[PR] Bump org.apache.maven.plugins:maven-wrapper-plugin from 3.3.0 to 3.3.1 [maven-mvnd]
dependabot[bot] opened a new pull request, #994: URL: https://github.com/apache/maven-mvnd/pull/994 Bumps [org.apache.maven.plugins:maven-wrapper-plugin](https://github.com/apache/maven-wrapper) from 3.3.0 to 3.3.1. Release notes Sourced from https://github.com/apache/maven-wrapper/releases";>org.apache.maven.plugins:maven-wrapper-plugin's releases. 3.3.1 https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12323721&version=12354586";>Release Notes - Maven Wrapper - Version 3.3.1 What's Changed [MWRAPPER-132][MWRAPPER-124] port MWRAPPER-124 fix to only-script by https://github.com/gzm55";>@gzm55 in https://redirect.github.com/apache/maven-wrapper/pull/133";>apache/maven-wrapper#133 [MWRAPPER-134] Add wrapperVersion to maven-wrapper.properties by https://github.com/cstamas";>@cstamas in https://redirect.github.com/apache/maven-wrapper/pull/135";>apache/maven-wrapper#135 Full Changelog: https://github.com/apache/maven-wrapper/compare/maven-wrapper-3.3.0...maven-wrapper-3.3.1";>https://github.com/apache/maven-wrapper/compare/maven-wrapper-3.3.0...maven-wrapper-3.3.1 Commits https://github.com/apache/maven-wrapper/commit/0c2b91b860944aba1281d05399bbab4583c4d380";>0c2b91b [maven-release-plugin] prepare release maven-wrapper-3.3.1 https://github.com/apache/maven-wrapper/commit/458af4e0e9baf36db32e1094921dada47c3ac90a";>458af4e [MWRAPPER-134] Add wrapperVersion to maven-wrapper.properties (https://redirect.github.com/apache/maven-wrapper/issues/135";>#135) https://github.com/apache/maven-wrapper/commit/c4c09a3b579cfb3e2bcc79c8b42d07dd481f2d96";>c4c09a3 [MWRAPPER-132][MWRAPPER-124] port MWRAPPER-124 fix to only-script (https://redirect.github.com/apache/maven-wrapper/issues/133";>#133) https://github.com/apache/maven-wrapper/commit/1f6187f6fd445cbf4f471450fc6d794570372d95";>1f6187f [maven-release-plugin] prepare for next development iteration See full diff in https://github.com/apache/maven-wrapper/compare/maven-wrapper-3.3.0...maven-wrapper-3.3.1";>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-wrapper-plugin&package-manager=maven&previous-version=3.3.0&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump ca.vanzyl.provisio.maven.plugins:provisio-maven-plugin from 1.0.24 to 1.0.25 [maven-mvnd]
dependabot[bot] opened a new pull request, #993: URL: https://github.com/apache/maven-mvnd/pull/993 Bumps [ca.vanzyl.provisio.maven.plugins:provisio-maven-plugin](https://github.com/takari/provisio) from 1.0.24 to 1.0.25. Release notes Sourced from https://github.com/takari/provisio/releases";>ca.vanzyl.provisio.maven.plugins:provisio-maven-plugin's releases. provisio-1.0.25 What's Changed Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 by https://github.com/dependabot";>@dependabot in https://redirect.github.com/jvanzyl/provisio/pull/94";>jvanzyl/provisio#94 Updates by https://github.com/cstamas";>@cstamas in https://redirect.github.com/jvanzyl/provisio/pull/95";>jvanzyl/provisio#95 Full Changelog: https://github.com/jvanzyl/provisio/compare/provisio-1.0.24...provisio-1.0.25";>https://github.com/jvanzyl/provisio/compare/provisio-1.0.24...provisio-1.0.25 Commits https://github.com/jvanzyl/provisio/commit/9cbd1f87aecf431c87f66d75539900ecc0ae397c";>9cbd1f8 [maven-release-plugin] prepare release provisio-1.0.25 https://github.com/jvanzyl/provisio/commit/714af0ea70eda8aaa1f4409c352857294db830cd";>714af0e Updates https://github.com/jvanzyl/provisio/commit/bfcdd56a7c935322c53556a66d1bbba24f92277f";>bfcdd56 Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.13 https://github.com/jvanzyl/provisio/commit/d4d61ce81b6bc426fda6a0f51b0d4bfe261fac2a";>d4d61ce [maven-release-plugin] prepare for next development iteration See full diff in https://github.com/takari/provisio/compare/provisio-1.0.24...provisio-1.0.25";>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ca.vanzyl.provisio.maven.plugins:provisio-maven-plugin&package-manager=maven&previous-version=1.0.24&new-version=1.0.25)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump jakarta.inject:jakarta.inject-api from 1.0 to 1.0.5 [maven-mvnd]
dependabot[bot] opened a new pull request, #992: URL: https://github.com/apache/maven-mvnd/pull/992 Bumps [jakarta.inject:jakarta.inject-api](https://github.com/eclipse-ee4j/injection-api) from 1.0 to 1.0.5. Release notes Sourced from https://github.com/eclipse-ee4j/injection-api/releases";>jakarta.inject:jakarta.inject-api's releases. 1.0.3 Service Release This release corrects the 1.0.2 release which was incorrectly done from the master branch with the jakarta.* packages. It adds the Automatic-Module-Name=java.inject to the api jar manifest. 1.0.2 Service Release A service release that addresses: Address https://redirect.github.com/eclipse-ee4j/injection-api/issues/14";>#14 , set Automatic-Module-Name to java.inject Address https://redirect.github.com/eclipse-ee4j/injection-api/issues/15";>#15 , add OSGi bundle headers Commits https://github.com/jakartaee/inject/commit/d06ce188d4e30cd65cd7b2e79c92dc59d5b8dd07";>d06ce18 [maven-release-plugin] prepare release 1.0.5 https://github.com/jakartaee/inject/commit/ad9ef69ce4824ac55f779f5582ac3d21c00c8a4a";>ad9ef69 Change back to java.inject as module name, same as used for automatic module ... https://github.com/jakartaee/inject/commit/c0e2d9723e08b94e4ce5f0158fc9e75dc00b6658";>c0e2d97 [maven-release-plugin] prepare for next development iteration https://github.com/jakartaee/inject/commit/f879eb16799c3660480d9009b3787c100cac8cea";>f879eb1 [maven-release-plugin] prepare release 1.0.4 https://github.com/jakartaee/inject/commit/126e0af6706832ee85ff4506bef2ab58c476c92d";>126e0af Suppress doclint errors that show up with JDK 11 https://github.com/jakartaee/inject/commit/348e9c3df0b65cc397d0dbb2e9d0725e8fdfe9e2";>348e9c3 Backport moduel info for 1.x, https://redirect.github.com/eclipse-ee4j/injection-api/issues/23";>#23 https://github.com/jakartaee/inject/commit/ff8b99ffed6b2f1203d79aedd9b3458ab15d6bca";>ff8b99f [maven-release-plugin] prepare for next development iteration https://github.com/jakartaee/inject/commit/1251d3d696f08e4e2b2e4eee91d0a3d4cfccf1a2";>1251d3d [maven-release-plugin] prepare release 1.0.3 https://github.com/jakartaee/inject/commit/0654b9621d64485b17fb79f20a79dea9a627f8de";>0654b96 Correct dev version to 1.0.2-SNAPSHOT to prepare for 1.0.2 https://github.com/jakartaee/inject/commit/68b1b8bd525ed6c0db73510d7ed10fc1fd5e6c69";>68b1b8b Fix the version to 1.0.1-SNAPSHOT to prepare for 1.0.2 release Additional commits viewable in https://github.com/eclipse-ee4j/injection-api/compare/1.0...1.0.5";>compare view Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | jakarta.inject:jakarta.inject-api | [>= 2.a, < 3] | [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jakarta.inject:jakarta.inject-api&package-manager=maven&previous-version=1.0&new-version=1.0.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment.
