[GitHub] [tomcat-taglibs-standard] dependabot[bot] opened a new pull request, #7: Bump taglibs-standard-impl from 1.2.3-SNAPSHOT to 1.2.3 in /standard-test

[GitBox]

dependabot[bot] opened a new pull request, #7:
URL: https://github.com/apache/tomcat-taglibs-standard/pull/7

   Bumps taglibs-standard-impl from 1.2.3-SNAPSHOT to 1.2.3.
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.taglibs:taglibs-standard-impl=maven=1.2.3-SNAPSHOT=1.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   Dependabot commands and options
   
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   - `@dependabot use these labels` will set the current labels as the default 
for future PRs for this repo and language
   - `@dependabot use these reviewers` will set the current reviewers as the 
default for future PRs for this repo and language
   - `@dependabot use these assignees` will set the current assignees as the 
default for future PRs for this repo and language
   - `@dependabot use this milestone` will set the current milestone as the 
default for future PRs for this repo and language
   
   You can disable automated security fix PRs for this repo from the [Security 
Alerts page](https://github.com/apache/tomcat-taglibs-standard/network/alerts).
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-taglibs-standard] dependabot[bot] opened a new pull request, #6: Bump junit from 4.8.1 to 4.13.1

[GitBox]

dependabot[bot] opened a new pull request, #6:
URL: https://github.com/apache/tomcat-taglibs-standard/pull/6

   Bumps [junit](https://github.com/junit-team/junit4) from 4.8.1 to 4.13.1.
   
   Release notes
   Sourced from https://github.com/junit-team/junit4/releases;>junit's 
releases.
   
   JUnit 4.13.1
   Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.13.1.md;>release
 notes for details.
   JUnit 4.13
   Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.13.md;>release
 notes for details.
   JUnit 4.13 RC 2
   Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes;>release 
notes for details.
   JUnit 4.13 RC 1
   Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes;>release 
notes for details.
   JUnit 4.13 Beta 3
   Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes;>release 
notes for details.
   JUnit 4.13 Beta 2
   Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes;>release 
notes for details.
   JUnit 4.13 Beta 1
   Please refer to the https://github.com/junit-team/junit4/wiki/4.13-Release-Notes;>release 
notes for details.
   JUnit 4.12
   Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.12.md;>release
 notes for details.
   JUnit 4.12 Beta 3
   Please refer to the https://github.com/junit-team/junit/blob/HEAD/doc/ReleaseNotes4.12.md;>release
 notes for details.
   JUnit 4.12 Beta 2
   No release notes provided.
   JUnit 4.12 Beta 1
   No release notes provided.
   JUnit 4.11
   No release notes provided.
   
   
   
   Changelog
   Sourced from https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.1.md;>junit's
 changelog.
   
   Summary of changes in version 4.13.1
   Rules
   Security fix: TemporaryFolder now limits access to 
temporary folders on Java 1.7 or later
   A local information disclosure vulnerability in 
TemporaryFolder has been fixed. See the published https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp;>security
 advisory for details.
   Test Runners
   [Pull request https://github-redirect.dependabot.com/junit-team/junit4/issues/1669;>#1669:](https://github-redirect.dependabot.com/junit-team/junit/pull/1669;>junit-team/junit#1669)
 Make FrameworkField constructor public
   Prior to this change, custom runners could make 
FrameworkMethod instances, but not FrameworkField 
instances. This small change allows for both now, because 
FrameworkField's constructor has been promoted from 
package-private to public.
   
   
   
   Commits
   
   https://github.com/junit-team/junit4/commit/1b683f4ec07bcfa40149f086d32240f805487e66;>1b683f4
 [maven-release-plugin] prepare release r4.13.1
   https://github.com/junit-team/junit4/commit/ce6ce3aadc070db2902698fe0d3dc6729cd631f2;>ce6ce3a
 Draft 4.13.1 release notes
   https://github.com/junit-team/junit4/commit/c29dd8239d6b353e699397eb090a1fd27411fa24;>c29dd82
 Change version to 4.13.1-SNAPSHOT
   https://github.com/junit-team/junit4/commit/1d174861f0b64f97ab0722bb324a760bfb02f567;>1d17486
 Add a link to assertThrows in exception testing
   https://github.com/junit-team/junit4/commit/543905df72ff10364b94dda27552efebf3dd04e9;>543905d
 Use separate line for annotation in Javadoc
   https://github.com/junit-team/junit4/commit/510e906b391e7e46a346e1c852416dc7be934944;>510e906
 Add sub headlines to class Javadoc
   https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae;>610155b
 Merge pull request from GHSA-269g-pwp5-87pp
   https://github.com/junit-team/junit4/commit/b6cfd1e3d736cc2106242a8be799615b472c7fec;>b6cfd1e
 Explicitly wrap float parameter for consistency (https://github-redirect.dependabot.com/junit-team/junit4/issues/1671;>#1671)
   https://github.com/junit-team/junit4/commit/a5d205c7956dbed302b3bb5ecde5ba4299f0b646;>a5d205c
 Fix GitHub link in FAQ (https://github-redirect.dependabot.com/junit-team/junit4/issues/1672;>#1672)
   https://github.com/junit-team/junit4/commit/3a5c6b4d08f408c8ca6a8e0bae71a9bc5a8f97e8;>3a5c6b4
 Deprecated since jdk9 replacing constructor instance of Double and Float (https://github-redirect.dependabot.com/junit-team/junit4/issues/1660;>#1660)
   Additional commits viewable in https://github.com/junit-team/junit4/compare/r4.8.1...r4.13.1;>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=junit:junit=maven=4.8.1=4.13.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   
   

[GitHub] [tomcat] karacz opened a new pull request, #575: bug 66419

[GitBox]

karacz opened a new pull request, #575:
URL: https://github.com/apache/tomcat/pull/575

   Fix for the bug https://bz.apache.org/bugzilla/show_bug.cgi?id=66419


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf closed pull request #572: 66370-Fix for Boolean System property lookup with Security Manager enabled

[GitBox]

markt-asf closed pull request #572: 66370-Fix for Boolean System property 
lookup with Security Manager enabled
URL: https://github.com/apache/tomcat/pull/572


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on pull request #572: 66370-Fix for Boolean System property lookup with Security Manager enabled

[GitBox]

markt-asf commented on PR #572:
URL: https://github.com/apache/tomcat/pull/572#issuecomment-1371172938

   The PR will not be applied.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf closed pull request #574: Update web.xml

[GitBox]

markt-asf closed pull request #574: Update web.xml
URL: https://github.com/apache/tomcat/pull/574


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on pull request #574: Update web.xml

[GitBox]

markt-asf commented on PR #574:
URL: https://github.com/apache/tomcat/pull/574#issuecomment-1366474879

   No prior discussion.
   No justification for change.
   Change removes explanatory comment.
   Change uses inconsistent indent.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] dhirajk4 opened a new pull request, #574: Update web.xml

[GitBox]

dhirajk4 opened a new pull request, #574:
URL: https://github.com/apache/tomcat/pull/574

   change file size 50 to 250


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] aooohan closed pull request #573: fix 66382 for build.xml have includ unfound path

[GitBox]

aooohan closed pull request #573: fix 66382 for build.xml have includ unfound 
path 
URL: https://github.com/apache/tomcat/pull/573


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] aooohan commented on pull request #573: fix 66382 for build.xml have includ unfound path

[GitBox]

aooohan commented on PR #573:
URL: https://github.com/apache/tomcat/pull/573#issuecomment-1344002368

   Merged manually. Thanks.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] snifferhu opened a new pull request, #573: fix 66382 for build.xml have includ unfound path

[GitBox]

snifferhu opened a new pull request, #573:
URL: https://github.com/apache/tomcat/pull/573

   remove include org.apache.jk


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-training] dependabot[bot] opened a new pull request, #12: Bump express from 4.16.3 to 4.17.3

[GitBox]

dependabot[bot] opened a new pull request, #12:
URL: https://github.com/apache/tomcat-training/pull/12

   Bumps [express](https://github.com/expressjs/express) from 4.16.3 to 4.17.3.
   
   Release notes
   Sourced from https://github.com/expressjs/express/releases;>express's 
releases.
   
   4.17.3
   
   deps: accepts@~1.3.8
   
   deps: mime-types@~2.1.34
   deps: negotiator@0.6.3
   
   
   deps: body-parser@1.19.2
   
   deps: bytes@3.1.2
   deps: qs@6.9.7
   deps: raw-body@2.4.3
   
   
   deps: cookie@0.4.2
   deps: qs@6.9.7
   
   Fix handling of __proto__ keys
   
   
   pref: remove unnecessary regexp for trust proxy
   
   4.17.2
   
   Fix handling of undefined in res.jsonp
   Fix handling of undefined when json 
escape is enabled
   Fix incorrect middleware execution with unanchored 
RegExps
   Fix res.jsonp(obj, status) deprecation message
   Fix typo in res.is JSDoc
   deps: body-parser@1.19.1
   
   deps: bytes@3.1.1
   deps: http-errors@1.8.1
   deps: qs@6.9.6
   deps: raw-body@2.4.2
   deps: safe-buffer@5.2.1
   deps: type-is@~1.6.18
   
   
   deps: content-disposition@0.5.4
   
   deps: safe-buffer@5.2.1
   
   
   deps: cookie@0.4.1
   
   Fix maxAge option to reject invalid values
   
   
   deps: proxy-addr@~2.0.7
   
   Use req.socket over deprecated 
req.connection
   deps: forwarded@0.2.0
   deps: ipaddr.js@1.9.1
   
   
   deps: qs@6.9.6
   deps: safe-buffer@5.2.1
   deps: send@0.17.2
   
   deps: http-errors@1.8.1
   deps: ms@2.1.3
   pref: ignore empty http tokens
   
   
   deps: serve-static@1.14.2
   
   deps: send@0.17.2
   
   
   deps: setprototypeof@1.2.0
   
   4.17.1
   
   Revert Improve error message for 
null/undefined to res.status
   
   4.17.0
   
   Add express.raw to parse bodies into 
Buffer
   Add express.text to parse bodies into string
   
   
   
   ... (truncated)
   
   
   Changelog
   Sourced from https://github.com/expressjs/express/blob/master/History.md;>express's 
changelog.
   
   4.17.3 / 2022-02-16
   
   deps: accepts@~1.3.8
   
   deps: mime-types@~2.1.34
   deps: negotiator@0.6.3
   
   
   deps: body-parser@1.19.2
   
   deps: bytes@3.1.2
   deps: qs@6.9.7
   deps: raw-body@2.4.3
   
   
   deps: cookie@0.4.2
   deps: qs@6.9.7
   
   Fix handling of __proto__ keys
   
   
   pref: remove unnecessary regexp for trust proxy
   
   4.17.2 / 2021-12-16
   
   Fix handling of undefined in res.jsonp
   Fix handling of undefined when json 
escape is enabled
   Fix incorrect middleware execution with unanchored 
RegExps
   Fix res.jsonp(obj, status) deprecation message
   Fix typo in res.is JSDoc
   deps: body-parser@1.19.1
   
   deps: bytes@3.1.1
   deps: http-errors@1.8.1
   deps: qs@6.9.6
   deps: raw-body@2.4.2
   deps: safe-buffer@5.2.1
   deps: type-is@~1.6.18
   
   
   deps: content-disposition@0.5.4
   
   deps: safe-buffer@5.2.1
   
   
   deps: cookie@0.4.1
   
   Fix maxAge option to reject invalid values
   
   
   deps: proxy-addr@~2.0.7
   
   Use req.socket over deprecated 
req.connection
   deps: forwarded@0.2.0
   deps: ipaddr.js@1.9.1
   
   
   deps: qs@6.9.6
   deps: safe-buffer@5.2.1
   deps: send@0.17.2
   
   deps: http-errors@1.8.1
   deps: ms@2.1.3
   pref: ignore empty http tokens
   
   
   deps: serve-static@1.14.2
   
   deps: send@0.17.2
   
   
   deps: setprototypeof@1.2.0
   
   4.17.1 / 2019-05-25
   
   
   ... (truncated)
   
