cziegeler commented on PR #149:
URL: https://github.com/apache/sling-site/pull/149#issuecomment-1846609480
We all (open source projects, companies) get swamped with automatically
generated security scan reports - these reports have no idea about Maven
scopes, modularity, OSGi, you name it.
+1
Carsten
On 07.12.2023 17:59, Stefan Seifert wrote:
Hi,
We solved 2 issues in this release:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12353706=Text=12310710
Staging repository:
https://repository.apache.org/content/repositories/orgapachesling-2820/
You can use this
+1
Carsten
On 06.12.2023 20:38, Carsten Ziegeler wrote:
Hi,
We solved 1 issue in this release
https://issues.apache.org/jira/browse/SLING-12183
Staging repository:
https://repository.apache.org/content/repositories/orgapachesling-2818/
You can use this UNIX script to download the release
+1
Carsten
On 06.12.2023 20:39, Carsten Ziegeler wrote:
Hi,
We solved 1 issue in this release
https://issues.apache.org/jira/browse/SLING-12182
Staging repository:
https://repository.apache.org/content/repositories/orgapachesling-2819/
You can use this UNIX script to download the release
sonarcloud[bot] commented on PR #32:
URL:
https://github.com/apache/sling-org-apache-sling-testing-jcr-mock/pull/32#issuecomment-1846320186
Kudos, SonarCloud Quality Gate passed! [![Quality Gate
sonarcloud[bot] commented on PR #32:
URL:
https://github.com/apache/sling-org-apache-sling-testing-jcr-mock/pull/32#issuecomment-1846293886
Kudos, SonarCloud Quality Gate passed! [![Quality Gate
sonarcloud[bot] commented on PR #32:
URL:
https://github.com/apache/sling-org-apache-sling-testing-jcr-mock/pull/32#issuecomment-1846266890
SonarCloud Quality Gate failed. [![Quality Gate
enapps-enorman opened a new pull request, #32:
URL: https://github.com/apache/sling-org-apache-sling-testing-jcr-mock/pull/32
When creating a new user via the MockUserManager, the supplied user password
was being ignored.
To allow more real testing around the changing the password,
Eric Norman created SLING-12190:
---
Summary: MockUser should provide more real password handling
Key: SLING-12190
URL: https://issues.apache.org/jira/browse/SLING-12190
Project: Sling
Issue
[
https://issues.apache.org/jira/browse/SLING-12168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Norman resolved SLING-12168.
-
Resolution: Fixed
Merged PR at:
enapps-enorman merged PR #29:
URL: https://github.com/apache/sling-org-apache-sling-testing-jcr-mock/pull/29
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe,
sonarcloud[bot] commented on PR #29:
URL:
https://github.com/apache/sling-org-apache-sling-testing-jcr-mock/pull/29#issuecomment-1846245171
Kudos, SonarCloud Quality Gate passed! [![Quality Gate
sonarcloud[bot] commented on PR #29:
URL:
https://github.com/apache/sling-org-apache-sling-testing-jcr-mock/pull/29#issuecomment-1846101966
Kudos, SonarCloud Quality Gate passed! [![Quality Gate
reschke commented on PR #149:
URL: https://github.com/apache/sling-site/pull/149#issuecomment-1845991101
Throwing in my 2 cents as innocent bystander:
- as a maintainer of an OSS library, I feel offended when people keep
referencing an EOLd version of the library for no good reason
enapps-enorman merged PR #22:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-usermanager/pull/22
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To
[
https://issues.apache.org/jira/browse/SLING-12185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Norman resolved SLING-12185.
-
Resolution: Fixed
Merged PR at:
kwin commented on PR #149:
URL: https://github.com/apache/sling-site/pull/149#issuecomment-1845921415
Obviously we don't agree here, so I would appreciate to hear other opinions
@cziegeler and @rombert...
--
This is an automated message from the Apache Git Service.
To respond to the
[
https://issues.apache.org/jira/browse/SLING-12186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus updated SLING-12186:
Summary: Automatic code formatting with spotless-maven-plugin (was:
Automatic code
enapps-enorman commented on PR #149:
URL: https://github.com/apache/sling-site/pull/149#issuecomment-1845916081
> Just raising the dependencies to get rid of vulnerabilities is not useful!
That is just not true at all. There is value in not getting a bunch of
false positives from
kwin commented on PR #149:
URL: https://github.com/apache/sling-site/pull/149#issuecomment-1845912559
Raising a dependency is totally fine if your require certain features or new
API only available in a newer version. Just raising the dependencies to get rid
of vulnerabilities is not
enapps-enorman commented on PR #149:
URL: https://github.com/apache/sling-site/pull/149#issuecomment-1845910165
> e.g. a vulnerability in Commons IO or Commons Lang
commons-io has not had a known security vulnerability since version 2.6
(released on May 27, 2020)
commons-lang3 has
dependabot[bot] opened a new pull request, #1:
URL: https://github.com/apache/sling-org-apache-sling-jcr-filetransfer/pull/1
Bumps [org.apache.sshd:sshd-sftp](https://github.com/apache/mina-sshd) from
2.0.0 to 2.9.3.
Release notes
Sourced from
+1
stefan
+1
stefan
+1
stefan
Hi,
We solved 2 issues in this release:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12353706=Text=12310710
Staging repository:
https://repository.apache.org/content/repositories/orgapachesling-2820/
You can use this UNIX script to download the release and verify the
[
https://issues.apache.org/jira/browse/SLING-12189?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler resolved SLING-12189.