[PR] Bump testcontainers.version from 1.19.7 to 1.19.8 [maven-mvnd]
dependabot[bot] opened a new pull request, #991: URL: https://github.com/apache/maven-mvnd/pull/991 Bumps `testcontainers.version` from 1.19.7 to 1.19.8. Updates `org.testcontainers:testcontainers` from 1.19.7 to 1.19.8 Release notes Sourced from https://github.com/testcontainers/testcontainers-java/releases";>org.testcontainers:testcontainers's releases. 1.19.8 Testcontainers for Java 1.19.8 🚀 Features & Enhancements support backtick enquoting in SQL script splitter (https://redirect.github.com/testcontainers/testcontainers-java/issues/8593";>#8593) https://github.com/peterhalicky";>@peterhalicky [localstack] Automatically add LAMBDA_DOCKER_FLAGS with testcontainers labels (https://redirect.github.com/testcontainers/testcontainers-java/issues/8595";>#8595) https://github.com/dfangl";>@dfangl [qdrant] Allow to set key and config file (https://redirect.github.com/testcontainers/testcontainers-java/issues/8556";>#8556) https://github.com/eddumelendez";>@eddumelendez [weaviate] Support new project container registry (https://redirect.github.com/testcontainers/testcontainers-java/issues/8512";>#8512) https://github.com/ThomasVitale";>@ThomasVitale [kafka] Add support for apache/kafka (https://redirect.github.com/testcontainers/testcontainers-java/issues/8416";>#8416) https://github.com/eddumelendez";>@eddumelendez [kafka] Skip starting zookeeper when using a Kafka container with the provided Zookeeper (https://redirect.github.com/testcontainers/testcontainers-java/issues/8433";>#8433) https://github.com/silh";>@silh Use Awaitility to Poll the Image Pull (https://redirect.github.com/testcontainers/testcontainers-java/issues/8453";>#8453) https://github.com/JKomoroski";>@JKomoroski Avoid usage of the non monotonic clock System.currentTimeMillis() in favor of System.nanoTime() (https://redirect.github.com/testcontainers/testcontainers-java/issues/6392";>#6392) https://github.com/Nateckert";>@Nateckert Fix DateTimeParseException when created is not set in image config (https://redirect.github.com/testcontainers/testcontainers-java/issues/8302";>#8302) https://github.com/SgtSilvio";>@SgtSilvio [redpanda] Override entrypoint (https://redirect.github.com/testcontainers/testcontainers-java/issues/8450";>#8450) https://github.com/eddumelendez";>@eddumelendez [weaviae] Add method for getting gRPC port (https://redirect.github.com/testcontainers/testcontainers-java/issues/8431";>#8431) https://github.com/antas-marcin";>@antas-marcin [clickhouse] Add getDatabaseName() method (https://redirect.github.com/testcontainers/testcontainers-java/issues/8339";>#8339) https://github.com/colin-lee";>@colin-lee 🐛 Bug Fixes Pass env to ComposeDelegate in DockerComposeContainer#stop (https://redirect.github.com/testcontainers/testcontainers-java/issues/8493";>#8493) https://github.com/mmusenbr";>@mmusenbr 📖 Documentation 🧹 Housekeeping Add Weaviate module tests with modules (https://redirect.github.com/testcontainers/testcontainers-java/issues/8481";>#8481) https://github.com/antas-marcin";>@antas-marcin Update alpine image version to 3.17 (https://redirect.github.com/testcontainers/testcontainers-java/issues/8476";>#8476) https://github.com/eddumelendez";>@eddumelendez fix getConnectionString javadoc (https://redirect.github.com/testcontainers/testcontainers-java/issues/8129";>#8129) https://github.com/gabrielluciano";>@gabrielluciano 📦 Dependency updates Move to gradle/actions/wrapper-validation (https://redirect.github.com/testcontainers/testcontainers-java/issues/8559";>#8559) https://github.com/eddumelendez";>@eddumelendez upgrade to github actions setup-java v4 (https://redirect.github.com/testcontainers/testcontainers-java/issues/8475";>#8475) https://github.com/sullis";>@sullis Update ryuk version to 0.7.0 (https://redirect.github.com/testcontainers/testcontainers-java/issues/8451";>#8451) https://github.com/eddumelendez";>@eddumelendez chore: use new sshd:1.2.0 image (https://redirect.github.com/testcontainers/testcontainers-java/issues/8574";>#8574) https://github.com/mdelapenya";>@mdelapenya Commits https://github.com/testcontainers/testcontainers-java/commit/9b780dd8f27b7665f34c54ae738c41eccf73ad44";>9b780dd Add support for backtick enquoting in SQL script splitter (https://redirect.github.com/testcontainers/testcontainers-java/issues/8593";>#8593) https://github.com/testcontainers/testcontainers-java/commit/8b9eb0cdd8c7b7d6b04ef68c21b89e771441a758";>8b9eb0c Fix Ollama code snippet https://github.com/testcontainers/testcontainers-java/commit/2195610f0d2a0864d1f9bd79bedf2c66e8386393";>2195610 Add LAMBDA_DOCKER_FLAGS with testcontainers labels (https://redirect.github.com/testcontainers/testcontainers-java/issues/8595";>#8595) https://github.com/testcontainers/testcontainers-java/commit/994b385761dde7d832ab7b6c10bc6
Re: [PR] Bump org.apache.maven:maven-core from 3.0 to 3.8.1 [maven-jdeps-plugin]
dependabot[bot] closed pull request #10: Bump org.apache.maven:maven-core from 3.0 to 3.8.1 URL: https://github.com/apache/maven-jdeps-plugin/pull/10 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-core from 3.0 to 3.8.1 [maven-jdeps-plugin]
dependabot[bot] commented on PR #10: URL: https://github.com/apache/maven-jdeps-plugin/pull/10#issuecomment-2111541276 OK, I won't notify you about org.apache.maven:maven-core again, unless you re-open this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-core from 3.0 to 3.8.1 [maven-jdeps-plugin]
slachiewicz commented on PR #10: URL: https://github.com/apache/maven-jdeps-plugin/pull/10#issuecomment-2111541242 @dependabot ignore this dependency -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (MNG-8121) NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293)
[ https://issues.apache.org/jira/browse/MNG-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17846480#comment-17846480 ] Gili edited comment on MNG-8121 at 5/15/24 3:21 AM: This issue seems to be related to https://issues.apache.org/jira/browse/MPLUGIN-384 and [https://github.com/apache/maven-plugin-tools/blob/master/maven-plugin-plugin/src/main/java/org/apache/maven/plugin/plugin/metadata/AddPluginArtifactMetadataMojo.java#L90] I suspect that it is ultimately a duplicate of https://issues.apache.org/jira/browse/MNG-7375 which is blocked on [https://github.com/apache/maven/pull/645] Meaning, maven-plugin-plugin 3.13.0 is incompatible with Maven 3.x. It can only be used with Maven 4.x. And the resulting error message (NullPointerException) makes it extremely difficult to figure out what is wrong. I urge you to fix the situation in maven-plugin-plugin. Version 3.12.0 and older work just fine, making this feel like a regression. If you are unable to support Maven 3.x in this and subsequent versions, at the very least the plugin should return a cleaner error message. was (Author: cowwoc): This issue seems to be related to https://issues.apache.org/jira/browse/MPLUGIN-384 and [https://github.com/apache/maven-plugin-tools/blob/master/maven-plugin-plugin/src/main/java/org/apache/maven/plugin/plugin/metadata/AddPluginArtifactMetadataMojo.java#L90] I suspect that it is ultimately a duplicate of https://issues.apache.org/jira/browse/MNG-7375 which is blocked on [https://github.com/apache/maven/pull/645] Meaning, maven-plugin-plugin 3.13.0 is incompatible with Maven 3.x. It can only be used with Maven 4.x. And the resulting error message (NullPointerException) makes it extremely difficult to figure out what is wrong. Please improve the situation in maven-plugin-plugin. At the very least we should get a cleaner error message. Better yet would be to handle this scenario correctly in the plugin. It is a regression in the sense that older versions worked fine. > NullPointerException at > org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293) > > > Key: MNG-8121 > URL: https://issues.apache.org/jira/browse/MNG-8121 > Project: Maven > Issue Type: Bug > Components: Artifacts and Repositories >Affects Versions: 3.9.6 > Environment: Maven 3.9.6 > maven-plugin-plugin 3.13.0 > org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13 >Reporter: Gili >Priority: Major > > TL;DR {{org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293)}} throws {{NullPointerException}} if previous releases of > a plugin did not have a goalPrefix set. > > At least, this is my interpretation of what is going on. > > Background > - > > I have an open-source project at > [https://github.com/cmake-maven-project/cmake-maven-project/tree/v3.27.1-b1] > with the following coordinates: > > com.googlecode.cmake-maven-project > cmake > > If I upgrade "maven-plugin-plugin" from version 3.10.1 to 3.13.0 I am forced > to set "" because of > https://issues.apache.org/jira/browse/MPLUGIN-450 and > [https://github.com/apache/maven-plugin-tools/commit/ed4774bcd8b8d2d1f7ff1196cf7644054cb3ae14#diff-624cbd32cd7fc0f3f9154fbec92b8a1aebb04614360b4a0b5fc28a407e99d743L96] > > In my particular case, I set "cmake-binaries" inside > cmake-binaries-plugin/pom.xml. > Now, when I try deploying a release to Maven Central I get the following > exception stack trace: > > > {noformat} > java.lang.NullPointerException > at org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata > (AbstractRepositoryMetadata.java:99) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository > (AbstractRepositoryMetadata.java:59) > at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge > (MetadataBridge.java:56) > at org.eclipse.aether.internal.impl.DefaultDeployer.upload > (DefaultDeployer.java:399) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:294) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:202) > at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy > (DefaultRepositorySystem.java:393) > at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy > (DefaultArtifactDeployer.java:131) > at > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > (AbstractDeployStrategy.java:213) > at > org.sonatype.nexus.mave
