RE: [VOTE] Require Java 17 for Maven 4

You should be able to use @code in same way now without the java upgrade. * * {@code * * -Xmaxerrs * 1000 * -Xlint * -J-Duser.language=en_us * * } * Something like that anyways and all the ugly escapes can go now.

Re: [VOTE] Require Java 17 for Maven 4

+1 Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Android From: Benjamin Marwell Sent: Wednesday, February 28, 2024 2:30:07 AM To: Maven Developers List ; Maven Users List Subject: [VOTE] Require Java 17 for Maven 4

Re: [VOTE] Release Maven Surefire version 3.2.5

Github is best place to have release notes. Just drop the link to jira there. It can be automated. Renovate like dependabot also pulls release notes from there. It cannot find jira either. IMO. Drop jira entirely for github. Spring did and the used some automated process to pull all jira

RE: plexus-utils 4.x and Xpp3DomBuilder

and Xpp3DomBuilder sob., 16 wrz 2023 o 16:19 Jeremy Landis napisał(a): > Site plugin on maven release doesn't like if this was used this way. > Using the site 3 series. > Can you provide more details or reproduce for the site plugin? > > Sent from my Verizon, Samsung Galaxy smartph

Re: plexus-utils 4.x and Xpp3DomBuilder

Site plugin on maven release doesn't like if this was used this way. Using the site 3 series. Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Android From: Slawomir Jaranowski Sent: Saturday, September 16, 2023 9:50:51 AM

Re: CVE-2021-26291 for plugin writers

Make sure your maven artifacts are provided scope then your users can continue using old versions just fine to the 3.3.9 support level you have now. Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Android From: Anton

Re: [GitHub] [maven-2] vlsi commented on pull request #1: [SECURITY] Use HTTPS to resolve dependencies in Maven Build

Trivial yes but maven 2 will never be released again. Not sure why ask was to close from member of maven team, member should both close and archive repo for read only to prevent others wasting their time. Nevermind this pull was from years ago. Sent from my Verizon, Samsung Galaxy smartphone

Re: [HEADS UP] Maven 3.9.4 plan

s or having endless loops > when some plugins fail, 3.9.4 will not make a big difference for you, but > as Romain said, we just want to "move forward", by doing regular minor > releases. > > Maven may receive more changes, as resolver is the first in the pipe, and > as al

RE: [HEADS UP] Maven 3.9.4 plan

What exactly does this small release improve so much that it warrants a release this soon since 3.9.3? We scaled 3.9.3 already a while ago and haven't been any real issues that I can pinpoint that anything in this would address and make better. Clearly, I'm missing something here that is

Re: [ANN] Maven Fluido Skin 1.12.0 released

Notes here state this requires site 4 plugin. Believe this one is still for site 3 plugin, correct? Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Android From: Michael Osipov Sent: Sunday, July 9, 2023 7:48:00 AM To:

Re: Gratuitous refactorings

Looks like classwork for sure. I think intent on pull request needs to be present to explain the value and maybe contributor guide should state that if it does not. The change appears to be from sonar rules. It's clearly some form of classwork when user has no GitHub history. Many classes

Re: [VOTE] Release Apache Maven parent 40

While it's setup to override it, I'd tend to agree on plexus 4. It's a little aggressive and I've already experienced issues with 4.0. I forget where but rolled back with assumption that's really for maven 4. Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for

RE: Question - JDK Minimum of future Apache Maven 4.0.0

Delany, "You need toolchains if your code needs the JAXB classes removed in JDK11. Delany" That isn't accurate. You do not need toolchains for jaxb. You need to add the correct libraries. I can understand that statement from a dev that doesn't quite understand the history of EE inside java

RE: Question - JDK Minimum of future Apache Maven 4.0.0

Toolchains is not needed. Many plugins don't even support it. However, the 'release' flag only checks stuff in java itself as well as your codes direct usage. It doesn't look in the libraries you use indirectly. For that you need the enforcer plugin to look at the byte code. Trust the cross

Re: [DISCUSS] Maven runtime vs artifact runtime?

On github I use the matrix across nearly everything just to show to users it works on various versions. It has nothing to do at all with what is used to release it. I use only jdk 17 on windows currently to release items on github. For my paying job. We don't have that level of resources

Re: [VOTE] Release Apache Maven Release Plugin version 3.0.1

092716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=AQO3sJzqStxUXB8SyqhxQQRoWoFxoDur46p0TpynxOo%3D=0<https://github.com/apache/maven-surefire/pull/652> which I still haven't fully debugged On Wed, May 31, 2023 at 11:25 AM Jeremy L

Re: [VOTE] Release Apache Maven Release Plugin version 3.0.1

Common thread I keep seeing. Update all the libraries! ...the common thread.. No concern on this one but maven does still release vulnerable plugin usage especially around transient commons collections. We keep patching so it's also frustrating the speed of plugin releases that are not

Re: Question - JDK Minimum of future Apache Maven 4.0.0

+1 on java 17. Stats matter but can tell you we are 90% jdk 17 on builds already, don't use toolchains. It's unnecessary. A lot of it is education to development staff that Devops must push and enable teams. Maven could help drive that here... As to comment on 3.8 vs 3.9. We already

RE: GH issues and GH discussions

coding takes no time. -Original Message- From: Michael Osipov Sent: Saturday, May 27, 2023 4:31 PM To: dev@maven.apache.org Subject: Re: GH issues and GH discussions Am 2023-05-27 um 22:21 schrieb Jeremy Landis: > Not sure if was mentioned. Spring moved all their legacy Jira for