--
Resolution: Fixed
Carsten Ziegeler created SLING-12189:
Summary: Improve RuntimeExtension registry
Key: SLING-12189
URL: https://issues.apache.org/jira/browse/SLING-12189
Project: Sling
Issue Type:
[
https://issues.apache.org/jira/browse/SLING-12188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler resolved SLING-12188.
--
Resolution: Fixed
Carsten Ziegeler created SLING-12188:
Summary: Use ResourceResolverFactory getSearchPath
Key: SLING-12188
URL: https://issues.apache.org/jira/browse/SLING-12188
Project: Sling
Issue
Given this input I change my vote to +1
Konrad
> On 7. Dec 2023, at 16:30, Carsten Ziegeler wrote:
>
> Thanks Konrad,
>
> tbh I don't know. As there is no provide capability yet on the API, I think
> we are totally fine with continuing the release.
>
> If there is anyone out there with such
Thanks Konrad,
tbh I don't know. As there is no provide capability yet on the API, I
think we are totally fine with continuing the release.
If there is anyone out there with such a thing in a manifest, it will
not resolve if any solution that exists out there. So that is not
specific to our
Hi Carsten,
I only voted -1 due to the missing provided capability, but I am unsure about
the impact.
The other issues are not blocking a release from my perspective.
I would appreciate you commenting on the actual issue here.
Is it possible that consumers of JSON-P 2.0 or JSON-P 2.1 ever end
Regarding the main branch, it seems the mvn release process did not do
the final push; seems to be a regression somewhere
Just did it manually
Carsten
On 07.12.2023 10:39, Konrad Windszus wrote:
Hi,
-1 from my side because the manifest does not contain the necessary
"Provide-Capability:
I find it very strange to base a -1 on these minor issues
On 07.12.2023 10:39, Konrad Windszus wrote:
Hi,
-1 from my side because the manifest does not contain the necessary
"Provide-Capability: osgi.contract;osgi.contract=JavaJSONP".
Probably a regression in Johnzon itself.
Also the readme
[
https://issues.apache.org/jira/browse/SLING-12187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Seifert resolved SLING-12187.
Resolution: Fixed
stefanseifert merged PR #35:
URL: https://github.com/apache/sling-org-apache-sling-testing-sling-mock/pull/35
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe,
sonarcloud[bot] commented on PR #35:
URL:
https://github.com/apache/sling-org-apache-sling-testing-sling-mock/pull/35#issuecomment-1845280658
Kudos, SonarCloud Quality Gate passed! [![Quality Gate
stefanseifert opened a new pull request, #35:
URL: https://github.com/apache/sling-org-apache-sling-testing-sling-mock/pull/35
https://issues.apache.org/jira/browse/SLING-12187
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub
Stefan Seifert created SLING-12187:
--
Summary: sling-mock: Make compatbile with Sling XSS 2.4.0
Key: SLING-12187
URL: https://issues.apache.org/jira/browse/SLING-12187
Project: Sling
Issue
[
https://issues.apache.org/jira/browse/SLING-12186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus updated SLING-12186:
Description:
As discussed in
[
https://issues.apache.org/jira/browse/SLING-12186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus updated SLING-12186:
Description:
As discussed in
Konrad Windszus created SLING-12186:
---
Summary: Automatic code formatting with spotless-maven-pllugin
Key: SLING-12186
URL: https://issues.apache.org/jira/browse/SLING-12186
Project: Sling
-
[INFO] [jenkins-event-spy] Generated
/home/jenkins/workspace/_org-apache-sling-starter_master/jdk_11_latest@tmp/withMaven8d49fd2c/maven-spy-20231207-112817-7343402895673377816500.log
[Pipeline] }
[withMaven] artifactsPublisher - Archive artifact pom
> Sure, any candidate(s) you have in mind? Then I can prepare a PR with the
> proposed changes.
> Konrad
e.g. models-api and models-impl
we have to keep in mind that once we apply one-time reformatting of the code
base, all open PRs might be in conflict and will only be mergeable with manual
+1 - for automatic code checking and optional formatting
If it's fast enough, I like having these kind of checks in an early
build-phase. If it only fails late, i.e. on verify or install, that
somehow feels more disruptive to me.
Regards
Julian
On Wed, Dec 6, 2023 at 1:44 PM Konrad Windszus
According to https://docs.osgi.org/reference/portable-java-contracts.html the
new contract name is “JakartaJSONProcessing” but it isn’t contained in the
Manifest of
https://repo1.maven.org/maven2/jakarta/json/jakarta.json-api/2.1.1/jakarta.json-api-2.1.1.jar
either. I opened
Hi,
-1 from my side because the manifest does not contain the necessary
"Provide-Capability: osgi.contract;osgi.contract=JavaJSONP".
Probably a regression in Johnzon itself.
Also the readme should be clarified that this implements JSON-P 2.1.1.
As Johnzon now requires Java 11
+1
regards,
Karl
On Wed, Dec 6, 2023 at 8:40 PM Carsten Ziegeler wrote:
>
> Hi,
>
> We solved 1 issue in this release
> https://issues.apache.org/jira/browse/SLING-12183
>
> Staging repository:
> https://repository.apache.org/content/repositories/orgapachesling-2818/
>
> You can use this UNIX
+1
regards,
Karl
On Wed, Dec 6, 2023 at 8:39 PM Carsten Ziegeler wrote:
>
> Hi,
>
> We solved 1 issue in this release
> https://issues.apache.org/jira/browse/SLING-12182
>
> Staging repository:
> https://repository.apache.org/content/repositories/orgapachesling-2819/
>
> You can use this UNIX
sonarcloud[bot] commented on PR #22:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-usermanager/pull/22#issuecomment-1844895721
Kudos, SonarCloud Quality Gate passed! [