[jira] [Commented] (MNG-8121) NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293)
[ https://issues.apache.org/jira/browse/MNG-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17846480#comment-17846480 ] Gili commented on MNG-8121: --- This issue seems to be related to https://issues.apache.org/jira/browse/MPLUGIN-384 and [https://github.com/apache/maven-plugin-tools/blob/master/maven-plugin-plugin/src/main/java/org/apache/maven/plugin/plugin/metadata/AddPluginArtifactMetadataMojo.java#L90] I suspect that it is ultimately a duplicate of https://issues.apache.org/jira/browse/MNG-7375 which is blocked on [https://github.com/apache/maven/pull/645] Meaning, maven-plugin-plugin 3.13.0 is incompatible with Maven 3.x. It can only be used with Maven 4.x. And the resulting error message (NullPointerException) makes it extremely difficult to figure out what is wrong. Please improve the situation in maven-plugin-plugin. At the very least we should get a cleaner error message. Better yet would be to handle this scenario correctly in the plugin. It is a regression in the sense that older versions worked fine. > NullPointerException at > org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293) > > > Key: MNG-8121 > URL: https://issues.apache.org/jira/browse/MNG-8121 > Project: Maven > Issue Type: Bug > Components: Artifacts and Repositories >Affects Versions: 3.9.6 > Environment: Maven 3.9.6 > maven-plugin-plugin 3.13.0 > org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13 >Reporter: Gili >Priority: Major > > TL;DR {{org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293)}} throws {{NullPointerException}} if previous releases of > a plugin did not have a goalPrefix set. > > At least, this is my interpretation of what is going on. > > Background > - > > I have an open-source project at > [https://github.com/cmake-maven-project/cmake-maven-project/tree/v3.27.1-b1] > with the following coordinates: > > com.googlecode.cmake-maven-project > cmake > > If I upgrade "maven-plugin-plugin" from version 3.10.1 to 3.13.0 I am forced > to set "" because of > https://issues.apache.org/jira/browse/MPLUGIN-450 and > [https://github.com/apache/maven-plugin-tools/commit/ed4774bcd8b8d2d1f7ff1196cf7644054cb3ae14#diff-624cbd32cd7fc0f3f9154fbec92b8a1aebb04614360b4a0b5fc28a407e99d743L96] > > In my particular case, I set "cmake-binaries" inside > cmake-binaries-plugin/pom.xml. > Now, when I try deploying a release to Maven Central I get the following > exception stack trace: > > > {noformat} > java.lang.NullPointerException > at org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata > (AbstractRepositoryMetadata.java:99) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository > (AbstractRepositoryMetadata.java:59) > at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge > (MetadataBridge.java:56) > at org.eclipse.aether.internal.impl.DefaultDeployer.upload > (DefaultDeployer.java:399) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:294) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:202) > at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy > (DefaultRepositorySystem.java:393) > at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy > (DefaultArtifactDeployer.java:131) > at > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > (AbstractDeployStrategy.java:213) > at > org.sonatype.nexus.maven.staging.deploy.strategy.StagingDeployStrategy.finalizeDeploy > (StagingDeployStrategy.java:125) > at org.sonatype.nexus.maven.staging.deploy.DeployMojo.execute > (DeployMojo.java:213) > at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo > (DefaultBuildPluginManager.java:126){noformat} > > I assume that this is caused by {{preExisting.getPrefix()}} returning null, > but I have no idea why this is happening. Perhaps this is caused by previous > versions not have a goalPrefix set? Shouldn't the implementation handle this > possibility? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[ https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17846479#comment-17846479 ] ASF GitHub Bot commented on MNG-7375: - cowwoc commented on PR #645: URL: https://github.com/apache/maven/pull/645#issuecomment-2111493326 Consider backporting this to Maven 3.x; otherwise, maven-plugin-plugin version 3.13.0 cannot be used. What is the updated status of this PR? > Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with > invalid/incomplete plugin metadata > --- > > Key: MNG-7375 > URL: https://issues.apache.org/jira/browse/MNG-7375 > Project: Maven > Issue Type: Improvement > Components: Artifacts and Repositories >Affects Versions: 3.8.4 >Reporter: Konrad Windszus >Priority: Major > Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE > during > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > - Sonatype JIRA.pdf > > > Currently the metadata at > https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml > contains an invalid entry without a prefix: > {code:xml} > > > > Apache Jackrabbit FileVault - Package Maven Plugin > filevault-package > filevault-package-maven-plugin > > > filevault-package-maven-plugin > filevault-package-maven-plugin > > > > {code} > This leads to an NPE when trying to deploy a new version with > {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}: > {noformat} > Caused by: java.lang.NullPointerException > at org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:276) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata > (AbstractRepositoryMetadata.java:121) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository > (AbstractRepositoryMetadata.java:67) > at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge > (MetadataBridge.java:65) > at org.eclipse.aether.internal.impl.DefaultDeployer.upload > (DefaultDeployer.java:433) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:321) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:213) > at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy > (DefaultRepositorySystem.java:386) > at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy > (DefaultArtifactDeployer.java:142) > {noformat} > Although this happened in the context of using > "[org.sonatype.plugins:nexus-staging-maven-plugin|https://github.com/sonatype/nexus-maven-plugins]:1.6.8"; > (issue https://issues.sonatype.org/browse/NEXUS-30749 opened, exported to > [^NEXUS-30749 - Broken groupId metadata and follow-up NPE during > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > - Sonatype JIRA.pdf] ), the affected code is in Maven. > The metadata is probably invalid but the Metadata class should be more robust > when trying to do the merge in > https://github.com/apache/maven/blob/951b5ee95f40147abbc2bb9d928e408b85d5aef3/maven-repository-metadata/src/main/mdo/metadata.mdo#L100 > and just ignore all plugin entries without all mandatory elements. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MNG-7375] prevent potential NPE in Metadata.merge(...) [maven]
cowwoc commented on PR #645: URL: https://github.com/apache/maven/pull/645#issuecomment-2111493326 Consider backporting this to Maven 3.x; otherwise, maven-plugin-plugin version 3.13.0 cannot be used. What is the updated status of this PR? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MNG-8121) NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293)
[ https://issues.apache.org/jira/browse/MNG-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gili updated MNG-8121: -- Environment: Maven 3.9.6 maven-plugin-plugin 3.13.0 org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13 was: Maven 3.9.6 maven-plugin-plugin 3.13.0 > NullPointerException at > org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293) > > > Key: MNG-8121 > URL: https://issues.apache.org/jira/browse/MNG-8121 > Project: Maven > Issue Type: Bug > Components: Artifacts and Repositories >Affects Versions: 3.9.6 > Environment: Maven 3.9.6 > maven-plugin-plugin 3.13.0 > org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13 >Reporter: Gili >Priority: Major > > TL;DR {{org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293)}} throws {{NullPointerException}} if previous releases of > a plugin did not have a goalPrefix set. > > At least, this is my interpretation of what is going on. > > Background > - > > I have an open-source project at > [https://github.com/cmake-maven-project/cmake-maven-project/tree/v3.27.1-b1] > with the following coordinates: > > com.googlecode.cmake-maven-project > cmake > > If I upgrade "maven-plugin-plugin" from version 3.10.1 to 3.13.0 I am forced > to set "" because of > https://issues.apache.org/jira/browse/MPLUGIN-450 and > [https://github.com/apache/maven-plugin-tools/commit/ed4774bcd8b8d2d1f7ff1196cf7644054cb3ae14#diff-624cbd32cd7fc0f3f9154fbec92b8a1aebb04614360b4a0b5fc28a407e99d743L96] > > In my particular case, I set "cmake-binaries" inside > cmake-binaries-plugin/pom.xml. > Now, when I try deploying a release to Maven Central I get the following > exception stack trace: > > > {noformat} > java.lang.NullPointerException > at org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata > (AbstractRepositoryMetadata.java:99) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository > (AbstractRepositoryMetadata.java:59) > at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge > (MetadataBridge.java:56) > at org.eclipse.aether.internal.impl.DefaultDeployer.upload > (DefaultDeployer.java:399) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:294) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:202) > at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy > (DefaultRepositorySystem.java:393) > at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy > (DefaultArtifactDeployer.java:131) > at > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > (AbstractDeployStrategy.java:213) > at > org.sonatype.nexus.maven.staging.deploy.strategy.StagingDeployStrategy.finalizeDeploy > (StagingDeployStrategy.java:125) > at org.sonatype.nexus.maven.staging.deploy.DeployMojo.execute > (DeployMojo.java:213) > at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo > (DefaultBuildPluginManager.java:126){noformat} > > I assume that this is caused by {{preExisting.getPrefix()}} returning null, > but I have no idea why this is happening. Perhaps this is caused by previous > versions not have a goalPrefix set? Shouldn't the implementation handle this > possibility? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (MNG-8121) NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293)