   
   Commits
   
   https://github.com/expressjs/express/commit/3d7fce56a35f4f73fa437866cd1401587a212334;>3d7fce5
 4.17.3
   https://github.com/expressjs/express/commit/f9063712e01979588818b0756851053b5ee43d09;>f906371
 build: update example dependencies
   https://github.com/expressjs/express/commit/6381bc6317ec8ffbf830e2d16677e4b5af37cc08;>6381bc6
 deps: qs@6.9.7
   https://github.com/expressjs/express/commit/a00786309641731661edb4d826a6919330887ca7;>a007863
 deps: body-parser@1.19.2
   https://github.com/expressjs/express/commit/e98f5848a0a496c0977a2d1734067b77f69de360;>e98f584
 Revert build: use minimatch@3.0.4 for Node.js  4
   https://github.com/expressjs/express/commit/a65913776d0b16837364ee66caa1a7f38a9997c0;>a659137
 tests: use strict mode
   https://github.com/expressjs/express/commit/a39e409cf3739ef9c9b597a9680813a34c3931c2;>a39e409
 tests: prevent leaking changes to NODE_ENV
   https://github.com/expressjs/express/commit/82de4de5ab92e8237d713285104e4b8452927352;>82de4de
 examples: fix path traversal in downloads example
   https://github.com/expressjs/express/commit/12310c52947ee159f7ecd63d125243cdca891135;>12310c5
 build: use nyc for test coverage
   https://github.com/expressjs/express/commit/884657d54665f323c236055d6e3d3e85d96e5f08;>884657d
 examples: remove bitwise syntax for includes check
   Additional commits viewable in https://github.com/expressjs/express/compare/4.16.3...4.17.3;>compare 
view
   
   
   
   
   
   [![Dependabot compatibility 

[GitHub] [tomcat] ChristopherSchultz commented on pull request #572: 66370-Fix for Boolean System property lookup with Security Manager enabled

[GitBox]

ChristopherSchultz commented on PR #572:
URL: https://github.com/apache/tomcat/pull/572#issuecomment-1341716603

   You should read both 
https://lists.apache.org/thread/66djc4j4ybz45ponly0x5g94oyt844cm and 
https://lists.apache.org/thread/7w4x90zwp3qhn9qopbhmg5wponcc468n in their 
entirety to see the thought-process(es) here.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] isaacrivriv commented on pull request #572: 66370-Fix for Boolean System property lookup with Security Manager enabled

[GitBox]

isaacrivriv commented on PR #572:
URL: https://github.com/apache/tomcat/pull/572#issuecomment-1341392982

   Yes I saw that, my question was more as to why by default the property was 
made to disable the security manager. There are other areas of code where the 
security manager is used but there are no properties to disable them. This is 
why I suggest in this PR to update the property in order to keep the same 
behavior as the other areas of code that use the security manager if enabled by 
default. We could use `org.apache.el.GET_CLASSLOADER_IGNORE_PRIVILEGED` instead 
of `org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED` to disable or enable the 
security manager in this case which would still have the benefits listed in 
that issue to not use the security manager but would need to be manually set.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] lalo-mx commented on pull request #572: 66370-Fix for Boolean System property lookup with Security Manager enabled

[GitBox]

lalo-mx commented on PR #572:
URL: https://github.com/apache/tomcat/pull/572#issuecomment-1341125405

   See https://bz.apache.org/bugzilla/show_bug.cgi?id=66294


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-training] dependabot[bot] opened a new pull request, #11: Bump qs

[GitBox]

dependabot[bot] opened a new pull request, #11:
URL: https://github.com/apache/tomcat-training/pull/11

   Bumps [qs](https://github.com/ljharb/qs) and 
[qs](https://github.com/ljharb/qs). These dependencies needed to be updated 
together.
   Updates `qs` from 6.5.1 to 6.5.3
   
   Changelog
   Sourced from https://github.com/ljharb/qs/blob/main/CHANGELOG.md;>qs's 
changelog.
   
   6.5.3
   
   [Fix] parse: ignore __proto__ keys (https://github-redirect.dependabot.com/ljharb/qs/issues/428;>#428)
   [Fix] utils.merge`: avoid a crash with a null target and a 
truthy non-array source
   [Fix] correctly parse nested arrays
   [Fix] stringify: fix a crash with 
strictNullHandling and a custom 
filter/serializeDate (https://github-redirect.dependabot.com/ljharb/qs/issues/279;>#279)
   [Fix] utils: merge: fix crash when 
source is a truthy primitive  no options are provided
   [Fix] when parseArrays is false, properly handle keys 
ending in []
   [Fix] fix for an impossible situation: when the formatter is called with 
a non-string value
   [Fix] utils.merge: avoid a crash with a null target and an 
array source
   [Refactor] utils: reduce observable [[Get]]s
   [Refactor] use cached Array.isArray
   [Refactor] stringify: Avoid arr = arr.concat(...), push to 
the existing instance (https://github-redirect.dependabot.com/ljharb/qs/issues/269;>#269)
   [Refactor] parse: only need to reassign the var once
   [Robustness] stringify: avoid relying on a global 
undefined (https://github-redirect.dependabot.com/ljharb/qs/issues/427;>#427)
   [readme] remove travis badge; add github actions/codecov badges; update 
URLs
   [Docs] Clean up license text so it’s properly detected as 
BSD-3-Clause
   [Docs] Clarify the need for arrayLimit option
   [meta] fix README.md (https://github-redirect.dependabot.com/ljharb/qs/issues/399;>#399)
   [meta] add FUNDING.yml
   [actions] backport actions from main
   [Tests] always use String(x) over 
x.toString()
   [Tests] remove nonexistent tape option
   [Dev Deps] backport from main
   
   6.5.2
   
   [Fix] use safer-buffer instead of Buffer 
constructor
   [Refactor] utils: module.exports one thing, instead of 
mutating exports (https://github-redirect.dependabot.com/ljharb/qs/issues/230;>#230)
   [Dev Deps] update browserify, eslint, 
iconv-lite, safer-buffer, tape, 
browserify
   
   
   
   
   Commits
   
   https://github.com/ljharb/qs/commit/298bfa55d6db00ddea78dd0333509aadf9bb3077;>298bfa5
 v6.5.3
   https://github.com/ljharb/qs/commit/ed0f5dcbef4b168a8ae299d78b1e4a2e9b1baf1f;>ed0f5dc
 [Fix] parse: ignore __proto__ keys (https://github-redirect.dependabot.com/ljharb/qs/issues/428;>#428)
   https://github.com/ljharb/qs/commit/691e739cfa40cd42604dc05a54e6154371a429ab;>691e739
 [Robustness] stringify: avoid relying on a global 
undefined (https://github-redirect.dependabot.com/ljharb/qs/issues/427;>#427)
   https://github.com/ljharb/qs/commit/1072d57d38a690e1ad7616dced44390bffedcbb2;>1072d57
 [readme] remove travis badge; add github actions/codecov badges; update 
URLs
   https://github.com/ljharb/qs/commit/12ac1c403aaa04d1a34844f514ed9f9abfb76e64;>12ac1c4
 [meta] fix README.md (https://github-redirect.dependabot.com/ljharb/qs/issues/399;>#399)
   https://github.com/ljharb/qs/commit/0338716b09fdbd4711823eeb0a14e556a2498e7a;>0338716
 [actions] backport actions from main
   https://github.com/ljharb/qs/commit/5639c20ce0a7c1332200a3181339331483e5a3a1;>5639c20
 Clean up license text so it’s properly detected as BSD-3-Clause
   https://github.com/ljharb/qs/commit/51b8a0b1b213596dd1702b837f5e7dec2229793d;>51b8a0b
 add FUNDING.yml
   https://github.com/ljharb/qs/commit/45f675936e742d92fac8d4dae5cfc385c576a977;>45f6759
 [Fix] fix for an impossible situation: when the formatter is called with a 
no...
   https://github.com/ljharb/qs/commit/f814a7f8f2af059f8158f7e4b2bf8b46aeb62cd3;>f814a7f
 [Dev Deps] backport from main
   Additional commits viewable in https://github.com/ljharb/qs/compare/v6.5.1...v6.5.3;>compare 
view
   
   
   
   
   Updates `qs` from 6.3.2 to 6.5.3
   
   Changelog
   Sourced from https://github.com/ljharb/qs/blob/main/CHANGELOG.md;>qs's 
changelog.
   
   6.5.3
   
   [Fix] parse: ignore __proto__ keys (https://github-redirect.dependabot.com/ljharb/qs/issues/428;>#428)
   [Fix] utils.merge`: avoid a crash with a null target and a 
truthy non-array source
   [Fix] correctly parse nested arrays
   [Fix] stringify: fix a crash with 
strictNullHandling and a custom 
filter/serializeDate (https://github-redirect.dependabot.com/ljharb/qs/issues/279;>#279)
   [Fix] utils: merge: fix crash when 
source is a truthy primitive  no options are provided
   [Fix] when parseArrays is false, properly handle keys 
ending in []
   [Fix] fix for an impossible situation: when the formatter is called with 
a non-string value
   [Fix] utils.merge: avoid a crash with a null target and an 
array source
   [Refactor] utils: reduce observable [[Get]]s
   [Refactor] use cached 

[GitHub] [tomcat-jakartaee-migration] rmaucher closed pull request #41: Avoid bcel thread safety issue

[GitBox]

rmaucher closed pull request #41: Avoid bcel thread safety issue
URL: https://github.com/apache/tomcat-jakartaee-migration/pull/41


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] rmaucher commented on pull request #41: Avoid bcel thread safety issue

[GitBox]

rmaucher commented on PR #41:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/41#issuecomment-1334920596

   Nice trick. I didn't try to reproduce it, but given the stack trace it seems 
useful. Thanks for the PR. This will be in 1.0.6.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] rmaucher closed pull request #40: Fix issues with annotations packages

[GitBox]

rmaucher closed pull request #40: Fix issues with annotations packages
URL: https://github.com/apache/tomcat-jakartaee-migration/pull/40


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] rmaucher commented on pull request #40: Fix issues with annotations packages

[GitBox]

rmaucher commented on PR #40:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/40#issuecomment-1334909213

   Thanks for the PR. Merged manually and this will be in 1.0.6.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas opened a new pull request, #41: Avoid bcel thread safety issue

[GitBox]

DanielThomas opened a new pull request, #41:
URL: https://github.com/apache/tomcat-jakartaee-migration/pull/41

