Re: [MNG-6667] Hint at Maven upgrade requirement when trying to build a pom.xml with a newer modelVersion
Ok I've switched to a dedicated comparator. The comparator you suggested is not available on the classpath in that module and the other alternatives you suggested could leak unintentionally side-effects. On Sat, 1 Jun 2019 at 16:03, Robert Scholte wrote: > This is a bit awkward, a modelVersion is not an artifactVersion even > though they have the same characteristics. > Comparison will work, as would JavaVersion. > I'd prefer a dedicated comparator or GenericVersionScheme > > Robert > > [1] > > https://maven.apache.org/resolver/apidocs/org/eclipse/aether/util/version/GenericVersionScheme.html > > > > > On Sat, 01 Jun 2019 14:48:00 +0200, Stephen Connolly > wrote: > > > CI passed: > > https://builds.apache.org/job/maven-box/job/maven/job/mng-6667/1/ > > > > On Sat 1 Jun 2019 at 13:01, Stephen Connolly < > > stephen.alan.conno...@gmail.com> wrote: > > > >> Finally got some time to do some work on Maven again... who knows how > >> long > >> it will last!!! > >> > >> https://issues.apache.org/jira/browse/MNG-6667 > >> > >> > >> > https://gitbox.apache.org/repos/asf?p=maven.git;a=commit;h=7376a99093984c459f6a70cd1f508bbcf5ef26f7 > >> > >> WDYT? > >> > >> If CI passes are we good to merge? > >> > >> -Stephen > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > >
[RESULT] [VOTE] Retire Maven Ant Plugin
Hi, The vote has passed with the following result: +1 (or more): Bruno Borges, Jesper Udby, Anders Hammar, Tibor Digana, Enrico Olivelli, Manfred Moser, Karl Heinz Marbaise, Olivier Lamy, Sylwester Lachiewicz, Stephen Connolly, James Gough, Gabriel Belingueres, Hoa Phan, Robert Scholte PMC quorum: reached I will continue with the steps required to retire this plugin. On 28-5-2019 20:54:53, Robert Scholte wrote: Hi, The Apache Maven project consist of about 100 (sub)projects. Due to the small number of volunteers and the huge amount of code to maintain we're missing enough space to make real progress on all these projects, including our ambitious ideas for the next major version(s) of Maven itself. To be able to gain more focus we need to criticize the current subprojects and decide if it is worth maintaining. The goal of the Apache Maven Ant Plugin it to generate Ant build files based on a pom.xml and was released for the last time in December 2014. Due to the different ways that Ant and Maven work I don't think it makes sense anymore to maintain a plugin to transform Maven files to Ant. See https://maven.apache.org/plugins/maven-ant-plugin/ [https://maven.apache.org/plugins/maven-ant-plugin/] To be clear, this is NOT the plugin you can use to run Ant within Maven; that's the maven-antrun-plugin. I therefore propose that we retire the maven-ant-plugin. I don't think it makes sense to do a final release. Instead we should update the documentation and freeze the codebase. The process for retiring a plugin is described here: https://maven.apache.org/developers/retirement-plan-plugins.html The vote is open for 72 hours. [ ] +1 Yes, it's about time [ ] -1 No, because...
Re: [VOTE] Retire Maven Ant Plugin
+1 On 28-5-2019 20:54:53, Robert Scholte wrote: Hi, The Apache Maven project consist of about 100 (sub)projects. Due to the small number of volunteers and the huge amount of code to maintain we're missing enough space to make real progress on all these projects, including our ambitious ideas for the next major version(s) of Maven itself. To be able to gain more focus we need to criticize the current subprojects and decide if it is worth maintaining. The goal of the Apache Maven Ant Plugin it to generate Ant build files based on a pom.xml and was released for the last time in December 2014. Due to the different ways that Ant and Maven work I don't think it makes sense anymore to maintain a plugin to transform Maven files to Ant. See https://maven.apache.org/plugins/maven-ant-plugin/ [https://maven.apache.org/plugins/maven-ant-plugin/] To be clear, this is NOT the plugin you can use to run Ant within Maven; that's the maven-antrun-plugin. I therefore propose that we retire the maven-ant-plugin. I don't think it makes sense to do a final release. Instead we should update the documentation and freeze the codebase. The process for retiring a plugin is described here: https://maven.apache.org/developers/retirement-plan-plugins.html The vote is open for 72 hours. [ ] +1 Yes, it's about time [ ] -1 No, because...