[ https://issues.apache.org/jira/browse/MNG-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17846472#comment-17846472 ] Gili edited comment on MNG-8121 at 5/15/24 2:44 AM: I just confirmed the problem by running the build through a debugger. When merge() is invoked on "cmake-binaries-plugin" the for loop returns a plugin where preExisting.getPrefix() returns null. Looking at [https://github.com/sonatype/nexus-maven-plugins/blob/43a9940b134c3f87ebe4daa82552e844d9c578b8/staging/maven-plugin/src/main/java/org/sonatype/nexus/maven/staging/deploy/strategy/AbstractDeployStrategy.java#L107] the "cmake-binaries-plugin" returns two instances of ArtifactMetadata: # ArtifactRepositoryMetadata # ProjectArtifactMetadata but because none of them is an instanceof GroupRepositoryMetadata, pluginPrefix remains equal to null. This is probably the crux of the matter. # Is the nexus plugin wrong to use GroupRepositoryMetadata to look up the plugin's prefix? Or, # Is does maven-plugin-plugin contain a regression and GroupRepositoryMetadata should be returned? I await your feedback. was (Author: cowwoc): I just confirmed the problem by running the build through a debugger. When merge() is invoked on "cmake-binaries-plugin" the for loop returns a plugin where preExisting.getPrefix() returns null. > NullPointerException at > org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293) > > > Key: MNG-8121 > URL: https://issues.apache.org/jira/browse/MNG-8121 > Project: Maven > Issue Type: Bug > Components: Artifacts and Repositories >Affects Versions: 3.9.6 > Environment: Maven 3.9.6 > maven-plugin-plugin 3.13.0 >Reporter: Gili >Priority: Major > > TL;DR {{org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293)}} throws {{NullPointerException}} if previous releases of > a plugin did not have a goalPrefix set. > > At least, this is my interpretation of what is going on. > > Background > - > > I have an open-source project at > [https://github.com/cmake-maven-project/cmake-maven-project/tree/v3.27.1-b1] > with the following coordinates: > > com.googlecode.cmake-maven-project > cmake > > If I upgrade "maven-plugin-plugin" from version 3.10.1 to 3.13.0 I am forced > to set "" because of > https://issues.apache.org/jira/browse/MPLUGIN-450 and > [https://github.com/apache/maven-plugin-tools/commit/ed4774bcd8b8d2d1f7ff1196cf7644054cb3ae14#diff-624cbd32cd7fc0f3f9154fbec92b8a1aebb04614360b4a0b5fc28a407e99d743L96] > > In my particular case, I set "cmake-binaries" inside > cmake-binaries-plugin/pom.xml. > Now, when I try deploying a release to Maven Central I get the following > exception stack trace: > > > {noformat} > java.lang.NullPointerException > at org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata > (AbstractRepositoryMetadata.java:99) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository > (AbstractRepositoryMetadata.java:59) > at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge > (MetadataBridge.java:56) > at org.eclipse.aether.internal.impl.DefaultDeployer.upload > (DefaultDeployer.java:399) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:294) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:202) > at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy > (DefaultRepositorySystem.java:393) > at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy > (DefaultArtifactDeployer.java:131) > at > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > (AbstractDeployStrategy.java:213) > at > org.sonatype.nexus.maven.staging.deploy.strategy.StagingDeployStrategy.finalizeDeploy > (StagingDeployStrategy.java:125) > at org.sonatype.nexus.maven.staging.deploy.DeployMojo.execute > (DeployMojo.java:213) > at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo > (DefaultBuildPluginManager.java:126){noformat} > > I assume that this is caused by {{preExisting.getPrefix()}} returning null, > but I have no idea why this is happening. Perhaps this is caused by previous > versions not have a goalPrefix set? Shouldn't the implementation handle this > possibility? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-8121) NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293)
[ https://issues.apache.org/jira/browse/MNG-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17846472#comment-17846472 ] Gili commented on MNG-8121: --- I just confirmed the problem by running the build through a debugger. When merge() is invoked on "cmake-binaries-plugin" the for loop returns a plugin where preExisting.getPrefix() returns null. > NullPointerException at > org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293) > > > Key: MNG-8121 > URL: https://issues.apache.org/jira/browse/MNG-8121 > Project: Maven > Issue Type: Bug > Components: Artifacts and Repositories >Affects Versions: 3.9.6 > Environment: Maven 3.9.6 > maven-plugin-plugin 3.13.0 >Reporter: Gili >Priority: Major > > TL;DR {{org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293)}} throws {{NullPointerException}} if previous releases of > a plugin did not have a goalPrefix set. > > At least, this is my interpretation of what is going on. > > Background > - > > I have an open-source project at > [https://github.com/cmake-maven-project/cmake-maven-project/tree/v3.27.1-b1] > with the following coordinates: > > com.googlecode.cmake-maven-project > cmake > > If I upgrade "maven-plugin-plugin" from version 3.10.1 to 3.13.0 I am forced > to set "" because of > https://issues.apache.org/jira/browse/MPLUGIN-450 and > [https://github.com/apache/maven-plugin-tools/commit/ed4774bcd8b8d2d1f7ff1196cf7644054cb3ae14#diff-624cbd32cd7fc0f3f9154fbec92b8a1aebb04614360b4a0b5fc28a407e99d743L96] > > In my particular case, I set "cmake-binaries" inside > cmake-binaries-plugin/pom.xml. > Now, when I try deploying a release to Maven Central I get the following > exception stack trace: > > > {noformat} > java.lang.NullPointerException > at org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:293) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata > (AbstractRepositoryMetadata.java:99) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository > (AbstractRepositoryMetadata.java:59) > at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge > (MetadataBridge.java:56) > at org.eclipse.aether.internal.impl.DefaultDeployer.upload > (DefaultDeployer.java:399) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:294) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:202) > at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy > (DefaultRepositorySystem.java:393) > at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy > (DefaultArtifactDeployer.java:131) > at > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > (AbstractDeployStrategy.java:213) > at > org.sonatype.nexus.maven.staging.deploy.strategy.StagingDeployStrategy.finalizeDeploy > (StagingDeployStrategy.java:125) > at org.sonatype.nexus.maven.staging.deploy.DeployMojo.execute > (DeployMojo.java:213) > at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo > (DefaultBuildPluginManager.java:126){noformat} > > I assume that this is caused by {{preExisting.getPrefix()}} returning null, > but I have no idea why this is happening. Perhaps this is caused by previous > versions not have a goalPrefix set? Shouldn't the implementation handle this > possibility? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MNG-8121) NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293)
[ https://issues.apache.org/jira/browse/MNG-8121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gili updated MNG-8121: -- Description: TL;DR {{org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293)}} throws {{NullPointerException}} if previous releases of a plugin did not have a goalPrefix set. At least, this is my interpretation of what is going on. Background - I have an open-source project at [https://github.com/cmake-maven-project/cmake-maven-project/tree/v3.27.1-b1] with the following coordinates: com.googlecode.cmake-maven-project cmake If I upgrade "maven-plugin-plugin" from version 3.10.1 to 3.13.0 I am forced to set "" because of https://issues.apache.org/jira/browse/MPLUGIN-450 and [https://github.com/apache/maven-plugin-tools/commit/ed4774bcd8b8d2d1f7ff1196cf7644054cb3ae14#diff-624cbd32cd7fc0f3f9154fbec92b8a1aebb04614360b4a0b5fc28a407e99d743L96] In my particular case, I set "cmake-binaries" inside cmake-binaries-plugin/pom.xml. Now, when I try deploying a release to Maven Central I get the following exception stack trace: {noformat} java.lang.NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293) at org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata (AbstractRepositoryMetadata.java:99) at org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository (AbstractRepositoryMetadata.java:59) at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge (MetadataBridge.java:56) at org.eclipse.aether.internal.impl.DefaultDeployer.upload (DefaultDeployer.java:399) at