   Allow `ClassConverter` to be used safely in parallel by avoiding 
`ConcurrentModificationException` from `SyntheticRepository` for the default 
`getInstance`:
   ```
   java.util.ConcurrentModificationException: (No message provided)
at java.util.HashMap.computeIfAbsent(HashMap.java:1221) 
at 
org.apache.bcel.util.SyntheticRepository.getInstance(SyntheticRepository.java:44)

at 
org.apache.bcel.util.SyntheticRepository.getInstance(SyntheticRepository.java:40)

at org.apache.bcel.classfile.JavaClass.(JavaClass.java:139)   
at org.apache.bcel.classfile.ClassParser.parse(ClassParser.java:180)
at 
org.apache.tomcat.jakartaee.ClassConverter.convertInternal(ClassConverter.java:86)
   
at 
org.apache.tomcat.jakartaee.ClassConverter.convert(ClassConverter.java:63)   
at 
org.apache.tomcat.jakartaee.Migration.migrateStream(Migration.java:346)  
at 
org.apache.tomcat.jakartaee.Migration.migrateArchiveStreaming(Migration.java:277)

at 
org.apache.tomcat.jakartaee.Migration.migrateStream(Migration.java:340)  
at 
org.apache.tomcat.jakartaee.Migration.migrateFile(Migration.java:233)
at org.apache.tomcat.jakartaee.Migration.execute(Migration.java:199)
at org.apache.tomcat.jakartaee.Migration$execute$3.call(Unknown Source)
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas opened a new pull request, #40: Fix issues with annotations packages

[GitBox]

DanielThomas opened a new pull request, #40:
URL: https://github.com/apache/tomcat-jakartaee-migration/pull/40

   With more testing we found a couple of issues with my changes for 
https://github.com/apache/tomcat-jakartaee-migration/pull/37. Add more tests 
and fix the issues with the patterns for annotations.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] isaacrivriv opened a new pull request, #572: 66370-Fix for Boolean System property lookup with Security Manager enabled

[GitBox]

isaacrivriv opened a new pull request, #572:
URL: https://github.com/apache/tomcat/pull/572

   https://bz.apache.org/bugzilla/show_bug.cgi?id=66370


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf closed pull request #565: updated link to download cvs

[GitBox]

markt-asf closed pull request #565: updated link to download cvs
URL: https://github.com/apache/tomcat/pull/565


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on pull request #565: updated link to download cvs

[GitBox]

markt-asf commented on PR #565:
URL: https://github.com/apache/tomcat/pull/565#issuecomment-1332484054

   I've updated the docs to use more generic language.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf closed pull request #571: some el implements spi loader not support comment line

[GitBox]

markt-asf closed pull request #571: some el implements spi loader not support 
comment line
URL: https://github.com/apache/tomcat/pull/571


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on pull request #571: some el implements spi loader not support comment line

[GitBox]

markt-asf commented on PR #571:
URL: https://github.com/apache/tomcat/pull/571#issuecomment-1332407078

   This is a WONTFIX.
   
   EL implementations that do not ignore comment lines are broken and should be 
fixed. The Tomcat project's default position is that we do not change Tomcat to 
workaround other people's broken code.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] laeubi commented on issue #39: Fix (remove) "javax.servlet.*" package version when processing the MANIFEST.MF

[GitBox]

laeubi commented on issue #39:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/issues/39#issuecomment-1327302693

   > Removing or updating the version constraint to include 5 will fix the 
problem.
   
   I think the real fix would be that the converter enters the appropriate 
version range it converts to, e.g. `[5, 6)` in this case or use the [Portable 
Java Contract 
Definitions](https://docs.osgi.org/reference/portable-java-contracts.html#portable-java-contract-definitions)
 instead.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] ifurnadjiev opened a new issue, #39: Fix (remove) "javax.servlet.*" package version when processing the MANIFEST.MF

[GitBox]

ifurnadjiev opened a new issue, #39:
URL: https://github.com/apache/tomcat-jakartaee-migration/issues/39

   When "javax.servlet.*" package is specified in the MANIFEST.MF with version 
constraints like:
   
   ```
   Import-Package: javax.servlet;version="[3.1.0,5.0.0)",
javax.servlet.http;version="[3.1.0,5.0.0)",
   ```
   
   it is converted to:
   
   ```
   Import-Package: jakarta.servlet;version="[3.1.0,5.0.0)",
jakarta.servlet.http;version="[3.1.0,5.0.0)",
   ```
   
   and leads to unresolved dependencies in OSGi environment.
   Removing or updating the version constraint to include 5 will fix the 
problem.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf merged pull request #569: Refine native resources metadata

[GitBox]

markt-asf merged PR #569:
URL: https://github.com/apache/tomcat/pull/569


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-training] dependabot[bot] closed pull request #7: Bump engine.io from 1.8.5 to 3.6.0

[GitBox]

dependabot[bot] closed pull request #7: Bump engine.io from 1.8.5 to 3.6.0
URL: https://github.com/apache/tomcat-training/pull/7


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-training] dependabot[bot] commented on pull request #7: Bump engine.io from 1.8.5 to 3.6.0

[GitBox]

dependabot[bot] commented on PR #7:
URL: https://github.com/apache/tomcat-training/pull/7#issuecomment-1323316120

   Superseded by #10.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-training] dependabot[bot] opened a new pull request, #10: Bump engine.io from 1.8.5 to 3.6.1

[GitBox]

dependabot[bot] opened a new pull request, #10:
URL: https://github.com/apache/tomcat-training/pull/10

   Bumps [engine.io](https://github.com/socketio/engine.io) from 1.8.5 to 3.6.1.
   
   Release notes
   Sourced from https://github.com/socketio/engine.io/releases;>engine.io's 
releases.
   
   3.6.1
   :warning: This release contains an important security fix :warning:
   A malicious client could send a specially crafted HTTP request, 
triggering an uncaught exception and killing the Node.js process:
   Error: read ECONNRESET
   at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
   Emitted 'error' event on Socket instance at:
   at emitErrorNT (internal/streams/destroy.js:106:8)
   at emitErrorCloseNT (internal/streams/destroy.js:74:3)
   at processTicksAndRejections (internal/process/task_queues.js:80:21) {
 errno: -104,
 code: 'ECONNRESET',
 syscall: 'read'
   }
   
   Please upgrade as soon as possible.
   Bug Fixes
   
   catch errors when destroying invalid upgrades (https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085;>83c4071)
   
   3.6.0
   Bug Fixes
   
   add extension in the package.json main entry (https://github-redirect.dependabot.com/socketio/engine.io/issues/608;>#608)
 (https://github.com/socketio/engine.io/commit/3ad0567dbd57cfb7c2ff4e8b7488d80f37022b4a;>3ad0567)
   do not reset the ping timer after upgrade (https://github.com/socketio/engine.io/commit/1f5d4699862afee1e410fcb0e1f5e751ebcd2f9f;>1f5d469)
   
   Features
   
   decrease the default value of maxHttpBufferSize (https://github.com/socketio/engine.io/commit/58e274c437e9cbcf69fd913c813aad8fbd253703;>58e274c)
   
   This change reduces the default value from 100 mb to a more sane 1 mb.
   This helps protect the server against denial of service attacks by 
malicious clients sending huge amounts of data.
   See also: https://github.com/advisories/GHSA-j4f2-536g-r55m;>https://github.com/advisories/GHSA-j4f2-536g-r55m
   
   increase the default value of pingTimeout (https://github.com/socketio/engine.io/commit/f55a79a28a5fbc6c9edae876dd11308b89cc979e;>f55a79a)
   
   Links
   
   Diff: https://github.com/socketio/engine.io/compare/3.5.0...3.6.0;>https://github.com/socketio/engine.io/compare/3.5.0...3.6.0
   Client release: -
   
   
   
   ... (truncated)
   
   
   Changelog
   Sourced from https://github.com/socketio/engine.io/blob/main/CHANGELOG.md;>engine.io's 
changelog.
   
   https://github.com/socketio/engine.io/compare/3.6.0...3.6.1;>3.6.1 
(2022-11-20)
   :warning: This release contains an important security fix :warning:
   A malicious client could send a specially crafted HTTP request, 
triggering an uncaught exception and killing the Node.js process:
   Error: read ECONNRESET
   at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
   Emitted 'error' event on Socket instance at:
   at emitErrorNT (internal/streams/destroy.js:106:8)
   at emitErrorCloseNT (internal/streams/destroy.js:74:3)
   at processTicksAndRejections (internal/process/task_queues.js:80:21) {
 errno: -104,
 code: 'ECONNRESET',
 syscall: 'read'
   }
   
   Please upgrade as soon as possible.
   Bug Fixes
   
   catch errors when destroying invalid upgrades (https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085;>83c4071)
   
   https://github.com/socketio/engine.io/compare/6.2.0...6.2.1;>6.2.1 
(2022-11-20)
   :warning: This release contains an important security fix :warning:
   A malicious client could send a specially crafted HTTP request, 
triggering an uncaught exception and killing the Node.js process:
   Error: read ECONNRESET
   at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
   Emitted 'error' event on Socket instance at:
   at emitErrorNT (internal/streams/destroy.js:106:8)
   at emitErrorCloseNT (internal/streams/destroy.js:74:3)
   at processTicksAndRejections (internal/process/task_queues.js:80:21) {
 errno: -104,
 code: 'ECONNRESET',
 syscall: 'read'
   }
   
   Please upgrade as soon as possible.
   Bug Fixes
   
   
   ... (truncated)
   
   
   Commits
   
   https://github.com/socketio/engine.io/commit/67a3a8785900f77d8ad40c3c1eea8ee188c42d95;>67a3a87
 chore(release): 3.6.1
   https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085;>83c4071
 fix: catch errors when destroying invalid upgrades
   https://github.com/socketio/engine.io/commit/f62f26530cdb9c7bbfd295f3110cc2d911561fda;>f62f265
 chore(release): 3.6.0
   https://github.com/socketio/engine.io/commit/f55a79a28a5fbc6c9edae876dd11308b89cc979e;>f55a79a
 feat: increase the default value of pingTimeout
   https://github.com/socketio/engine.io/commit/1f5d4699862afee1e410fcb0e1f5e751ebcd2f9f;>1f5d469
 fix: do not reset the ping timer after upgrade
   https://github.com/socketio/engine.io/commit/3ad0567dbd57cfb7c2ff4e8b7488d80f37022b4a;>3ad0567
 fix: add extension in the 

[GitHub] [tomcat] markt-asf merged pull request #566: Allow reproducible builds of all JDBC JAR files

[GitBox]

markt-asf merged PR #566:
URL: https://github.com/apache/tomcat/pull/566


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-maven-plugin] JLLeitschuh opened a new pull request, #39: [SECURITY] Fix Temporary File Information Disclosure Vulnerability

[GitBox]

JLLeitschuh opened a new pull request, #39:
URL: https://github.com/apache/tomcat-maven-plugin/pull/39

   
   # Security Vulnerability Fix
   
   This pull request fixes a Temporary File Information Disclosure 
Vulnerability, which existed in this project.
   
   ## Preamble
   
   The system temporary directory is shared between all users on most unix-like 
systems (not MacOS, or Windows). Thus, code interacting with the system 
temporary directory must be careful about file interactions in this directory, 
and must ensure that the correct file posix permissions are set.
   
   This PR was generated because a call to `File.createTempFile(..)` was 
detected in this repository in a way that makes this project vulnerable to 
local information disclosure.
   With the default uname configuration, `File.createTempFile(..)` creates a 
file with the permissions `-rw-r--r--`. This means that any other user on the 
system can read the contents of this file.
   
   ### Impact
   
   Information in this file is visible to other local users, allowing a 
malicious actor co-resident on the same machine to view potentially sensitive 
files.
   
    Other Examples
   
- [CVE-2020-15250](https://github.com/advisories/GHSA-269g-pwp5-87pp) - 
junit-team/junit
- [CVE-2021-21364](https://github.com/advisories/GHSA-hpv8-9rq5-hq7w) - 
swagger-api/swagger-codegen
- [CVE-2022-24823](https://github.com/advisories/GHSA-5mcr-gq6c-3hq2) - 
netty/netty
- [CVE-2022-24823](https://github.com/advisories/GHSA-269q-hmxg-m83q) - 
netty/netty
   
   # The Fix
   
   The fix has been to convert the logic above to use the following API that 
was introduced in Java 1.7.
   
   ```java
   File tmpDir = Files.createTempFile("temp dir").toFile();
   ```
   
   The API both creates the file securely, ie. with a random, non-conflicting 
name, with file permissions that only allow the currently executing user to 
read or write the contents of this file.
   By default, `Files.createTempFile("temp dir")` will create a file with the 
permissions `-rw---`, which only allows the user that created the file to 
view/write the file contents.
   
   # :arrow_right: Vulnerability Disclosure :arrow_left:
   
   :wave: Vulnerability disclosure is a super important part of the 
vulnerability handling process and should not be skipped! This may be 
completely new to you, and that's okay, I'm here to assist!
   
   First question, do we need to perform vulnerability disclosure? It depends!
   
1. Is the vulnerable code only in tests or example code? No disclosure 
required!
2. Is the vulnerable code in code shipped to your end users? Vulnerability 
disclosure is probably required!
   
   ## Vulnerability Disclosure How-To
   
   You have a few options options to perform vulnerability disclosure. However, 
I'd like to suggest the following 2 options:
   
1. Request a CVE number from GitHub by creating a repository-level [GitHub 
Security 
Advisory](https://docs.github.com/en/code-security/repository-security-advisories/creating-a-repository-security-advisory).
 This has the advantage that, if you provide sufficient information, GitHub 
will automatically generate Dependabot alerts for your downstream consumers, 
resolving this vulnerability more quickly.
2. Reach out to the team at Snyk to assist with CVE issuance. They can be 
reached at the [Snyk's Disclosure Email](mailto:rep...@snyk.io).
   
   ## Detecting this and Future Vulnerabilities
   
   This vulnerability was automatically detected by GitHub's CodeQL using this 
[CodeQL 
Query](https://codeql.github.com/codeql-query-help/java/java-local-temp-file-or-directory-information-disclosure/).
   
   You can automatically detect future vulnerabilities like this by enabling 
the free (for open-source) [GitHub 
Action](https://github.com/github/codeql-action).
   
   I'm not an employee of GitHub, I'm simply an open-source security researcher.
   
   ## Source
   
   This contribution was automatically generated with an 
[OpenRewrite](https://github.com/openrewrite/rewrite) [refactoring 
recipe](https://docs.openrewrite.org/), which was lovingly hand crafted to 
bring this security fix to your repository.
   
   The source code that generated this PR can be found here:
   
[SecureTempFileCreation](https://github.com/openrewrite/rewrite-java-security/blob/main/src/main/java/org/openrewrite/java/security/SecureTempFileCreation.java)
   
   ## Opting-Out
   
   If you'd like to opt-out of future automated security vulnerability fixes 
like this, please consider adding a file called
   `.github/GH-ROBOTS.txt` to your repository with the line:
   
   ```
   User-agent: JLLeitschuh/security-research
   Disallow: *
   ```
   
   This bot will respect the [ROBOTS.txt](https://moz.com/learn/seo/robotstxt) 
format for future contributions.
   
   Alternatively, if this project is no longer actively maintained, consider 

[GitHub] [tomcat] sdeleuze commented on a diff in pull request #569: Refine native resources metadata

[GitBox]

sdeleuze commented on code in PR #569:
URL: https://github.com/apache/tomcat/pull/569#discussion_r1025340076


##
modules/stuffed/tomcat-resource.json:
##
@@ -73,9 +73,13 @@
 {"name":"org.apache.tomcat.websocket.server.LocalStrings"}
   ],
   "resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
+{"pattern":"^org/apache/tomcat/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/coyote/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*\\.properties$"},
+{"pattern":"^jakarta/servlet/resources/.*"},

Review Comment:
   After a deeper look, I have chosen to remove `jakarta/servlet/resources/*` 
resources from the default configuration of `tomcat-embed-core`, since those 
optional resources weight `1.5M`! Users leveraging them will just have to 
configure something like `{"pattern":"^jakarta/servlet/resources/.*"}`, not 
that different from what people need to do for JNI or extra reflection 
configuration.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] sdeleuze commented on a diff in pull request #569: Refine native resources metadata

[GitBox]

sdeleuze commented on code in PR #569:
URL: https://github.com/apache/tomcat/pull/569#discussion_r1025160017


##
modules/stuffed/tomcat-resource.json:
##
@@ -73,9 +73,13 @@
 {"name":"org.apache.tomcat.websocket.server.LocalStrings"}
   ],
   "resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
+{"pattern":"^org/apache/tomcat/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/coyote/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*\\.properties$"},
+{"pattern":"^jakarta/servlet/resources/.*"},

Review Comment:
   Interesting, let me have another look to see if this should be shipped by 
default or not.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] aooohan merged pull request #567: conf permissions in Dockerfile

[GitBox]

aooohan merged PR #567:
URL: https://github.com/apache/tomcat/pull/567


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] sdeleuze commented on a diff in pull request #569: Refine native resources metadata

[GitBox]

sdeleuze commented on code in PR #569:
URL: https://github.com/apache/tomcat/pull/569#discussion_r1024921333


##
modules/stuffed/tomcat-resource.json:
##
@@ -73,9 +73,13 @@
 {"name":"org.apache.tomcat.websocket.server.LocalStrings"}
   ],
   "resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
+{"pattern":"^org/apache/tomcat/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/coyote/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*\\.properties$"},
+{"pattern":"^jakarta/servlet/resources/.*"},

Review Comment:
   I am not sure, if for typical use case we could keep only the latest version 
for example, would be nice, but I would need Tomcat team guidelines for that cc 
@markt-asf.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] mhalbritter commented on a diff in pull request #569: Refine native resources metadata

[GitBox]

mhalbritter commented on code in PR #569:
URL: https://github.com/apache/tomcat/pull/569#discussion_r1024913815


##
modules/stuffed/tomcat-resource.json:
##
@@ -73,9 +73,13 @@
 {"name":"org.apache.tomcat.websocket.server.LocalStrings"}
   ],
   "resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}
+{"pattern":"^org/apache/tomcat/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/coyote/.*mbeans-descriptors\\.xml$"},
+{"pattern":"^org/apache/catalina/.*\\.properties$"},
+{"pattern":"^jakarta/servlet/resources/.*"},

Review Comment:
   So we really need to include all of the XSDs and the DTDs?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-maven-plugin] glendagonzales closed pull request #38: PDS-3713 bump tomcat to 9.0.69

[GitBox]

glendagonzales closed pull request #38: PDS-3713 bump tomcat to 9.0.69
URL: https://github.com/apache/tomcat-maven-plugin/pull/38


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-maven-plugin] glendagonzales opened a new pull request, #38: PDS-3713 bump tomcat to 9.0.69

[GitBox]

glendagonzales opened a new pull request, #38:
URL: https://github.com/apache/tomcat-maven-plugin/pull/38

   [PDS-3713](https://keap.atlassian.net/browse/PDS-3713)
   
   Upgrade to tomcat 9.0.69 for security reasons.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] aooohan merged pull request #570: fix issue id in changelog

[GitBox]

aooohan merged PR #570:
URL: https://github.com/apache/tomcat/pull/570


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] guillaumecle opened a new pull request, #570: fix issue id in changelog

[GitBox]

guillaumecle opened a new pull request, #570:
URL: https://github.com/apache/tomcat/pull/570

   https://bz.apache.org/bugzilla/show_bug.cgi?id=66029 poi 5.0 generated xlsx 
file RUN TO EMAIL APPENDS .TXT TO OUTPUT
   
   https://bz.apache.org/bugzilla/show_bug.cgi?id=66209 CPU regression when 
classpath Bloom filters are active


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] sdeleuze commented on a diff in pull request #569: Refine native resources metadata

[GitBox]

sdeleuze commented on code in PR #569:
URL: https://github.com/apache/tomcat/pull/569#discussion_r1024337553


##
modules/stuffed/tomcat-resource.json:
##
@@ -73,9 +73,13 @@
 {"name":"org.apache.tomcat.websocket.server.LocalStrings"}
   ],
   "resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}

Review Comment:
   They are now included via `{"pattern":"^jakarta/servlet/resources/.*"}`.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] ChristopherSchultz commented on a diff in pull request #569: Refine native resources metadata

[GitBox]

ChristopherSchultz commented on code in PR #569:
URL: https://github.com/apache/tomcat/pull/569#discussion_r1024327589


##
modules/stuffed/tomcat-resource.json:
##
@@ -73,9 +73,13 @@
 {"name":"org.apache.tomcat.websocket.server.LocalStrings"}
   ],
   "resources":[
-{"pattern":".*/mbeans-descriptors.xml$"},
-{"pattern":".*/*.properties$"},
-{"pattern":".*/*.dtd$"},
-{"pattern":".*/*.xsd$"}

Review Comment:
   Is a pattern no longer (or was never?) necessary for `.xsd`?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] sdeleuze opened a new pull request, #569: Refine native resources metadata

[GitBox]

sdeleuze opened a new pull request, #569:
URL: https://github.com/apache/tomcat/pull/569

   This commit updates the native resources hints in order to avoid classpath 
wide inclusion of resources.
   
   @markt-asf @mhalbritter Please check I did not make any mistake.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] jgneff commented on pull request #566: Allow reproducible builds of all JDBC JAR files

[GitBox]

jgneff commented on PR #566:
URL: https://github.com/apache/tomcat/pull/566#issuecomment-1314042008

   After this fix, the only remaining difference that I have found between any 
two builds of Tomcat using the default Ant target is the build path that gets 
included in two XML files:
   
   ```console
   $ diff -qr lxd/output1 kvm/output1
   Files lxd/output1/jdbc-pool/doc/changelog.xml and 
kvm/output1/jdbc-pool/doc/changelog.xml differ
   Files lxd/output1/jdbc-pool/doc/jdbc-pool.xml and 
kvm/output1/jdbc-pool/doc/jdbc-pool.xml differ
   ```
   
   ```diff
   diff -r lxd/output1/jdbc-pool/doc/changelog.xml 
kvm/output1/jdbc-pool/doc/changelog.xml
   19c19
   <   
   ---
   >   
   diff -r lxd/output1/jdbc-pool/doc/jdbc-pool.xml 
kvm/output1/jdbc-pool/doc/jdbc-pool.xml
   19c19
   <   
   ---
   >   
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] aooohan closed pull request #568: 10.1.x