Re: [MNG-6667] Hint at Maven upgrade requirement when trying to build a pom.xml with a newer modelVersion
This is a bit awkward, a modelVersion is not an artifactVersion even though they have the same characteristics. Comparison will work, as would JavaVersion. I'd prefer a dedicated comparator or GenericVersionScheme Robert [1] https://maven.apache.org/resolver/apidocs/org/eclipse/aether/util/version/GenericVersionScheme.html On Sat, 01 Jun 2019 14:48:00 +0200, Stephen Connolly wrote: CI passed: https://builds.apache.org/job/maven-box/job/maven/job/mng-6667/1/ On Sat 1 Jun 2019 at 13:01, Stephen Connolly < stephen.alan.conno...@gmail.com> wrote: Finally got some time to do some work on Maven again... who knows how long it will last!!! https://issues.apache.org/jira/browse/MNG-6667 https://gitbox.apache.org/repos/asf?p=maven.git;a=commit;h=7376a99093984c459f6a70cd1f508bbcf5ef26f7 WDYT? If CI passes are we good to merge? -Stephen - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [MNG-6667] Hint at Maven upgrade requirement when trying to build a pom.xml with a newer modelVersion
CI passed: https://builds.apache.org/job/maven-box/job/maven/job/mng-6667/1/ On Sat 1 Jun 2019 at 13:01, Stephen Connolly < stephen.alan.conno...@gmail.com> wrote: > Finally got some time to do some work on Maven again... who knows how long > it will last!!! > > https://issues.apache.org/jira/browse/MNG-6667 > > > https://gitbox.apache.org/repos/asf?p=maven.git;a=commit;h=7376a99093984c459f6a70cd1f508bbcf5ef26f7 > > WDYT? > > If CI passes are we good to merge? > > -Stephen > -- Sent from my phone
[MNG-6667] Hint at Maven upgrade requirement when trying to build a pom.xml with a newer modelVersion
Finally got some time to do some work on Maven again... who knows how long it will last!!! https://issues.apache.org/jira/browse/MNG-6667 https://gitbox.apache.org/repos/asf?p=maven.git;a=commit;h=7376a99093984c459f6a70cd1f508bbcf5ef26f7 WDYT? If CI passes are we good to merge? -Stephen
Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)
If there is any complaint I will commit the change. We are already moving to java8 other plugins that are not part of the core lifecycle (Maven 3 supports java7) Enrico Il ven 31 mag 2019, 21:43 Enrico Olivelli ha scritto: > +1 > Enrico > > Il ven 31 mag 2019, 21:02 Homer, Tony ha scritto: > >> Currently maven-archetype depends on dom4j 1.6.1 which is vulnerable to >> CVE-2018-1000632 [1]. >> I filed ARCHETYPE-567 [2] to track this. >> In order to mitigate this vulnerability, an update to dom4j 2.1.1 is >> needed. >> dom4j 2.1.x requires Java 8+ [3]. >> dom4j 2.0.x would retain compatibility with Java 7 (Java 5+) but the >> latest release (2.0.2) is vulnerable to CVE-2018-1000632. >> The current dev version (2.0.3) seems to contain a fix for >> CVE-2018-1000632 but has been pending release for ~1 year. >> >> I opened PR #28 [4] to make these changes. >> What else I should do to advance this proposal? >> >> Thanks! >> Tony Homer >> >> [1] https://nvd.nist.gov/vuln/detail/CVE-2018-1000632 >> [2] https://issues.apache.org/jira/browse/ARCHETYPE-567 >> [3] https://dom4j.github.io >> [4] https://github.com/apache/maven-archetype/pull/28 >> >>