org.eclipse.aether.internal.impl.DefaultDeployer.deploy (DefaultDeployer.java:294) at org.eclipse.aether.internal.impl.DefaultDeployer.deploy (DefaultDeployer.java:202) at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy (DefaultRepositorySystem.java:393) at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy (DefaultArtifactDeployer.java:131) at org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp (AbstractDeployStrategy.java:213) at org.sonatype.nexus.maven.staging.deploy.strategy.StagingDeployStrategy.finalizeDeploy (StagingDeployStrategy.java:125) at org.sonatype.nexus.maven.staging.deploy.DeployMojo.execute (DeployMojo.java:213) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126){noformat} I assume that this is caused by {{preExisting.getPrefix()}} returning null, but I have no idea why this is happening. Perhaps this is caused by previous versions not have a goalPrefix set? Shouldn't the implementation handle this possibility? was: TL;DR org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293) throws NullPointerException if previous releases of a plugin did not have a goalPrefix set. At least, this is my interpretation of what is going on. Background - I have an open-source project at [https://github.com/cmake-maven-project/cmake-maven-project/tree/v3.27.1-b1] with the following coordinates: com.googlecode.cmake-maven-project cmake If I upgrade "maven-plugin-plugin" from version 3.10.1 to 3.13.0 I am forced to set "" because of https://issues.apache.org/jira/browse/MPLUGIN-450 and [https://github.com/apache/maven-plugin-tools/commit/ed4774bcd8b8d2d1f7ff1196cf7644054cb3ae14#diff-624cbd32cd7fc0f3f9154fbec92b8a1aebb04614360b4a0b5fc28a407e99d743L96] In my particular case, I set "cmake-binaries" inside cmake-binaries-plugin/pom.xml. Now, when I try deploying a release to Maven Central I get the following exception stack trace: {noformat} java.lang.NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293) at org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata (AbstractRepositoryMetadata.java:99) at org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository (AbstractRepositoryMetadata.java:59) at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge (MetadataBridge.java:56) at org.eclipse.aether.internal.impl.DefaultDeployer.upload (DefaultDeployer.java:399) at org.eclipse.aether.internal.impl.DefaultDeployer.deploy (DefaultDeployer.java:294) at org.eclipse.aether.internal.impl.DefaultDeployer.deploy (DefaultDeployer.java:202) at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy (DefaultRepositorySystem.java:393) at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy (DefaultArtifactDeployer.java:131) at org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp (AbstractDeployStrategy.java:213)
[jira] [Created] (MNG-8121) NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293)
Gili created MNG-8121: - Summary: NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293) Key: MNG-8121 URL: https://issues.apache.org/jira/browse/MNG-8121 Project: Maven Issue Type: Bug Components: Artifacts and Repositories Affects Versions: 3.9.6 Environment: Maven 3.9.6 maven-plugin-plugin 3.13.0 Reporter: Gili TL;DR org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293) throws NullPointerException if previous releases of a plugin did not have a goalPrefix set. At least, this is my interpretation of what is going on. Background - I have an open-source project at [https://github.com/cmake-maven-project/cmake-maven-project/tree/v3.27.1-b1] with the following coordinates: com.googlecode.cmake-maven-project cmake If I upgrade "maven-plugin-plugin" from version 3.10.1 to 3.13.0 I am forced to set "" because of https://issues.apache.org/jira/browse/MPLUGIN-450 and [https://github.com/apache/maven-plugin-tools/commit/ed4774bcd8b8d2d1f7ff1196cf7644054cb3ae14#diff-624cbd32cd7fc0f3f9154fbec92b8a1aebb04614360b4a0b5fc28a407e99d743L96] In my particular case, I set "cmake-binaries" inside cmake-binaries-plugin/pom.xml. Now, when I try deploying a release to Maven Central I get the following exception stack trace: {noformat} java.lang.NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293) at org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata (AbstractRepositoryMetadata.java:99) at org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository (AbstractRepositoryMetadata.java:59) at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge (MetadataBridge.java:56) at org.eclipse.aether.internal.impl.DefaultDeployer.upload (DefaultDeployer.java:399) at org.eclipse.aether.internal.impl.DefaultDeployer.deploy (DefaultDeployer.java:294) at org.eclipse.aether.internal.impl.DefaultDeployer.deploy (DefaultDeployer.java:202) at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy (DefaultRepositorySystem.java:393) at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy (DefaultArtifactDeployer.java:131) at org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp (AbstractDeployStrategy.java:213) at org.sonatype.nexus.maven.staging.deploy.strategy.StagingDeployStrategy.finalizeDeploy (StagingDeployStrategy.java:125) at org.sonatype.nexus.maven.staging.deploy.DeployMojo.execute (DeployMojo.java:213) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126){noformat} I assume that this is caused by {{preExisting.getPrefix()}} returning null, but I have no idea why this is happening. Perhaps this is caused by previous versions not have a goalPrefix set? Shouldn't the implementation handle this possibility? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MASFRES-68) Upgrade parent POM to version 42
[ https://issues.apache.org/jira/browse/MASFRES-68?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MASFRES-68. --- Assignee: Sylwester Lachiewicz Resolution: Fixed > Upgrade parent POM to version 42 > > > Key: MASFRES-68 > URL: https://issues.apache.org/jira/browse/MASFRES-68 > Project: Apache Maven Resource Bundles > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: apache-resources 1.6 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MASFRES-68] Upgrade parent pom to 42 [maven-apache-resources]
slachiewicz merged PR #12: URL: https://github.com/apache/maven-apache-resources/pull/12 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-compat from 3.2.5 to 3.8.1 [maven-project-info-reports-plugin]
dependabot[bot] commented on PR #65: URL: https://github.com/apache/maven-project-info-reports-plugin/pull/65#issuecomment-2111206879 OK, I won't notify you about org.apache.maven:maven-compat again, unless you re-open this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-core from 3.2.5 to 3.8.1 [maven-project-info-reports-plugin]
dependabot[bot] commented on PR #64: URL: https://github.com/apache/maven-project-info-reports-plugin/pull/64#issuecomment-2111207042 OK, I won't notify you about org.apache.maven:maven-core again, unless you re-open this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-core from 3.2.5 to 3.8.1 [maven-project-info-reports-plugin]
dependabot[bot] closed pull request #64: Bump org.apache.maven:maven-core from 3.2.5 to 3.8.1 URL: https://github.com/apache/maven-project-info-reports-plugin/pull/64 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-core from 3.2.5 to 3.8.1 [maven-project-info-reports-plugin]
slachiewicz commented on PR #64: URL: https://github.com/apache/maven-project-info-reports-plugin/pull/64#issuecomment-2111206981 @dependabot ignore this dependency -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-compat from 3.2.5 to 3.8.1 [maven-project-info-reports-plugin]
dependabot[bot] closed pull request #65: Bump org.apache.maven:maven-compat from 3.2.5 to 3.8.1 URL: https://github.com/apache/maven-project-info-reports-plugin/pull/65 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-compat from 3.2.5 to 3.8.1 [maven-project-info-reports-plugin]
slachiewicz commented on PR #65: URL: https://github.com/apache/maven-project-info-reports-plugin/pull/65#issuecomment-2111206822 @dependabot ignore this dependency -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven:maven-core from 3.0 to 3.8.1 [maven-jdeps-plugin]
dependabot[bot] opened a new pull request, #10: URL: https://github.com/apache/maven-jdeps-plugin/pull/10 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.0 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d";>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1";>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231";>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9";>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9";>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f";>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016";>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f";>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871";>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3";>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.0...maven-3.8.1";>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven:maven-core&package-manager=maven&previous-version=3.0&new-version=3.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-jdeps-plugin/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump doxiaVersion from 2.0.0-M10-SNAPSHOT to 2.0.0-M11 [maven-doxia-converter]
slachiewicz commented on PR #71: URL: https://github.com/apache/maven-doxia-converter/pull/71#issuecomment-2111205847 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven:maven-core from 3.2.5 to 3.8.1 [maven-common-artifact-filters]