[GitBox]

aooohan closed pull request #568: 10.1.x
URL: https://github.com/apache/tomcat/pull/568


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] suamly2021 opened a new pull request, #568: 10.1.x

[GitBox]

suamly2021 opened a new pull request, #568:
URL: https://github.com/apache/tomcat/pull/568

   Just for test


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] vassilismourikis opened a new pull request, #567: conf permissions in Dockerfile

[GitBox]

vassilismourikis opened a new pull request, #567:
URL: https://github.com/apache/tomcat/pull/567

   In order to overcome the server.xml permission denial problem.
   
   Signed-off: [vassilismouri...@gmail.com](mailto:vmour...@redhat.com)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] jgneff commented on pull request #566: Allow reproducible builds of all JDBC JAR files

[GitBox]

jgneff commented on PR #566:
URL: https://github.com/apache/tomcat/pull/566#issuecomment-1312794140

   I found how to test the [Tomcat JDBC Connection 
Pool](https://tomcat.apache.org/tomcat-10.0-doc/jdbc-pool.html) test JAR files 
(`tomcat-jdbc-test.jar` and `tomcat-jdbc-test-src.jar`). I first had to copy 
the `build.properties.default` file to `build.properties` with the following 
changes:
   
   ```diff
   94c94
   < 
tomcat.project.loc=https://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/project.xml
   ---
   > 
tomcat.project.loc=https://github.com/apache/tomcat/tree/main/webapps/docs/project.xml
   97c97
   < 
tomcat.xsl.loc=https://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/tomcat-docs.xsl
   ---
   > 
tomcat.xsl.loc=https://github.com/apache/tomcat/tree/main/webapps/docs/tomcat-docs.xsl
   ```
   
   With those changes, I could run:
   
   ```console
   $ cd modules/jdbc-pool
   $ ant build-test
   $ mv output output1
   $ ant build-test
   $ mv output output2
   ```
   
   Before this pull request, two consecutive builds show the following 
differences:
   
   ```console
   $ diff -qr output1 output2 
   Files output1/tomcat-jdbc-src.jar and output2/tomcat-jdbc-src.jar differ
   Files output1/tomcat-jdbc-test-src.jar and output2/tomcat-jdbc-test-src.jar 
differ
   Files output1/tomcat-jdbc-test.jar and output2/tomcat-jdbc-test.jar differ
   ```
   
   After this pull request, the contents of the two output directories are 
identical.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] jgneff opened a new pull request, #566: Allow reproducible builds of all JDBC JAR files

[GitBox]

jgneff opened a new pull request, #566:
URL: https://github.com/apache/tomcat/pull/566

   Fixes [Bug 66346](https://bz.apache.org/bugzilla/show_bug.cgi?id=66346). 
Only the first change is required to fix the timestamps in 
`tomcat-jdbc-src.jar`, but this seemed a good time to fix the timestamps in the 
other two JAR files as well (`tomcat-jdbc-test.jar` and 
`tomcat-jdbc-test-src.jar`).
   
