On 15 Feb 2023, at 8:30, Tamás Cservenák wrote:
This artifact ceased to exist (well, to be produced) since.
Sweet - dropped the dependency and all good - and re-released.
Cheers,
Mark
---
"The ease with which a change can be implemented has no relevance at all
to whether it is the right
No, it doesn't.
Somewhere around 3.0-alpha-3 (?) the toolchains were pulled into maven
https://github.com/apache/maven/commit/5377165201decef84c10ad00b0ecef18935e0539
And I guess some reshuffle happened, and finally it ended up in maven-core.
This artifact ceased to exist (well, to be produced)
On 15 Feb 2023, at 1:19, Elliotte Rusty Harold wrote:
That's extremely old and seems unmaintained and never released. You
probably want the maven-toolchains-plugin
Isn't that for USING toolchains - not adding tool chain support to a
plugin? Will do some more digging.
---
"The ease with
Hi,
On 14.02.23 11:22, Mark Derricutt wrote:
Hey all,
I was alerted the other day about a security issue with my
clojure-maven-plugin apparently pulling in log4j 1.2, but using the
dependency:tree plugin showed nothing.
Seems this is due to dependencies being overridden by newer maven
On Tue, Feb 14, 2023 at 5:23 AM Mark Derricutt wrote:
>
> Hey all,
>
> I was alerted the other day about a security issue with my
> clojure-maven-plugin apparently pulling in log4j 1.2, but using the
> dependency:tree plugin showed nothing.
Interesting discovery. It sounds like the security tool
Hey all,
I was alerted the other day about a security issue with my
clojure-maven-plugin apparently pulling in log4j 1.2, but using the
dependency:tree plugin showed nothing.
Seems this is due to dependencies being overridden by newer maven
versions, anyway - I use toolchains in the plugin