dependabot[bot] opened a new pull request, #35: URL: https://github.com/apache/maven-common-artifact-filters/pull/35 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.2.5 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d";>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1";>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231";>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9";>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9";>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f";>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016";>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f";>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871";>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3";>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.2.5...maven-3.8.1";>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven:maven-core&package-manager=maven&previous-version=3.2.5&new-version=3.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-common-artifact-filters/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump com.ibm.icu:icu4j from 74.2 to 75.1 [maven-doxia-converter]
dependabot[bot] commented on PR #69: URL: https://github.com/apache/maven-doxia-converter/pull/69#issuecomment-2111205108 OK, I won't notify you about com.ibm.icu:icu4j again, unless you re-open this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump com.ibm.icu:icu4j from 74.2 to 75.1 [maven-doxia-converter]
dependabot[bot] closed pull request #69: Bump com.ibm.icu:icu4j from 74.2 to 75.1 URL: https://github.com/apache/maven-doxia-converter/pull/69 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump com.ibm.icu:icu4j from 74.2 to 75.1 [maven-doxia-converter]
slachiewicz commented on PR #69: URL: https://github.com/apache/maven-doxia-converter/pull/69#issuecomment-2111205050 @dependabot ignore this dependency -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven:maven-compat from 3.2.5 to 3.8.1 [maven-project-info-reports-plugin]
dependabot[bot] opened a new pull request, #65: URL: https://github.com/apache/maven-project-info-reports-plugin/pull/65 Bumps [org.apache.maven:maven-compat](https://github.com/apache/maven) from 3.2.5 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d";>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1";>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231";>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9";>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9";>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f";>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016";>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f";>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871";>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3";>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.2.5...maven-3.8.1";>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven:maven-compat&package-manager=maven&previous-version=3.2.5&new-version=3.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-project-info-reports-plugin/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump org.apache.maven:maven-core from 3.2.5 to 3.8.1 [maven-project-info-reports-plugin]
dependabot[bot] opened a new pull request, #64: URL: https://github.com/apache/maven-project-info-reports-plugin/pull/64 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.2.5 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d";>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1";>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231";>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9";>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9";>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f";>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016";>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f";>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871";>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3";>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.2.5...maven-3.8.1";>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven:maven-core&package-manager=maven&previous-version=3.2.5&new-version=3.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/maven-project-info-reports-plugin/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MASFRES-68) Upgrade parent POM to version 42
Sylwester Lachiewicz created MASFRES-68: --- Summary: Upgrade parent POM to version 42 Key: MASFRES-68 URL: https://issues.apache.org/jira/browse/MASFRES-68 Project: Apache Maven Resource Bundles Issue Type: Dependency upgrade Reporter: Sylwester Lachiewicz Fix For: apache-resources 1.6 -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Bump org.apache.maven:maven-parent from 41 to 42 [maven-doxia-site]
slachiewicz merged PR #36: URL: https://github.com/apache/maven-doxia-site/pull/36 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 [maven-acr-plugin]
slachiewicz merged PR #36: URL: https://github.com/apache/maven-acr-plugin/pull/36 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.codehaus.plexus:plexus-testing from 1.1.0 to 1.3.0 [maven-clean-plugin]
dependabot[bot] commented on PR #40: URL: https://github.com/apache/maven-clean-plugin/pull/40#issuecomment-257349 Looks like this PR is already up-to-date with master! If you'd still like to recreate it from scratch, overwriting any edits, you can request `@dependabot recreate`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.codehaus.plexus:plexus-testing from 1.1.0 to 1.3.0 [maven-clean-plugin]
slachiewicz commented on PR #40: URL: https://github.com/apache/maven-clean-plugin/pull/40#issuecomment-257288 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven.plugins:maven-plugins from 41 to 42 [maven-gpg-plugin]
dependabot[bot] closed pull request #97: Bump org.apache.maven.plugins:maven-plugins from 41 to 42 URL: https://github.com/apache/maven-gpg-plugin/pull/97 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven.plugins:maven-plugins from 41 to 42 [maven-gpg-plugin]
dependabot[bot] commented on PR #97: URL: https://github.com/apache/maven-gpg-plugin/pull/97#issuecomment-250889 Looks like org.apache.maven.plugins:maven-plugins is up-to-date now, so this is no longer needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven.plugins:maven-plugins from 41 to 42 [maven-gpg-plugin]
slachiewicz commented on PR #97: URL: https://github.com/apache/maven-gpg-plugin/pull/97#issuecomment-250182 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-source-plugin]
slachiewicz merged PR #27: URL: https://github.com/apache/maven-source-plugin/pull/27 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump commons-io:commons-io from 2.15.1 to 2.16.1 [maven-artifact-plugin]
slachiewicz merged PR #35: URL: https://github.com/apache/maven-artifact-plugin/pull/35 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven.reporting:maven-reporting-impl from 3.1.0 to 3.2.0 [maven-changelog-plugin]
slachiewicz commented on PR #19: URL: https://github.com/apache/maven-changelog-plugin/pull/19#issuecomment-240724 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven.reporting:maven-reporting-api from 3.1.0 to 3.1.1 [maven-changelog-plugin]
slachiewicz merged PR #18: URL: https://github.com/apache/maven-changelog-plugin/pull/18 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump jacocoVersion from 0.8.11 to 0.8.12 (Java 22/23) [maven-surefire]
slachiewicz merged PR #729: URL: https://github.com/apache/maven-surefire/pull/729 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump jakarta.inject:jakarta.inject-api from 1.0 to 2.0.1 [maven-mvnd]
dependabot[bot] commented on PR #946: URL: https://github.com/apache/maven-mvnd/pull/946#issuecomment-211845 OK, I won't notify you about version 2.x.x again, unless you re-open this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump jakarta.inject:jakarta.inject-api from 1.0 to 2.0.1 [maven-mvnd]
dependabot[bot] closed pull request #946: Bump jakarta.inject:jakarta.inject-api from 1.0 to 2.0.1 URL: https://github.com/apache/maven-mvnd/pull/946 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump jakarta.inject:jakarta.inject-api from 1.0 to 2.0.1 [maven-mvnd]
slachiewicz commented on PR #946: URL: https://github.com/apache/maven-mvnd/pull/946#issuecomment-211768 @dependabot ignore this major version -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump slf4j.version from 1.7.36 to 2.0.13 [maven-mvnd]
dependabot[bot] commented on PR #959: URL: https://github.com/apache/maven-mvnd/pull/959#issuecomment-211320 OK, I won't notify you about version 2.x.x again, unless you re-open this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump slf4j.version from 1.7.36 to 2.0.13 [maven-mvnd]
dependabot[bot] closed pull request #959: Bump slf4j.version from 1.7.36 to 2.0.13 URL: https://github.com/apache/maven-mvnd/pull/959 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump slf4j.version from 1.7.36 to 2.0.13 [maven-mvnd]
slachiewicz commented on PR #959: URL: https://github.com/apache/maven-mvnd/pull/959#issuecomment-211234 @dependabot ignore this major version -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven.plugins:maven-wrapper-plugin from 3.3.0 to 3.3.1 [maven-mvnd]
slachiewicz merged PR #982: URL: https://github.com/apache/maven-mvnd/pull/982 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven.plugins:maven-plugins from 41 to 42 [maven-site-plugin]
slachiewicz commented on PR #181: URL: https://github.com/apache/maven-site-plugin/pull/181#issuecomment-207238 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump mavenVersion from 3.6.3 to 3.9.6 [maven-doxia-sitetools]
dependabot[bot] commented on PR #156: URL: https://github.com/apache/maven-doxia-sitetools/pull/156#issuecomment-2110966542 OK, I won't notify you about any of these dependencies again, unless you re-open this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump mavenVersion from 3.6.3 to 3.9.6 [maven-doxia-sitetools]
dependabot[bot] closed pull request #156: Bump mavenVersion from 3.6.3 to 3.9.6 URL: https://github.com/apache/maven-doxia-sitetools/pull/156 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump com.google.inject:guice from 6.0.0 to 7.0.0 [maven-mvnd]