   Can someone let me know how I might test the building of those two test JAR 
files? I couldn't figure out which Ant target to use for building and comparing 
them. I did run the unit test cases, which were successful:
   
   ```console
   $ ant test
   ...
  [concat] Testsuites with failed tests:
   
   test:
   
   BUILD SUCCESSFUL
   Total time: 110 minutes 45 seconds
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-training] dependabot[bot] closed pull request #8: Bump socket.io-parser from 2.3.1 to 3.3.2

[GitBox]

dependabot[bot] closed pull request #8: Bump socket.io-parser from 2.3.1 to 
3.3.2
URL: https://github.com/apache/tomcat-training/pull/8


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-training] dependabot[bot] commented on pull request #8: Bump socket.io-parser from 2.3.1 to 3.3.2

[GitBox]

dependabot[bot] commented on PR #8:
URL: https://github.com/apache/tomcat-training/pull/8#issuecomment-1309683026

   Superseded by #9.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-training] dependabot[bot] opened a new pull request, #9: Bump socket.io-parser from 2.3.1 to 3.3.3

[GitBox]

dependabot[bot] opened a new pull request, #9:
URL: https://github.com/apache/tomcat-training/pull/9

   Bumps [socket.io-parser](https://github.com/socketio/socket.io-parser) from 
2.3.1 to 3.3.3.
   
   Release notes
   Sourced from https://github.com/socketio/socket.io-parser/releases;>socket.io-parser's 
releases.
   
   3.3.2
   Bug Fixes
   
   prevent DoS (OOM) via massive packets (https://github-redirect.dependabot.com/Automattic/socket.io-parser/issues/95;>#95)
 (https://github.com/Automattic/socket.io-parser/commit/89197a05c43b18cc4569fd178d56e7bb8f403865;>89197a0)
   
   Links
   
   Diff: https://github.com/Automattic/socket.io-parser/compare/3.3.1...3.3.2;>https://github.com/Automattic/socket.io-parser/compare/3.3.1...3.3.2
   
   3.3.1
   Links
   
   Diff: https://github.com/socketio/socket.io-parser/compare/3.3.0...3.3.1;>https://github.com/socketio/socket.io-parser/compare/3.3.0...3.3.1
   
   3.3.0
   Bug Fixes
   
   remove any reference to the global variable (https://github.com/socketio/socket.io-parser/commit/b47efb2;>b47efb2)
   
   Links
   
   Milestone: -
   Diff: https://github.com/socketio/socket.io-parser/compare/3.2.0...3.3.0;>3.2.0...3.3.0
   
   3.2.0
   Bug fixes
   
   properly detect typed arrays (https://github-redirect.dependabot.com/socketio/socket.io-parser/issues/85;>#85)
   properly handle JSON.stringify errors (https://github-redirect.dependabot.com/socketio/socket.io-parser/issues/84;>#84)
   
   Note
   Binary detection was removed from the package (revert of https://github-redirect.dependabot.com/socketio/socket.io-parser/pull/66;>socketio/socket.io-parser#66),
 so that we can disable the binary check earlier in the chain.
   Links
   
   Milestone: https://github.com/socketio/socket.io-parser/milestone/8;>3.2.0
   Diff: https://github.com/socketio/socket.io-parser/compare/3.1.3...3.2.0;>3.1.3...3.2.0
   
   3.1.3
   Bug fixes
   
   use ArrayBuffer.isView to check for typed arrays (https://github-redirect.dependabot.com/socketio/socket.io-parser/issues/82;>#82)
   ensure packet data is an array (https://github-redirect.dependabot.com/socketio/socket.io-parser/issues/83;>#83)
   
    Links
   
   Milestone: https://github.com/socketio/socket.io-parser/milestones/9;>3.1.3
   Diff: https://github.com/socketio/socket.io-parser/compare/3.1.2...3.1.3;>3.1.2...3.1.3
   
   
   
   ... (truncated)
   
   
   Changelog
   Sourced from https://github.com/socketio/socket.io-parser/blob/main/CHANGELOG.md;>socket.io-parser's
 changelog.
   
   https://github.com/Automattic/socket.io-parser/compare/3.3.2...3.3.3;>3.3.3
 (2022-11-09)
   Bug Fixes
   
   check the format of the index of each attachment (https://github.com/Automattic/socket.io-parser/commit/fb21e422fc193b34347395a33e0f625bebc09983;>fb21e42)
   
   https://github.com/socketio/socket.io-parser/compare/3.4.1...3.4.2;>3.4.2
 (2022-11-09)
   Bug Fixes
   
   check the format of the index of each attachment (https://github.com/socketio/socket.io-parser/commit/04d23cecafe1b859fb03e0cbf6ba3b74dff56d14;>04d23ce)
   
   https://github.com/socketio/socket.io-parser/compare/4.2.0...4.2.1;>4.2.1
 (2022-06-27)
   Bug Fixes
   
   check the format of the index of each attachment (https://github.com/socketio/socket.io-parser/commit/b5d0cb7dc56a0601a09b056beaeeb0e43b160050;>b5d0cb7)
   
   https://github.com/socketio/socket.io-parser/compare/4.0.4...4.0.5;>4.0.5
 (2022-06-27)
   Bug Fixes
   
   check the format of the index of each attachment (https://github.com/socketio/socket.io-parser/commit/b559f050ee02bd90bd853b9823f8de7fa94a80d4;>b559f05)
   
   https://github.com/socketio/socket.io-parser/compare/4.1.2...4.2.0;>4.2.0
 (2022-04-17)
   Features
   
   allow the usage of custom replacer and reviver (https://github-redirect.dependabot.com/socketio/socket.io-parser/issues/112;>#112)
 (https://github.com/socketio/socket.io-parser/commit/b08bc1a93e8e3194b776c8a0bdedee1e29333680;>b08bc1a)
   
   https://github.com/socketio/socket.io-parser/compare/4.1.1...4.1.2;>4.1.2
 (2022-02-17)
   Bug Fixes
   
   
   ... (truncated)
   
   
   Commits
   
   https://github.com/socketio/socket.io-parser/commit/cd11e38e1a3e2146617bc586f86512605607b212;>cd11e38
 chore(release): 3.3.3
   https://github.com/socketio/socket.io-parser/commit/fb21e422fc193b34347395a33e0f625bebc09983;>fb21e42
 fix: check the format of the index of each attachment
   https://github.com/socketio/socket.io-parser/commit/3b0a3925fd9f765228e5d06e4a0cc90d81a60d0e;>3b0a392
 chore(release): 3.3.2
   https://github.com/socketio/socket.io-parser/commit/89197a05c43b18cc4569fd178d56e7bb8f403865;>89197a0
 fix: prevent DoS (OOM) via massive packets (https://github-redirect.dependabot.com/socketio/socket.io-parser/issues/95;>#95)
   https://github.com/socketio/socket.io-parser/commit/25ca624b0d9eddc54a0dbaecc535cdf400722169;>25ca624
 chore(release): 3.3.1
   https://github.com/socketio/socket.io-parser/commit/b51b39b78d85841a5659778917f240d407fdbce1;>b51b39b
 test: use 

[GitHub] [tomcat] aooohan commented on pull request #565: updated link to download cvs

[GitBox]

aooohan commented on PR #565:
URL: https://github.com/apache/tomcat/pull/565#issuecomment-1309666942

   Thanks for bringing it to my attention. But CSV is too old and outdated and 
I think it's time to use Git instead. So I will try to change some docs related 
to this.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] Naturbelassen opened a new pull request, #565: updated link to download cvs

[GitBox]

Naturbelassen opened a new pull request, #565:
URL: https://github.com/apache/tomcat/pull/565

   The documentation suggest to get cvs by following this link: 
http://www.cvshome.org/ 
   However the linked page has nothing to do with csv.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf merged pull request #564: Native metadata update for Tomcat 10.1

[GitBox]

markt-asf merged PR #564:
URL: https://github.com/apache/tomcat/pull/564


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] sdeleuze opened a new pull request, #564: Native metadata update for Tomcat 10.1

[GitBox]

sdeleuze opened a new pull request, #564:
URL: https://github.com/apache/tomcat/pull/564

   This pull request fixes regressions in the Tomcat 10.1 native support 
compared to Tomcat 10.0.
   
   It brings back required reflection metadata on `AbstractProtocol` and 
`AbstractHttp11Protocol` lost after `Http11AprProtocol` removal, and rename 
resource metadata from `org.apache.el.Messages` to `org.apache.el.LocalStrings`.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on pull request #562: Remove unnecessary -1 predicate because write will not return -1 unless NioChannel is CLOSED_NIO_CHANNEL

[GitBox]

markt-asf commented on PR #562:
URL: https://github.com/apache/tomcat/pull/562#issuecomment-1305623555

   Thanks for the PR. I applied to it manually so I could use a slightly 
different fix and add a change log entry.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf closed pull request #562: Remove unnecessary -1 predicate because write will not return -1 unless NioChannel is CLOSED_NIO_CHANNEL

[GitBox]

markt-asf closed pull request #562: Remove unnecessary -1 predicate because 
write will not return -1 unless NioChannel is CLOSED_NIO_CHANNEL
URL: https://github.com/apache/tomcat/pull/562


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] aooohan commented on pull request #563: Fix Javadoc to reflect the change in default formatter

[GitBox]

aooohan commented on PR #563:
URL: https://github.com/apache/tomcat/pull/563#issuecomment-1304982523

   Thanks for the PR.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] aooohan merged pull request #563: Fix Javadoc to reflect the change in default formatter

[GitBox]

aooohan merged PR #563:
URL: https://github.com/apache/tomcat/pull/563


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] zsrv opened a new pull request, #563: Fix Javadoc to reflect the change in default formatter

[GitBox]

zsrv opened a new pull request, #563:
URL: https://github.com/apache/tomcat/pull/563

   The default formatter was changed 
[here](https://github.com/apache/tomcat/commit/7d0408eb47c52376cf210cc4b8d897d1bffac947#diff-e0d7b86da38bd411282a14bd82e8cc517ff64f68fc3c882647e5a3e0ed736840R335).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] markt-asf closed issue #35: Does this project work in a spring 5 project?

[GitBox]

markt-asf closed issue #35: Does this project work in a spring 5 project?
URL: https://github.com/apache/tomcat-jakartaee-migration/issues/35


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] markt-asf commented on issue #35: Does this project work in a spring 5 project?

[GitBox]

markt-asf commented on issue #35:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/issues/35#issuecomment-1299935540

   No. Those JARs are excluded because they are known not to contain any 
classes that require conversion. The exclusion is a performance optimisation.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-native] markt-asf merged pull request #14: native: Fix the build with rlibtool

[GitBox]

markt-asf merged PR #14:
URL: https://github.com/apache/tomcat-native/pull/14


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-native] markt-asf commented on a diff in pull request #13: native: Update for libressl 3.5

[GitBox]

markt-asf commented on code in PR #13:
URL: https://github.com/apache/tomcat-native/pull/13#discussion_r1009712365


##
native/build/tcnative.m4:
##
@@ -233,7 +233,7 @@ AC_DEFUN([TCN_FIND_SSL_TOOLKIT],[
 #include 
 #include 
 int main() {
-if (OPENSSL_VERSION_NUMBER >= 0x300fL)
+if (OPENSSL_VERSION_NUMBER >= 0x300fL || LIBRESSL_VERSION_NUMBER 
>= 0x3050200fL)
 return (0);

Review Comment:
   This breaks the build when LibreSSL is not present. I'll get that fixed.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-native] markt-asf merged pull request #13: native: Update for libressl 3.5

[GitBox]

markt-asf merged PR #13:
URL: https://github.com/apache/tomcat-native/pull/13


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-training] dependabot[bot] opened a new pull request, #8: Bump socket.io-parser from 2.3.1 to 3.3.2

[GitBox]

dependabot[bot] opened a new pull request, #8:
URL: https://github.com/apache/tomcat-training/pull/8

   Bumps [socket.io-parser](https://github.com/socketio/socket.io-parser) from 
2.3.1 to 3.3.2.
   
   Release notes
   Sourced from https://github.com/socketio/socket.io-parser/releases;>socket.io-parser's 
releases.
   
   3.3.2
   Bug Fixes
   
   prevent DoS (OOM) via massive packets (https://github-redirect.dependabot.com/Automattic/socket.io-parser/issues/95;>#95)
 (https://github.com/Automattic/socket.io-parser/commit/89197a05c43b18cc4569fd178d56e7bb8f403865;>89197a0)
   
   Links
   
   Diff: https://github.com/Automattic/socket.io-parser/compare/3.3.1...3.3.2;>https://github.com/Automattic/socket.io-parser/compare/3.3.1...3.3.2
   
   3.3.1
   Links
   
   Diff: https://github.com/socketio/socket.io-parser/compare/3.3.0...3.3.1;>https://github.com/socketio/socket.io-parser/compare/3.3.0...3.3.1
   
   3.3.0
   Bug Fixes
   
   remove any reference to the global variable (https://github.com/socketio/socket.io-parser/commit/b47efb2;>b47efb2)
   
   Links
   
   Milestone: -
   Diff: https://github.com/socketio/socket.io-parser/compare/3.2.0...3.3.0;>3.2.0...3.3.0
   
   3.2.0
   Bug fixes
   
   properly detect typed arrays (https://github-redirect.dependabot.com/socketio/socket.io-parser/issues/85;>#85)
   properly handle JSON.stringify errors (https://github-redirect.dependabot.com/socketio/socket.io-parser/issues/84;>#84)
   
   Note
   Binary detection was removed from the package (revert of https://github-redirect.dependabot.com/socketio/socket.io-parser/pull/66;>socketio/socket.io-parser#66),
 so that we can disable the binary check earlier in the chain.
   Links
   
   Milestone: https://github.com/socketio/socket.io-parser/milestone/8;>3.2.0
   Diff: https://github.com/socketio/socket.io-parser/compare/3.1.3...3.2.0;>3.1.3...3.2.0
   
   3.1.3
   Bug fixes
   
   use ArrayBuffer.isView to check for typed arrays (https://github-redirect.dependabot.com/socketio/socket.io-parser/issues/82;>#82)
   ensure packet data is an array (https://github-redirect.dependabot.com/socketio/socket.io-parser/issues/83;>#83)
   
    Links
   
   Milestone: https://github.com/socketio/socket.io-parser/milestones/9;>3.1.3
   Diff: https://github.com/socketio/socket.io-parser/compare/3.1.2...3.1.3;>3.1.2...3.1.3
   
   
   
   ... (truncated)
   
   
   Changelog
   Sourced from https://github.com/socketio/socket.io-parser/blob/3.3.2/CHANGELOG.md;>socket.io-parser's
 changelog.
   
   https://github.com/Automattic/socket.io-parser/compare/3.3.1...3.3.2;>3.3.2
 (2021-01-09)
   Bug Fixes
   
   prevent DoS (OOM) via massive packets (https://github-redirect.dependabot.com/Automattic/socket.io-parser/issues/95;>#95)
 (https://github.com/Automattic/socket.io-parser/commit/89197a05c43b18cc4569fd178d56e7bb8f403865;>89197a0)
   
   https://github.com/socketio/socket.io-parser/compare/3.3.0...3.3.1;>3.3.1
 (2020-09-30)
   
   
   
   Commits
   
   https://github.com/socketio/socket.io-parser/commit/3b0a3925fd9f765228e5d06e4a0cc90d81a60d0e;>3b0a392
 chore(release): 3.3.2
   https://github.com/socketio/socket.io-parser/commit/89197a05c43b18cc4569fd178d56e7bb8f403865;>89197a0
 fix: prevent DoS (OOM) via massive packets (https://github-redirect.dependabot.com/socketio/socket.io-parser/issues/95;>#95)
   https://github.com/socketio/socket.io-parser/commit/25ca624b0d9eddc54a0dbaecc535cdf400722169;>25ca624
 chore(release): 3.3.1
   https://github.com/socketio/socket.io-parser/commit/b51b39b78d85841a5659778917f240d407fdbce1;>b51b39b
 test: use Node.js 10 for the browser tests
   https://github.com/socketio/socket.io-parser/commit/4184e465344c7ebd1d586e35a53bfad1ab5cfcea;>4184e46
 chore: bump component-emitter dependency
   https://github.com/socketio/socket.io-parser/commit/0de72b9cc25c0950f09811e1e2a951b80e67e3fb;>0de72b9
 [chore] Release 3.3.0
   https://github.com/socketio/socket.io-parser/commit/b47efb270d959e7456d8d44b4f3c386a884542b8;>b47efb2
 [fix] Remove any reference to the global variable
   https://github.com/socketio/socket.io-parser/commit/d95e38f6b66341612cc82bdb7f9157d698166c73;>d95e38f
 [chore] Update the Makefile
   https://github.com/socketio/socket.io-parser/commit/b57e06304e50ee9eed258d39cd4841c6269bca75;>b57e063
 [test] Update travis configuration
   https://github.com/socketio/socket.io-parser/commit/48f340ec12e919d70f2d9567c4a46e3c1080b1bc;>48f340e
 [refactor] Fix a small typo and code styling (https://github-redirect.dependabot.com/socketio/socket.io-parser/issues/88;>#88)
   Additional commits viewable in https://github.com/socketio/socket.io-parser/compare/2.3.1...3.3.2;>compare
 view
   
   
   
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=socket.io-parser=npm_and_yarn=2.3.1=3.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   

[GitHub] [tomcat-jakartaee-migration] rmaucher closed pull request #37: Exclude Findbugs JSR-305 annotation packages and classes

[GitBox]

rmaucher closed pull request #37: Exclude Findbugs JSR-305 annotation packages 
and classes
URL: https://github.com/apache/tomcat-jakartaee-migration/pull/37


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] rmaucher commented on pull request #37: Exclude Findbugs JSR-305 annotation packages and classes

[GitBox]

rmaucher commented on PR #37:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/37#issuecomment-1294954276

   This will be in 1.0.5.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] rmaucher commented on pull request #37: Exclude Findbugs JSR-305 annotation packages and classes

[GitBox]

rmaucher commented on PR #37:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/37#issuecomment-1294704497

   Ok !


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on pull request #37: Exclude Findbugs JSR-305 annotation packages and classes

[GitBox]

DanielThomas commented on PR #37:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/37#issuecomment-1294527488

   I omitted those so:
   
   - A move from `jakarta` -> `javax` would only relocate the classes provided 
by 1.3, leaving the later ones alone
   - Especially avoids touching `Nonnull`/`Nullable` because `Nullable` from 
JSR-305 implements parameters and a `Checker` that can't be satisfied by other 
implementations:
   ```
   package javax.annotation;
   