RE: GH issues and GH discussions

Not sure if was mentioned. Spring moved all their legacy Jira for all their projects entirely to GitHub Issues. Believe it was done with everything. https://spring.io/blog/2019/01/15/spring-framework-s-migration-from-jira-to-github-issues Now concerns of MS are unfounded thus far. MS is

RE: maven 3.9.x warnings

I think the warnings in general have thus far been a good thing. The level of plugins reacting now and people reporting issues is very clear. I'd suspect this to die down in next month or two as these flush themselves out and really maven 3.9.x is all about journey to maven 4 so this IMO is

RE: maven 3.9.x warnings

While you are at it, could you change the warnings to show just before the final status of the build? Some projects at least in VERBOSE have so many warnings that it makes it much harder to know the project built successfully. ATM it's something like this. ...Status successful build... Now a

RE: Some thoughts about the maven parameter deprecation messages

I think 'end users' are the ones that need to report to plugin owners. Plugin authors are highly unlikely to even know about this issue unless working their plugins. The latest maven 3.9.2 though IMO did this wrong. When the issues pop, it makes end users open tickets at very least.

RE: [VOTE] Change to the voting process

From a real-life perspective, this stuff should remain fast. People will only vote on what they are comfortable with as most others have stated. But the real-life part of it at least as I can speak, it will take months to get some of the updates that have been pushed into widespread adoption.

RE: [VOTE] Release Maven Resolver 1.9.9

Without knowing more details myself, couple of possibilities come to mind... - Was keystore made with newer jdk? See https://support.oracle.com/knowledge/More%20Applications%20and%20Technologies/2847060_1.html. - Was the keystore filtered? Gut tells me it’s the first issue given how old

RE: [HEADS UP] Maven 3.9.2 is around the corner

will try to reproduce it. One remark though: >> checksum names as mentioned in doco are case sensitive... >> >> T >> >> On Fri, Apr 21, 2023, 23:47 Jeremy Landis >> wrote: >> >>> Since maven 3.9.0, sha 256/512 checksums no longer are being pulled

Re: [HEADS UP] Maven 3.9.2 is around the corner

Since maven 3.9.0, sha 256/512 checksums no longer are being pulled if available and requested either through command line are or maven.config. Has this been reported? Dropping back to maven 3.8.8 it works again. Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for

Re: Partial breakage in maven-stage-plugin CI: No GitHub app credentials found

Not sure if related but github ssh private key was exposed last week so the keys were regenerated. At very least check there blog in case other issues. Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Android From: Elliotte

Re: [HEADS UP] Maven Release 3.9.1 coming soon

s well, the issue _I think_ affects Jeremy Landis (still just a guess, based on info we got so far from you), just FYI. Thanks T On Tue, Mar 7, 2023 at 3:28 PM Tamás Cservenák wrote: > Howdy, > > just to keep you in the loop: > Maven 3.9.0 went out with Resolver 1.9.4. Since the

RE: [HEADS UP] Maven Release 3.9.1 coming soon

at that time. Thanks, Jeremy Landis -Original Message- From: Jeremy Landis Sent: Thursday, February 23, 2023 10:58 PM To: Maven Developers List Subject: RE: [HEADS UP] Maven Release 3.9.1 coming soon Update on issue I'm facing. The issue is using the site:jar during the release process

RE: [HEADS UP] Maven Release 3.9.1 coming soon

into release plugin and how the site-deploy is actually working as that seems like I want to mimic that behaviour. Thanks, Jeremy -Original Message- From: Jeremy Landis Sent: Wednesday, February 22, 2023 12:30 PM To: Maven Developers List Subject: RE: [HEADS UP] Maven Release 3.9.1 coming

RE: [HEADS UP] Maven Release 3.9.1 coming soon

it discreetly. Thanks T On Wed, Feb 22, 2023 at 4:27 PM Jeremy Landis wrote: > I don't have a sharable example at the moment to show but hope enough > information here can spot the issue from one I just ran. If any > details missing, I can quickly apply more info. > > On mul

RE: [HEADS UP] Maven Release 3.9.1 coming soon

e easier and I can work on getting one together for that purpose but hoping its something obvious that rings some bells as to why the behaviour is that way. Thanks, Jeremy Landis -Original Message- From: Jeremy Landis Sent: Monday, February 20, 2023 11:32 AM To: Maven Developers

Re: [HEADS UP] Maven Release 3.9.1 coming soon

17:21 Jeremy Landis wrote: > We have been unable to release multi module builds with maven 3 9.0. It > seems the site has major problems trying to resolve the build artifacts. > Has this been reported yet or do any of the resolver items fix that? > Single module releases using ident

Re: [HEADS UP] Maven Release 3.9.1 coming soon

We have been unable to release multi module builds with maven 3 9.0. It seems the site has major problems trying to resolve the build artifacts. Has this been reported yet or do any of the resolver items fix that? Single module releases using identical configuration release fine. Sent from

RE: maven.config / jvm.config / -D options

I believe the -D option noted was one that was not related to maven itself but rather jvm. We use -D there for very specific maven item only and its fine. The new lines are required for sure both in 3.9.0 and 4.0.0 alphas. We have already scaled this out as an automated change where I work

Re: [VOTE] Release Maven Dependency Plugin version 3.5.0

Can you include plexus archiver patch with the next release? Surprised that was not included here given it spams false warnings. Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Android From: Michael Osipov Sent: Sunday,