dependabot[bot] closed pull request #990: Bump com.google.inject:guice from 6.0.0 to 7.0.0 URL: https://github.com/apache/maven-mvnd/pull/990 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump com.google.inject:guice from 6.0.0 to 7.0.0 [maven-mvnd]
dependabot[bot] commented on PR #990: URL: https://github.com/apache/maven-mvnd/pull/990#issuecomment-2110954155 OK, I won't notify you about version 7.x.x again, unless you re-open this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump resolverVersion from 1.4.1 to 1.9.20 [maven-doxia-sitetools]
dependabot[bot] commented on PR #155: URL: https://github.com/apache/maven-doxia-sitetools/pull/155#issuecomment-2110945595 OK, I won't notify you about any of these dependencies again, unless you re-open this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump resolverVersion from 1.4.1 to 1.9.20 [maven-doxia-sitetools]
dependabot[bot] closed pull request #155: Bump resolverVersion from 1.4.1 to 1.9.20 URL: https://github.com/apache/maven-doxia-sitetools/pull/155 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven.resolver:maven-resolver-api from 1.4.1 to 1.9.20 [maven-reporting-impl]
dependabot[bot] commented on PR #42: URL: https://github.com/apache/maven-reporting-impl/pull/42#issuecomment-2110942968 OK, I won't notify you about org.apache.maven.resolver:maven-resolver-api again, unless you re-open this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven.resolver:maven-resolver-api from 1.4.1 to 1.9.20 [maven-reporting-impl]
dependabot[bot] closed pull request #42: Bump org.apache.maven.resolver:maven-resolver-api from 1.4.1 to 1.9.20 URL: https://github.com/apache/maven-reporting-impl/pull/42 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump ca.vanzyl.provisio.maven.plugins:provisio-maven-plugin from 1.0.24 to 1.0.25 [maven-mvnd]
slachiewicz merged PR #989: URL: https://github.com/apache/maven-mvnd/pull/989 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump com.google.inject:guice from 6.0.0 to 7.0.0 [maven-mvnd]
slachiewicz commented on PR #990: URL: https://github.com/apache/maven-mvnd/pull/990#issuecomment-211093 @dependabot ignore this major version -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump resolverVersion from 1.4.1 to 1.9.20 [maven-doxia-sitetools]
slachiewicz commented on PR #155: URL: https://github.com/apache/maven-doxia-sitetools/pull/155#issuecomment-2110930041 @dependabot ignore this dependency -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump mavenVersion from 3.6.3 to 3.9.6 [maven-doxia-sitetools]
slachiewicz commented on PR #156: URL: https://github.com/apache/maven-doxia-sitetools/pull/156#issuecomment-2110929419 @dependabot ignore this dependency -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven.shared:maven-shared-components from 41 to 42 [maven-reporting-api]
dependabot[bot] commented on PR #20: URL: https://github.com/apache/maven-reporting-api/pull/20#issuecomment-2110926791 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven.shared:maven-shared-components from 41 to 42 [maven-reporting-api]
slachiewicz closed pull request #20: Bump org.apache.maven.shared:maven-shared-components from 41 to 42 URL: https://github.com/apache/maven-reporting-api/pull/20 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MSHARED-1397) Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2
[ https://issues.apache.org/jira/browse/MSHARED-1397?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MSHARED-1397. - Resolution: Fixed > Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 > > > Key: MSHARED-1397 > URL: https://issues.apache.org/jira/browse/MSHARED-1397 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-reporting-impl >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: maven-reporting-impl-4.0.0, > maven-reporting-impl-4.0.0-M15 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSHARED-1397) Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2
[ https://issues.apache.org/jira/browse/MSHARED-1397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17846391#comment-17846391 ] ASF GitHub Bot commented on MSHARED-1397: - slachiewicz merged PR #34: URL: https://github.com/apache/maven-reporting-impl/pull/34 > Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 > > > Key: MSHARED-1397 > URL: https://issues.apache.org/jira/browse/MSHARED-1397 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-reporting-impl >Reporter: Sylwester Lachiewicz >Priority: Minor > Fix For: maven-reporting-impl-4.0.0, > maven-reporting-impl-4.0.0-M15 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MSHARED-1397] Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 [maven-reporting-impl]
slachiewicz merged PR #34: URL: https://github.com/apache/maven-reporting-impl/pull/34 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MSHARED-1397) Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2
Sylwester Lachiewicz created MSHARED-1397: - Summary: Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 Key: MSHARED-1397 URL: https://issues.apache.org/jira/browse/MSHARED-1397 Project: Maven Shared Components Issue Type: Dependency upgrade Components: maven-reporting-impl Reporter: Sylwester Lachiewicz Fix For: maven-reporting-impl-4.0.0, maven-reporting-impl-4.0.0-M15 -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Bump org.apache.maven.resolver:maven-resolver-api from 1.4.1 to 1.9.20 [maven-reporting-impl]
slachiewicz commented on PR #42: URL: https://github.com/apache/maven-reporting-impl/pull/42#issuecomment-2110910936 @dependabot ignore this dependency -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-compat from 3.6.3 to 3.8.1 [maven-reporting-exec]
dependabot[bot] commented on PR #23: URL: https://github.com/apache/maven-reporting-exec/pull/23#issuecomment-2110907881 OK, I won't notify you about org.apache.maven:maven-compat again, unless you re-open this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-compat from 3.6.3 to 3.8.1 [maven-reporting-exec]
dependabot[bot] closed pull request #23: Bump org.apache.maven:maven-compat from 3.6.3 to 3.8.1 URL: https://github.com/apache/maven-reporting-exec/pull/23 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-core from 3.2.5 to 3.8.1 [maven-reporting-exec]
dependabot[bot] commented on PR #21: URL: https://github.com/apache/maven-reporting-exec/pull/21#issuecomment-2110900185 OK, I won't notify you about org.apache.maven:maven-core again, unless you re-open this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-core from 3.2.5 to 3.8.1 [maven-reporting-exec]
dependabot[bot] closed pull request #21: Bump org.apache.maven:maven-core from 3.2.5 to 3.8.1 URL: https://github.com/apache/maven-reporting-exec/pull/21 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.mockito:mockito-core from 5.11.0 to 5.12.0 [maven-resolver]
slachiewicz merged PR #493: URL: https://github.com/apache/maven-resolver/pull/493 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-core from 3.2.5 to 3.8.1 [maven-reporting-exec]
slachiewicz commented on PR #21: URL: https://github.com/apache/maven-reporting-exec/pull/21#issuecomment-2110872322 @dependabot ignore this dependency -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-compat from 3.6.3 to 3.8.1 [maven-reporting-exec]
slachiewicz commented on PR #23: URL: https://github.com/apache/maven-reporting-exec/pull/23#issuecomment-2110871788 @dependabot ignore this dependency -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (MSKINS-214) Publish changelog of 1.11.2 as GitHub release
[ https://issues.apache.org/jira/browse/MSKINS-214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MSKINS-214. --- Resolution: Fixed > Publish changelog of 1.11.2 as GitHub release > - > > Key: MSKINS-214 > URL: https://issues.apache.org/jira/browse/MSKINS-214 > Project: Maven Skins > Issue Type: Wish > Components: Fluido Skin >Reporter: Alexander Brandes >Priority: Minor > > Hey, > maven-fluido-skin 1.11.2 has been released on January the 17th, 2023, but the > latest GitHub release points to 1.11.1: > [https://github.com/apache/maven-fluido-skin/releases] > Would you mind publishing a changelog for 1.11.2 too? > Thanks in advance! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSKINS-214) Publish changelog of 1.11.2 as GitHub release
[ https://issues.apache.org/jira/browse/MSKINS-214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17846388#comment-17846388 ] Sylwester Lachiewicz commented on MSKINS-214: - https://github.com/apache/maven-fluido-skin/releases/tag/maven-fluido-skin-1.11.2 > Publish changelog of 1.11.2 as GitHub release > - > > Key: MSKINS-214 > URL: https://issues.apache.org/jira/browse/MSKINS-214 > Project: Maven Skins > Issue Type: Wish > Components: Fluido Skin >Reporter: Alexander Brandes >Priority: Minor > > Hey, > maven-fluido-skin 1.11.2 has been released on January the 17th, 2023, but the > latest GitHub release points to 1.11.1: > [https://github.com/apache/maven-fluido-skin/releases] > Would you mind publishing a changelog for 1.11.2 too? > Thanks in advance! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MINVOKER-365) Allow to pre-build script to set user properties
[ https://issues.apache.org/jira/browse/MINVOKER-365?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski closed MINVOKER-365. Resolution: Fixed > Allow to pre-build script to set user properties > > > Key: MINVOKER-365 > URL: https://issues.apache.org/jira/browse/MINVOKER-365 > Project: Maven Invoker Plugin > Issue Type: New Feature >Reporter: Slawomir Jaranowski >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: 3.7.0 > > > We can have a scenario when in pre-build script we run a mock server, eg by > WireMock or simply by other tools. > In such situation we have a random a use random port for listening > connection, so we need pass it to Maven execution. > Other simple scenario is when we create a temporary file with test data. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MINVOKER-351) Prevent XML-prohibited characters from entering JUnit report