   import java.lang.annotation.Documented;
   import java.lang.annotation.Retention;
   import java.lang.annotation.RetentionPolicy;
   
   import javax.annotation.meta.TypeQualifier;
   import javax.annotation.meta.TypeQualifierValidator;
   import javax.annotation.meta.When;
   
   /**
* The annotated element must not be null.
* 
* Annotated fields must not be null after construction has completed.
* 
* When this annotation is applied to a method it applies to the method 
return value.
*/
   @Documented
   @TypeQualifier
   @Retention(RetentionPolicy.RUNTIME)
   public @interface Nonnull {
   When when() default When.ALWAYS;
   
   class Checker implements TypeQualifierValidator {
   
   public When forConstantValue(Nonnull qualifierArgument, Object 
value) {
   if (value == null)
   return When.NEVER;
   return When.ALWAYS;
   }
   }
   }
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] rmaucher commented on pull request #37: Exclude Findbugs JSR-305 annotation packages and classes

[GitBox]

rmaucher commented on PR #37:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/37#issuecomment-1294510686

   I would also think the difference is functionally "ok", before these 
intermediate paths were matched since not excluded I suppose. So this can be 
committed, but I'll then update the class list to exactly match 
https://jakarta.ee/specifications/annotations/2.1/apidocs/overview-tree.html


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on pull request #37: Exclude Findbugs JSR-305 annotation packages and classes

[GitBox]

DanielThomas commented on PR #37:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/37#issuecomment-1294468210

   Definitely better - moving only `tomcat-annotations-api` avoids touching a 
bunch of files that don't actually need a migration. Guava is completely 
untouched by using an inclusion list:
   ```
   Migration starting for archive [guava-31.1-jre.jar] using streaming
   Migration finished for archive [guava-31.1-jre.jar]
   Migration completed successfully in [540] milliseconds
   ```
   
   If I migrate `tomcat-annotations-api` to confirm coverage the only thing I 
notice is the parent directories aren't touched, but that doesn't affect 
classloading. I'd guess this isn't a concern, because the parent `javax` 
directory already isn't handled prior to this change, so it's already depending 
on the directory entry not being a dependency of extracting correctly.
   
   Before: 
   ```
 Length  DateTimeName
   -  -- -   
   0  08-08-2022 07:26   META-INF/
 411  08-08-2022 07:26   META-INF/MANIFEST.MF
   0  08-08-2022 07:26   javax/
   0  08-08-2022 07:26   jakarta/annotation/
   0  08-08-2022 07:26   jakarta/annotation/security/
   0  08-08-2022 07:26   jakarta/annotation/sql/
 680  08-08-2022 07:26   jakarta/annotation/Generated.class
   ...
   ```
   
   After:
   ```
 Length  DateTimeName
   -  -- -   
   0  08-08-2022 07:26   META-INF/
 411  08-08-2022 07:26   META-INF/MANIFEST.MF
   0  08-08-2022 07:26   javax/
   0  08-08-2022 07:26   javax/annotation/
   0  08-08-2022 07:26   javax/annotation/security/
   0  08-08-2022 07:26   javax/annotation/sql/
 680  08-08-2022 07:26   jakarta/annotation/Generated.class
   ...
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on pull request #37: Exclude Findbugs JSR-305 annotation packages and classes

[GitBox]

DanielThomas commented on PR #37:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/37#issuecomment-1293277673

   That had occured to me too, let me do that!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] rmaucher commented on pull request #37: Exclude Findbugs JSR-305 annotation packages and classes

[GitBox]

rmaucher commented on PR #37:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/37#issuecomment-1293108227

   Ok, so there's even more in javax.annotation (I didn't know). It would 
likely be better and less hacky to switch to an include list rather than an 
exclude one.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on pull request #37: Exclude Findbugs JSR-305 annotation packages and classes

[GitBox]

DanielThomas commented on PR #37:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/37#issuecomment-1293003077

   Ah, I missed this because the manifest wasn't logged. I might need to do 
something to avoid this too:
   ```
   Manifest-Version: 1.0
   Bundle-Description: Guava is a suite of core and expanded libraries th
at includeutility classes, Google's collections, I/O classes, and
much more.
   Automatic-Module-Name: com.google.common
   Bundle-License: http://www.apache.org/licenses/LICENSE-2.0.txt
   Bundle-SymbolicName: com.google.guava
   Built-By: cpovirk
   Bnd-LastModified: 1646083102234
   Bundle-ManifestVersion: 2
   Bundle-DocURL: https://github.com/google/guava/
   Import-Package: com.google.common.util.concurrent.internal;version="[1
.0,2)",jakarta.annotation;resolution:=optional;version="[3.0,4)",java
x.crypto;resolution:=optional,javax.crypto.spec;resolution:=optional,
sun.misc;resolution:=optional
   Require-Capability: osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"
   Tool: Bnd-2.3.0.201405100607
   Export-Package: com.google.common.annotations;version="31.1.0",com.goo
gle.common.base;version="31.1.0";uses:="jakarta.annotation",com.googl
e.common.cache;version="31.1.0";uses:="com.google.common.base,com.goo
gle.common.collect,com.google.common.util.concurrent,jakarta.annotati
on",com.google.common.collect;version="31.1.0";uses:="com.google.comm
on.base,jakarta.annotation",com.google.common.escape;version="31.1.0"
;uses:="com.google.common.base,jakarta.annotation",com.google.common.
eventbus;version="31.1.0",com.google.common.graph;version="31.1.0";us
es:="com.google.common.collect,jakarta.annotation",com.google.common.
hash;version="31.1.0";uses:="com.google.common.base,jakarta.annotatio
n",com.google.common.html;version="31.1.0";uses:="com.google.common.e
scape",com.google.common.io;version="31.1.0";uses:="com.google.common
.base,com.google.common.collect,com.google.common.graph,com.google.co
mmon.hash,jakarta.annotation",com.google.common.math;version="31.1.0"
;uses:="jakarta.annotation",com.google.common.net;version="31.1.0";us
es:="com.google.common.base,com.google.common.collect,com.google.comm
on.escape,jakarta.annotation",com.google.common.primitives;version="3
1.1.0";uses:="com.google.common.base,jakarta.annotation",com.google.c
ommon.reflect;version="31.1.0";uses:="com.google.common.collect,com.g
oogle.common.io,jakarta.annotation",com.google.common.util.concurrent
;version="31.1.0";uses:="com.google.common.base,com.google.common.col
lect,com.google.common.util.concurrent.internal,jakarta.annotation",c
om.google.common.xml;version="31.1.0";uses:="com.google.common.escape
"
   Bundle-Name: Guava: Google Core Libraries for Java
   Bundle-Version: 31.1.0.jre
   Build-Jdk: 11.0.12
   Created-By: Apache Maven Bundle Plugin
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] codecov-commenter commented on pull request #37: Exclude Findbugs JSR-305 annotation packages and classes

[GitBox]

codecov-commenter commented on PR #37:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/37#issuecomment-1292915384

   # 
[Codecov](https://codecov.io/gh/apache/tomcat-jakartaee-migration/pull/37?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation)
 Report
   > Merging 
[#37](https://codecov.io/gh/apache/tomcat-jakartaee-migration/pull/37?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation)
 (9eabdb5) into 
[main](https://codecov.io/gh/apache/tomcat-jakartaee-migration/commit/13480f5953cd6230a839c6f7170c05a322724915?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation)
 (13480f5) will **increase** coverage by `0.10%`.
   > The diff coverage is `100.00%`.
   
