maven-wrapper/pull/131#issuecomment-2061082217 @gsmet eyes please. Disclaimer: I am not Win guy, so if you can bring on someone to verify, please do so. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MWRAPPER-103) Failed to validate Maven Wrapper SHA-256 on Windows
[
https://issues.apache.org/jira/browse/MWRAPPER-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17838129#comment-17838129
]
ASF GitHub Bot commented on MWRAPPER-103:
-
cstamas opened a new pull request, #131:
URL: https://github.com/apache/maven-wrapper/pull/131
For start, instead to die off, let's demote the failure to warning level.
---
https://issues.apache.org/jira/browse/MWRAPPER-103
> Failed to validate Maven Wrapper SHA-256 on Windows
> ---
>
> Key: MWRAPPER-103
> URL: https://issues.apache.org/jira/browse/MWRAPPER-103
> Project: Maven Wrapper
> Issue Type: Bug
> Components: Maven Wrapper Scripts
>Affects Versions: 3.2.0
>Reporter: Jorge Solórzano
>Priority: Major
> Fix For: 3.3.0
>
>
> When *wrapperSha256Sum* is set on GitHub Actions for the Windows platform,
> the script fails as is unable to validate the wrapper jar.
> I don't currently have access to a Windows machine, but this is failing for
> the following GH Actions configuration:
>
> {noformat}
> Operating System: Microsoft Windows Server 2022 10.0.20348
> Datacenter
> Image: windows-202
> Version: 20230307.2
> Included Software:
> https://github.com/actions/runner-images/blob/win22/20230307.2/images/win/Windows2022-Readme.md
> Image Release:
> https://github.com/actions/runner-images/releases/tag/win22%2F20230307.2
> {noformat}
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS install -pl
> 'integration-tests/devtools'
> shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
> env:
> LANG: en_US.UTF-8
> COMMON_MAVEN_ARGS: -e -B --settings .github/mvn-settings.xml
> --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dformat.skip -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> JAVA_HOME:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> JAVA_HOME_11_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\11.0.18-10\x64
> Get-FileHash : The term 'Get-FileHash' is not recognized as the name of a
> cmdlet, function, script file, or operable
> program. Check the spelling of the name, or if a path was included,
> verify that the path is correct and try again.
> At line:1 char:13
> + &{ $hash = (Get-FileHash "D:\a\quarkus\quarkus\.mvn\wrapper\maven-wra
> ...
> +
> + CategoryInfo : ObjectNotFound: (Get-FileHash:String) [],
> CommandNotFoundException
> + FullyQualifiedErrorId : CommandNotFoundException
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might
> be compromised.
> Investigate or delete D:\a\quarkus\quarkus\.mvn\wrapper\maven-wrapper.jar
> to attempt a clean download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.{noformat}
> Also, using when using Git Bash:
>
> {noformat}
> ./mvnw $COMMON_MAVEN_ARGS install -Dsurefire.timeout=1200 -pl
> !integration-tests/gradle -pl !integration-tests/maven -pl
> !integration-tests/devtools -pl !docs -DskipDocs -Dformat.skip -Dincremental
> -Dgib.disableSelectedProjectsHandling -Dgib.untracked=false
> -Dgib.uncommitted=false -Dgib.referenceBranch=origin/main
> -Dgib.disableIfReferenceBranchMatches='origin/\d+\.\d+'
> shell: C:\Program Files\Git\bin\bash.EXE --noprofile --norc -e -o pipefail
> {0} env: LANG: en_US.UTF-8 COMMON_MAVEN_ARGS: -e -B
> --settings .github/mvn-settings.xml --fail-at-end
> NATIVE_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers
> -Dquarkus.native.native-image-xmx=5g -Dnative -Dnative.surefire.skip
> -Dformat.skip -Dno-descriptor-tests install -DskipDocs
> JVM_TEST_MAVEN_ARGS: -Dtest-containers -Dstart-containers -Dformat.skip
> -DskipDocs -Dquarkus.test.hang-detection-timeout=60
> MAVEN_OPTS: -Xmx2g -XX:MaxMetaspaceSize=1g
> -Xlog:gc*=debug:file=windows-java-17.txt
> JAVA_HOME: C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> JAVA_HOME_17_X64:
> C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\17.0.6-10\x64
> Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be
> compromised. Investigate or delete
> /d/a/quarkus/quarkus/.mvn/wrapper/maven-wrapper.jar to attempt a clean
> download.
> If you updated your Maven version, you need to update the specified
> wrapperSha256Sum property.
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[PR] [MWRAPPER-103] Workaround: demote check to Warning [maven-wrapper]
cstamas opened a new pull request, #131: URL: https://github.com/apache/maven-wrapper/pull/131 For start, instead to die off, let's demote the failure to warning level. --- https://issues.apache.org/jira/browse/MWRAPPER-103 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven.plugins:maven-plugins from 41 to 42 [maven-acr-plugin]
dependabot[bot] opened a new pull request, #37: URL: https://github.com/apache/maven-acr-plugin/pull/37 Bumps [org.apache.maven.plugins:maven-plugins](https://github.com/apache/maven-parent) from 41 to 42. Release notes Sourced from https://github.com/apache/maven-parent/releases;>org.apache.maven.plugins:maven-plugins's releases. 42 Bug [https://issues.apache.org/jira/browse/MPOM-449;>MPOM-449] - Remove the leading 1. from source/target properties Improvement [https://issues.apache.org/jira/browse/MPOM-447;>MPOM-447] - activate javac's release flag when building with JDK supporting that feature [https://issues.apache.org/jira/browse/MPOM-453;>MPOM-453] - Disable annotation processing by compiler [https://issues.apache.org/jira/browse/MPOM-454;>MPOM-454] - Warning about usage of deprecated API by compiler [https://issues.apache.org/jira/browse/MPOM-477;>MPOM-477] - Skip empty PMD reports [https://issues.apache.org/jira/browse/MPOM-478;>MPOM-478] - Remove manually maintained history from site [https://issues.apache.org/jira/browse/MPOM-483;>MPOM-483] - Make a separate module for documentation Task [https://issues.apache.org/jira/browse/MPOM-482;>MPOM-482] - Publish site descriptor with new parent Dependency upgrade [https://issues.apache.org/jira/browse/MPOM-448;>MPOM-448] - Update spotless-maven-plugin from 2.40.0 to 2.41.1 [https://issues.apache.org/jira/browse/MPOM-455;>MPOM-455] - Add dependencyManagement for JUnit 5 [https://issues.apache.org/jira/browse/MPOM-459;>MPOM-459] - Bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.1 to 3.3.2 [https://issues.apache.org/jira/browse/MPOM-464;>MPOM-464] - Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 [https://issues.apache.org/jira/browse/MPOM-473;>MPOM-473] - Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 [https://issues.apache.org/jira/browse/MPOM-474;>MPOM-474] - Bump org.codehaus.mojo:extra-enforcer-rules from 1.7.0 to 1.8.0 [https://issues.apache.org/jira/browse/MPOM-485;>MPOM-485] - Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [https://issues.apache.org/jira/browse/MPOM-487;>MPOM-487] - Bump parent to 32 Commits See full diff in https://github.com/apache/maven-parent/commits;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