[ https://issues.apache.org/jira/browse/MINVOKER-351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MINVOKER-351: - Issue Type: Bug (was: Improvement) > Prevent XML-prohibited characters from entering JUnit report > > > Key: MINVOKER-351 > URL: https://issues.apache.org/jira/browse/MINVOKER-351 > Project: Maven Invoker Plugin > Issue Type: Bug >Reporter: Mikkel Kjeldsen >Priority: Major > Fix For: 3.7.0 > > Attachments: minvoker-351.tar.gz > > > Neither the Maven Invoker plugin's implementation of {{}} > nor the underlying XML infrastructure directly protect against the presence > of character literals prohibited by the XML specification, meaning such > literals can appear in the JUnit report and render it unreadable. *I would > appreciate if the Maven Invoker plugin could learn to strip prohibited > literals to protect its users from creative plugins.* I argue that this is a > safe and expected transformation that is not materially lossy. > > h2. Background > MINVOKER-196 added the {{}} option [back in > maven-invoker-plugin-3.2.1|https://github.com/apache/maven-invoker-plugin/blob/maven-invoker-plugin-3.2.1/src/main/java/org/apache/maven/plugins/invoker/AbstractInvokerMojo.java#L1878-L1946]. > As of [maven-invoker-plugin-3.6.0 the effective implementation of the JUnit > report remains effectively > unchanged|https://github.com/apache/maven-invoker-plugin/blob/maven-invoker-plugin-3.6.0/src/main/java/org/apache/maven/plugins/invoker/AbstractInvokerMojo.java#L1695-L1754]. > The JUnit report includes a {{}} element ([example > documentation|https://github.com/testmoapp/junitxml]) whose value Maven > Invoker populates with the raw build log contents. I've observed that this > value is XML-escaped, which I imagine is well understood in the > implementation, although I can't immediately find documentation to support > that. > However, escaping notwithstanding, a number of character literals are > outright prohibited by the XML specifications. These literals cannot be > escaped, and their presence renders an XML document not well formed. The > exact set of prohibited characters varies by XML version; the report produced > by the Maven Invoker plugin is XML version 1.0. When the Maven Invoker plugin > reads in the build log it does not strip these character literals and neither > does the XML writer the Maven Invoker plugin relies on. Consequently, if a > build log ends up including a prohibited character the resulting JUnit report > will not be well formed. > The set of prohibited characters is the complement of [the XML > specification's definition of {{Char}}|https://www.w3.org/TR/xml/#NT-Char]. > h2. Example > Among the literals prohibited by XML version 1.0 is {{^H}} (backspace). When > [pitest runs via Maven|https://pitest.org/quickstart/maven/] it prints a > spinner to standard out, and the implementation uses backspace to render the > spinner in place. I have used the Maven Invoker plugin with > {{}} to verify a pitest configuration, whereby I discovered > this limitation. > h2. Remediation > h3. Blame plugins > Perhaps pitest should not behave this way but we can't change pitest, and > even if pitest could be changed that offers no protection against any other > plugin, so blaming plugins is an ineffective course of action. > h3. Work-arounds > The user can manually clean the build log in-place via > {{}}. This is technically fairly easy to do, and makes > the transformation very explicit, but it requires considerable local work to > address an issue many would find obscure and the transformation is > permanently lossy unless the user also backs up the raw log to another file > name. > h3. Strip prohibited literals inside Maven Invoker plugin > If the Maven Invoker plugin learns to strip offending character literals > in-between reading the build log and writing to the {{}} value > then {{}} will Just Work™, which I assert is what a user > will typically expect. Although the {{}} value will no longer > exactly match the build log contents, this lossy translation is acceptable: > the prohibited characters are overwhelmingly unprintable to begin with and > therefore cannot be meaningfully rendered in a static context, and the raw > build log remains unchanged in the event that the user needs to investigate > or assert against the raw output. > This change would be backwards compatible, because any existing user that > would be affected by it would already have unparseable JUnit reports. > * I _believe_ that Java's {{j.u.r.Pattern}} can trivially express the > complement of allowed characters but there may exist more efficient solutions. > * Consider also applying this transformation to the 2 uses
[jira] [Updated] (MINVOKER-351) Prevent XML-prohibited characters from entering JUnit report
[ https://issues.apache.org/jira/browse/MINVOKER-351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MINVOKER-351: - Fix Version/s: 3.7.0 (was: waiting-for-feedback) > Prevent XML-prohibited characters from entering JUnit report > > > Key: MINVOKER-351 > URL: https://issues.apache.org/jira/browse/MINVOKER-351 > Project: Maven Invoker Plugin > Issue Type: Improvement >Reporter: Mikkel Kjeldsen >Priority: Major > Fix For: 3.7.0 > > Attachments: minvoker-351.tar.gz > > > Neither the Maven Invoker plugin's implementation of {{}} > nor the underlying XML infrastructure directly protect against the presence > of character literals prohibited by the XML specification, meaning such > literals can appear in the JUnit report and render it unreadable. *I would > appreciate if the Maven Invoker plugin could learn to strip prohibited > literals to protect its users from creative plugins.* I argue that this is a > safe and expected transformation that is not materially lossy. > > h2. Background > MINVOKER-196 added the {{}} option [back in > maven-invoker-plugin-3.2.1|https://github.com/apache/maven-invoker-plugin/blob/maven-invoker-plugin-3.2.1/src/main/java/org/apache/maven/plugins/invoker/AbstractInvokerMojo.java#L1878-L1946]. > As of [maven-invoker-plugin-3.6.0 the effective implementation of the JUnit > report remains effectively > unchanged|https://github.com/apache/maven-invoker-plugin/blob/maven-invoker-plugin-3.6.0/src/main/java/org/apache/maven/plugins/invoker/AbstractInvokerMojo.java#L1695-L1754]. > The JUnit report includes a {{}} element ([example > documentation|https://github.com/testmoapp/junitxml]) whose value Maven > Invoker populates with the raw build log contents. I've observed that this > value is XML-escaped, which I imagine is well understood in the > implementation, although I can't immediately find documentation to support > that. > However, escaping notwithstanding, a number of character literals are > outright prohibited by the XML specifications. These literals cannot be > escaped, and their presence renders an XML document not well formed. The > exact set of prohibited characters varies by XML version; the report produced > by the Maven Invoker plugin is XML version 1.0. When the Maven Invoker plugin > reads in the build log it does not strip these character literals and neither > does the XML writer the Maven Invoker plugin relies on. Consequently, if a > build log ends up including a prohibited character the resulting JUnit report > will not be well formed. > The set of prohibited characters is the complement of [the XML > specification's definition of {{Char}}|https://www.w3.org/TR/xml/#NT-Char]. > h2. Example > Among the literals prohibited by XML version 1.0 is {{^H}} (backspace). When > [pitest runs via Maven|https://pitest.org/quickstart/maven/] it prints a > spinner to standard out, and the implementation uses backspace to render the > spinner in place. I have used the Maven Invoker plugin with > {{}} to verify a pitest configuration, whereby I discovered > this limitation. > h2. Remediation > h3. Blame plugins > Perhaps pitest should not behave this way but we can't change pitest, and > even if pitest could be changed that offers no protection against any other > plugin, so blaming plugins is an ineffective course of action. > h3. Work-arounds > The user can manually clean the build log in-place via > {{}}. This is technically fairly easy to do, and makes > the transformation very explicit, but it requires considerable local work to > address an issue many would find obscure and the transformation is > permanently lossy unless the user also backs up the raw log to another file > name. > h3. Strip prohibited literals inside Maven Invoker plugin > If the Maven Invoker plugin learns to strip offending character literals > in-between reading the build log and writing to the {{}} value > then {{}} will Just Work™, which I assert is what a user > will typically expect. Although the {{}} value will no longer > exactly match the build log contents, this lossy translation is acceptable: > the prohibited characters are overwhelmingly unprintable to begin with and > therefore cannot be meaningfully rendered in a static context, and the raw > build log remains unchanged in the event that the user needs to investigate > or assert against the raw output. > This change would be backwards compatible, because any existing user that > would be affected by it would already have unparseable JUnit reports. > * I _believe_ that Java's {{j.u.r.Pattern}} can trivially express the > complement of allowed characters but there may exist more efficient solutions. > * Consider also