   ```diff
   @@ Coverage Diff  @@
   ##   main  #37  +/-   ##
   
   + Coverage 68.37%   68.48%   +0.10% 
 Complexity  126  126  
   
 Files14   14  
 Lines   604  606   +2 
 Branches103  103  
   
   + Hits413  415   +2 
 Misses  151  151  
 Partials 40   40  
   ```
   
   
   | [Impacted 
Files](https://codecov.io/gh/apache/tomcat-jakartaee-migration/pull/37?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation)
 | Coverage Δ | |
   |---|---|---|
   | 
[...in/java/org/apache/tomcat/jakartaee/Migration.java](https://codecov.io/gh/apache/tomcat-jakartaee-migration/pull/37/diff?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation#diff-c3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3RvbWNhdC9qYWthcnRhZWUvTWlncmF0aW9uLmphdmE=)
 | `69.51% <ø> (ø)` | |
   | 
[...va/org/apache/tomcat/jakartaee/EESpecProfiles.java](https://codecov.io/gh/apache/tomcat-jakartaee-migration/pull/37/diff?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation#diff-c3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3RvbWNhdC9qYWthcnRhZWUvRUVTcGVjUHJvZmlsZXMuamF2YQ==)
 | `100.00% <100.00%> (ø)` | |
   
   :mega: We’re building smart automated test selection to slash your CI/CD 
build times. [Learn 
more](https://about.codecov.io/iterative-testing/?utm_medium=referral_source=github_content=comment_campaign=pr+comments_term=The+Apache+Software+Foundation)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas opened a new pull request, #37: Exclude Findbugs JSR-305 annotation classes

[GitBox]

DanielThomas opened a new pull request, #37:
URL: https://github.com/apache/tomcat-jakartaee-migration/pull/37

   On deeper investigation, it turns out the problems I had with 
`javax.annotation` when testing 
https://github.com/apache/tomcat-jakartaee-migration/pull/36 were all Findbugs 
JSR-305 annotation related. 
   
   This adds excludes for the classes/packages provided by this library to 
avoid heavy handed translation of `javax.annotation` references.
   
   The one special case where `jakarta.annotations` does provide them is 
Nullable/Nonnull, see the tests for an explanation.
   
   Gere's Guava before:
   ```
   Performing migration from source 
[/Users/dannyt/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/31.1-jre/60458f877d055d0c9114d9e1a2efb737b4bc282c/guava-31.1-jre.jar]
 to destination [/Users/dannyt/Downloads/guava.jar] with Jakarta EE 
specification profile [TOMCAT]
   Migration starting for archive [guava-31.1-jre.jar] using streaming
   Migrated text file [META-INF/maven/com.google.guava/guava/pom.xml]
   Migrated class [com.google.common.base.Absent.class]
   Migrated class [com.google.common.base.AbstractIterator.class]
   Migrated class [com.google.common.base.CaseFormat$StringConverter.class]
   Migrated class [com.google.common.base.Converter$1$1.class]
   Migrated class [com.google.common.base.Converter$ConverterComposition.class]
   Migrated class 
[com.google.common.base.Converter$FunctionBasedConverter.class]
   Migrated class [com.google.common.base.Converter$ReverseConverter.class]
   Migrated class [com.google.common.base.Converter.class]
   Migrated class [com.google.common.base.Defaults.class]
   Migrated class [com.google.common.base.ElementTypesAreNonnullByDefault.class]
   Migrated class [com.google.common.base.Enums$StringConverter.class]
   Migrated class 
[com.google.common.base.Equivalence$EquivalentToPredicate.class]
   Migrated class [com.google.common.base.Equivalence$Wrapper.class]
   Migrated class [com.google.common.base.Equivalence.class]
   Migrated class [com.google.common.base.FinalizablePhantomReference.class]
   Migrated class 
[com.google.common.base.FinalizableReferenceQueue$DecoupledLoader.class]
   Migrated class 
[com.google.common.base.FinalizableReferenceQueue$FinalizerLoader.class]
   Migrated class 
[com.google.common.base.FinalizableReferenceQueue$SystemLoader.class]
   Migrated class [com.google.common.base.FinalizableSoftReference.class]
   Migrated class [com.google.common.base.FinalizableWeakReference.class]
   Migrated class [com.google.common.base.Function.class]
   Migrated class [com.google.common.base.FunctionalEquivalence.class]
   Migrated class [com.google.common.base.Functions$ConstantFunction.class]
   Migrated class [com.google.common.base.Functions$ForMapWithDefault.class]
   Migrated class [com.google.common.base.Functions$FunctionComposition.class]
   Migrated class 
[com.google.common.base.Functions$FunctionForMapNoDefault.class]
   Migrated class [com.google.common.base.Functions$IdentityFunction.class]
   Migrated class [com.google.common.base.Functions$PredicateFunction.class]
   Migrated class [com.google.common.base.Functions$SupplierFunction.class]
   Migrated class [com.google.common.base.Joiner$1.class]
   Migrated class [com.google.common.base.Joiner$3.class]
   Migrated class [com.google.common.base.Joiner.class]
   Migrated class 
[com.google.common.base.MoreObjects$ToStringHelper$ValueHolder.class]
   Migrated class [com.google.common.base.MoreObjects$ToStringHelper.class]
   Migrated class [com.google.common.base.MoreObjects.class]
   Migrated class [com.google.common.base.NullnessCasts.class]
   Migrated class [com.google.common.base.Objects.class]
   Migrated class [com.google.common.base.Optional$1$1.class]
   Migrated class [com.google.common.base.Optional.class]
   Migrated class [com.google.common.base.PairwiseEquivalence.class]
   Migrated class [com.google.common.base.ParametricNullness.class]
   Migrated class [com.google.common.base.Platform.class]
   Migrated class [com.google.common.base.Preconditions.class]
   Migrated class [com.google.common.base.Predicate.class]
   Migrated class [com.google.common.base.Predicates$AndPredicate.class]
   Migrated class [com.google.common.base.Predicates$CompositionPredicate.class]
   Migrated class 
[com.google.common.base.Predicates$ContainsPatternPredicate.class]
   Migrated class [com.google.common.base.Predicates$InPredicate.class]
   Migrated class [com.google.common.base.Predicates$InstanceOfPredicate.class]
   Migrated class [com.google.common.base.Predicates$IsEqualToPredicate.class]
   Migrated class [com.google.common.base.Predicates$NotPredicate.class]
   Migrated class [com.google.common.base.Predicates$ObjectPredicate$1.class]
   Migrated class [com.google.common.base.Predicates$ObjectPredicate$2.class]
   Migrated class [com.google.common.base.Predicates$ObjectPredicate$3.class]
   Migrated class 

[GitHub] [tomcat] tianshuang opened a new pull request, #562: Remove unnecessary -1 predicate because write will not return -1 unless NioChannel is CLOSED_NIO_CHANNEL

[GitBox]

tianshuang opened a new pull request, #562:
URL: https://github.com/apache/tomcat/pull/562

   The following are the low-level implementations of the Solaris platform, 
other platforms are similar:
   
   
[Java_sun_nio_ch_DatagramDispatcher_write0](https://github.com/openjdk/jdk/blob/jdk8-b120/jdk/src/solaris/native/sun/nio/ch/DatagramDispatcher.c#L82-L94):
   
   ```c
   JNIEXPORT jint JNICALL
   Java_sun_nio_ch_DatagramDispatcher_write0(JNIEnv *env, jclass clazz,
 jobject fdo, jlong address, jint len)
   {
   jint fd = fdval(env, fdo);
   void *buf = (void *)jlong_to_ptr(address);
   int result = send(fd, buf, len, 0);
   if (result < 0 && errno == ECONNREFUSED) {
   JNU_ThrowByName(env, JNU_JAVANETPKG "PortUnreachableException", 0);
   return -2;
   }
   return convertReturnVal(env, result, JNI_FALSE);
   }
   ```
   
   
[Java_sun_nio_ch_FileDispatcherImpl_write0](https://github.com/openjdk/jdk/blob/jdk8-b120/jdk/src/solaris/native/sun/nio/ch/FileDispatcherImpl.c#L100-L108):
   
   ```c
   JNIEXPORT jint JNICALL
   Java_sun_nio_ch_FileDispatcherImpl_write0(JNIEnv *env, jclass clazz,
 jobject fdo, jlong address, jint len)
   {
   jint fd = fdval(env, fdo);
   void *buf = (void *)jlong_to_ptr(address);
   
   return convertReturnVal(env, write(fd, buf, len), JNI_FALSE);
   }
   ```
   
   
[convertReturnVal](https://github.com/openjdk/jdk/blob/jdk8-b120/jdk/src/solaris/native/sun/nio/ch/IOUtil.c#L149-L172):
   
   ```c
   /* Declared in nio_util.h for use elsewhere in NIO */
   
   jint
   convertReturnVal(JNIEnv *env, jint n, jboolean reading)
   {
   if (n > 0) /* Number of bytes written */
   return n;
   else if (n == 0) {
   if (reading) {
   return IOS_EOF; /* EOF is -1 in javaland */
   } else {
   return 0;
   }
   }
   else if (errno == EAGAIN)
   return IOS_UNAVAILABLE;
   else if (errno == EINTR)
   return IOS_INTERRUPTED;
   else {
   const char *msg = reading ? "Read failed" : "Write failed";
   JNU_ThrowIOExceptionWithLastError(env, msg);
   return IOS_THROWN;
   }
   }
   ```
   
   In fact, it is only possible to return -1 when `read` is called, indicating 
that the end of the channel stream has been reached.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] rmaucher commented on pull request #36: Improve composability when using from other tools

[GitBox]

rmaucher commented on PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#issuecomment-1291700768

   Tested with the examples webapp from Tomcat 9 and verified that it is a bit 
faster (about 20% for this one).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] aooohan closed pull request #36: Improve composability when using from other tools

[GitBox]

aooohan closed pull request #36: Improve composability when using from other 
tools
URL: https://github.com/apache/tomcat-jakartaee-migration/pull/36


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] aooohan commented on pull request #36: Improve composability when using from other tools

[GitBox]

aooohan commented on PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#issuecomment-1291681450

   Merge manually, thanks for the PR. ;)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on pull request #36: Improve composability when using from other tools

[GitBox]

DanielThomas commented on PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#issuecomment-1291438441

   Awesome, thanks much for the feedback! It's a much better PR for it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on a diff in pull request #36: Improve composability when using from other tools

[GitBox]

DanielThomas commented on code in PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#discussion_r1005164436


##
src/main/java/org/apache/tomcat/jakartaee/ManifestConverter.java:
##
@@ -48,20 +48,16 @@ public boolean accepts(String filename) {
 }
 
 @Override
-public void convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
+public boolean convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
 Manifest srcManifest = new Manifest(src);
 Manifest destManifest = new Manifest(srcManifest);
 
-boolean result = false;
-
-result = result | removeSignatures(destManifest);
+boolean result = removeSignatures(destManifest);
 result = result | updateValues(destManifest, profile);
 
-if (result) {
-destManifest.write(dest);
-} else {
-srcManifest.write(dest);

Review Comment:
   Pushed a new commit which should hopefully address these concerns: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36/commits/136c537e1e9d0274261d8749fe3a6747f6a9dc3c.
   
   To clarify, the intention of `hasConverted` is not to indicate that no 
changes were made, but that the source can be used and satisfy the selected 
profile. Manifests still get modified, zip version compatibility changes, file 
attributes are dropped, etc., that's unavoidable with the current 
implementation. That makes it impossible to tell if you need to use a 
destination file, which is why `hasConverted` exists.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on a diff in pull request #36: Improve composability when using from other tools

[GitBox]

DanielThomas commented on code in PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#discussion_r1005164436


##
src/main/java/org/apache/tomcat/jakartaee/ManifestConverter.java:
##
@@ -48,20 +48,16 @@ public boolean accepts(String filename) {
 }
 
 @Override
-public void convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
+public boolean convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
 Manifest srcManifest = new Manifest(src);
 Manifest destManifest = new Manifest(srcManifest);
 
-boolean result = false;
-
-result = result | removeSignatures(destManifest);
+boolean result = removeSignatures(destManifest);
 result = result | updateValues(destManifest, profile);
 
-if (result) {
-destManifest.write(dest);
-} else {
-srcManifest.write(dest);

Review Comment:
   Pushed a new commit which should hopefully address these concerns: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36/commits/136c537e1e9d0274261d8749fe3a6747f6a9dc3c.
   
   To clarify, the intention of `hasConverted` is not to indicate that no 
changes were made, but that the source can be used and satisfy the selected 
profile. Manifests still get modified, zip version compatibility changes, file 
attributes are dropped, etc., that's unavoidable with the current 
implementation, which makes it impossible to tell if you need to use a 
destination file, which is why `hasConverted` needs to exist.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on a diff in pull request #36: Improve composability when using from other tools

[GitBox]

DanielThomas commented on code in PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#discussion_r1005164436


##
src/main/java/org/apache/tomcat/jakartaee/ManifestConverter.java:
##
@@ -48,20 +48,16 @@ public boolean accepts(String filename) {
 }
 
 @Override
-public void convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
+public boolean convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
 Manifest srcManifest = new Manifest(src);
 Manifest destManifest = new Manifest(srcManifest);
 
-boolean result = false;
-
-result = result | removeSignatures(destManifest);
+boolean result = removeSignatures(destManifest);
 result = result | updateValues(destManifest, profile);
 
-if (result) {
-destManifest.write(dest);
-} else {
-srcManifest.write(dest);

Review Comment:
   Pushed a new commit which should hopefully address these concerns: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36/commits/136c537e1e9d0274261d8749fe3a6747f6a9dc3c.
   
   To clarify, the intention of `hasConverted` is not to indicate that no 
changes were made, but that the source can be used and satisfy the selected 
profile. Manifests still get modified, zip version compatibility changes, file 
attributes are dropped, etc., that's unavoidable with the current 
implementation.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on a diff in pull request #36: Improve composability when using from other tools

[GitBox]

DanielThomas commented on code in PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#discussion_r1005164436


##
src/main/java/org/apache/tomcat/jakartaee/ManifestConverter.java:
##
@@ -48,20 +48,16 @@ public boolean accepts(String filename) {
 }
 
 @Override
-public void convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
+public boolean convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
 Manifest srcManifest = new Manifest(src);
 Manifest destManifest = new Manifest(srcManifest);
 
-boolean result = false;
-
-result = result | removeSignatures(destManifest);
+boolean result = removeSignatures(destManifest);
 result = result | updateValues(destManifest, profile);
 
-if (result) {
-destManifest.write(dest);
-} else {
-srcManifest.write(dest);

Review Comment:
   Pushed a new commit which should address these concerns: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36/commits/136c537e1e9d0274261d8749fe3a6747f6a9dc3c.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on a diff in pull request #36: Improve composability when using from other tools

[GitBox]

DanielThomas commented on code in PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#discussion_r1005151612


##
src/main/java/org/apache/tomcat/jakartaee/ManifestConverter.java:
##
@@ -48,20 +48,16 @@ public boolean accepts(String filename) {
 }
 
 @Override
-public void convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
+public boolean convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
 Manifest srcManifest = new Manifest(src);
 Manifest destManifest = new Manifest(srcManifest);
 
-boolean result = false;
-
-result = result | removeSignatures(destManifest);
+boolean result = removeSignatures(destManifest);
 result = result | updateValues(destManifest, profile);
 
-if (result) {
-destManifest.write(dest);
-} else {
-srcManifest.write(dest);

Review Comment:
   > some jars are converted, some are not, but information for the unconverted 
jars is changed
   
   `Attributes` is a `HashMap` so in many cases, reading and writing the 
manifest in this way is causing the key order to change, which is why I 
switched to always writing `destManifest`. If the intention was to write the 
manifest unchanged, we'd write the original bytes instead, and use another way 
to determine if only implementation version was changed for the conversion 
return value.
   
   Edit: In fact, I'll do just that and it occurs to me that signatures should 
get the same handling. Let me get another commit up and see what you think.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on a diff in pull request #36: Improve composability when using from other tools

[GitBox]

DanielThomas commented on code in PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#discussion_r1005151612


##
src/main/java/org/apache/tomcat/jakartaee/ManifestConverter.java:
##
@@ -48,20 +48,16 @@ public boolean accepts(String filename) {
 }
 
 @Override
-public void convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
+public boolean convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
 Manifest srcManifest = new Manifest(src);
 Manifest destManifest = new Manifest(srcManifest);
 
-boolean result = false;
-
-result = result | removeSignatures(destManifest);
+boolean result = removeSignatures(destManifest);
 result = result | updateValues(destManifest, profile);
 
-if (result) {
-destManifest.write(dest);
-} else {
-srcManifest.write(dest);

Review Comment:
   > some jars are converted, some are not, but information for the unconverted 
jars is changed
   
   `Attributes` is a `HashMap` so in many cases, reading and writing the 
manifest in this way is causing the key order to change, which is why I 
switched to always writing `destManifest`. If the intention was to write the 
manifest unchanged, we'd write the original bytes instead, and use another way 
to determine if only implementation version was changed for the conversion 
return value.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on a diff in pull request #36: Improve composability when using from other tools

[GitBox]

DanielThomas commented on code in PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#discussion_r1005151612


##
src/main/java/org/apache/tomcat/jakartaee/ManifestConverter.java:
##
@@ -48,20 +48,16 @@ public boolean accepts(String filename) {
 }
 
 @Override
-public void convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
+public boolean convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
 Manifest srcManifest = new Manifest(src);
 Manifest destManifest = new Manifest(srcManifest);
 
-boolean result = false;
-
-result = result | removeSignatures(destManifest);
+boolean result = removeSignatures(destManifest);
 result = result | updateValues(destManifest, profile);
 
-if (result) {
-destManifest.write(dest);
-} else {
-srcManifest.write(dest);

Review Comment:
   > some jars are converted, some are not, but information for the unconverted 
jars is changed
   
   `Attributes` is a `HashMap` so many cases, reading and writing the manifest 
in this way is causing the key order to change, which is why I switched to 
always writing `destManifest`. If the intention was to write the manifest 
unchanged, we'd write original bytes instead, and use another way to determine 
if only implementation version was changed for the conversion return value.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on a diff in pull request #36: Improve composability when using from other tools

[GitBox]

DanielThomas commented on code in PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#discussion_r1005151612


##
src/main/java/org/apache/tomcat/jakartaee/ManifestConverter.java:
##
@@ -48,20 +48,16 @@ public boolean accepts(String filename) {
 }
 
 @Override
-public void convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
+public boolean convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
 Manifest srcManifest = new Manifest(src);
 Manifest destManifest = new Manifest(srcManifest);
 
-boolean result = false;
-
-result = result | removeSignatures(destManifest);
+boolean result = removeSignatures(destManifest);
 result = result | updateValues(destManifest, profile);
 
-if (result) {
-destManifest.write(dest);
-} else {
-srcManifest.write(dest);

Review Comment:
   > some jars are converted, some are not, but information for the unconverted 
jars is changed
   
   `Attributes` is a `HashMap` so in the majority of cases, reading and writing 
the manifest in this way is causing the key order to change, which is why I 
switched to always writing `destManifest`. If the intention was to write the 
manifest unchanged, we'd write original bytes instead, and use another way to 
determine if only implementation version was changed for the conversion return 
value.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] aooohan commented on a diff in pull request #36: Improve composability when using from other tools

[GitBox]

aooohan commented on code in PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#discussion_r1005142148


##
src/main/java/org/apache/tomcat/jakartaee/ManifestConverter.java:
##
@@ -48,20 +48,16 @@ public boolean accepts(String filename) {
 }
 
 @Override
-public void convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
+public boolean convert(String path, InputStream src, OutputStream dest, 
EESpecProfile profile) throws IOException {
 Manifest srcManifest = new Manifest(src);
 Manifest destManifest = new Manifest(srcManifest);
 
-boolean result = false;
-
-result = result | removeSignatures(destManifest);
+boolean result = removeSignatures(destManifest);
 result = result | updateValues(destManifest, profile);
 
-if (result) {
-destManifest.write(dest);
-} else {
-srcManifest.write(dest);

Review Comment:
   Here it is still necessary to revert, as the conversion is fine for the 
specified jar, but for directory migration via the migrator, the manifest of 
some jars here will be affected(some jars are converted, some are not, but 
information for the unconverted jars is changed), even if the jar is not 
converted.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on a diff in pull request #36: Improve composability when using from other tools

[GitBox]

DanielThomas commented on code in PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#discussion_r1005100601


##
src/main/java/org/apache/tomcat/jakartaee/ManifestConverter.java:
##
@@ -112,7 +107,7 @@ private boolean updateValues(Attributes attributes, 
EESpecProfile profile) {
 if (attributes.containsKey(Attributes.Name.IMPLEMENTATION_VERSION)) {
 String newValue = 
attributes.get(Attributes.Name.IMPLEMENTATION_VERSION) + "-" + 
Info.getVersion();
 attributes.put(Attributes.Name.IMPLEMENTATION_VERSION, newValue);
-result = true;
+// Purposefully avoid setting result

Review Comment:
   This is metadata and would cause every file with an implementation version 
attribute (which is practically everything) to be considered converted, even if 
no interesting conversions took place. The destination manifest is written 
regardless with this change, so this doesn't prevent the updated implementation 
version from hitting the destination file. Omitting this is what allows 
`hasConverted()` to work.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on a diff in pull request #36: Improve composability when using from other tools

[GitBox]

DanielThomas commented on code in PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#discussion_r1005100601


##
src/main/java/org/apache/tomcat/jakartaee/ManifestConverter.java:
##
@@ -112,7 +107,7 @@ private boolean updateValues(Attributes attributes, 
EESpecProfile profile) {
 if (attributes.containsKey(Attributes.Name.IMPLEMENTATION_VERSION)) {
 String newValue = 
attributes.get(Attributes.Name.IMPLEMENTATION_VERSION) + "-" + 
Info.getVersion();
 attributes.put(Attributes.Name.IMPLEMENTATION_VERSION, newValue);
-result = true;
+// Purposefully avoid setting result

Review Comment:
   This is metadata and would cause every file to be considered converted, even 
if no interesting conversions took place. The destination manifest is written 
regardless with this change, so this doesn't prevent the updated implementation 
version from hitting the destination file. Omitting this is what allows 
`hasConverted()` to work.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] DanielThomas commented on a diff in pull request #36: Improve composability when using from other tools

[GitBox]

DanielThomas commented on code in PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#discussion_r1005100601


##
src/main/java/org/apache/tomcat/jakartaee/ManifestConverter.java:
##
@@ -112,7 +107,7 @@ private boolean updateValues(Attributes attributes, 
EESpecProfile profile) {
 if (attributes.containsKey(Attributes.Name.IMPLEMENTATION_VERSION)) {
 String newValue = 
attributes.get(Attributes.Name.IMPLEMENTATION_VERSION) + "-" + 
Info.getVersion();
 attributes.put(Attributes.Name.IMPLEMENTATION_VERSION, newValue);
-result = true;
+// Purposefully avoid setting result

Review Comment:
   This is metadata and would cause every file to be considered converted, even 
if no interesting conversions took place. The destination manifest is written 
regardless with this change. Omitting this is what allows `hasConverted()` to 
work.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat-jakartaee-migration] rmaucher commented on pull request #36: Improve composability when using from other tools

[GitBox]

rmaucher commented on PR #36:
URL: 
https://github.com/apache/tomcat-jakartaee-migration/pull/36#issuecomment-1290577491

   This looks like a very good improvement overall.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org