Historically (from Maven3) "problem collection" (in various scenarios, like building effective settings and toolchains, to building models) were done by passing around `List<Problem>` structure. This proved quite ineffective, as in case of (really) huge projects with quite big count of problems reported choked Maven (but also produced unusable output). We are aware of projects producing 3 million warnings! Dumping all of them onto console/log makes really no sense.
This PR changes Maven that by default it reports "problems" (settings building, toolchains building, or model building) as one liner warnings: how much and where were problems collected. This produces much more less overwhelming output than happens on master. User can control "build errors" using `-e`, so `mvn -e` will dump errors on screen/log.
The new `org.apache.maven.api.services.ProblemCollector<P>` class, that is somewhat "drop in" replacement for `List`, but with huge difference: it is "lossy", in a way, it maintains counters precisely, but actual problem instances are simply dropped after threshold `maven.builder.maxProblems` is surpassed (default 100). See `org.apache.maven.api.Constants#MAVEN_BUILDER_MAX_PROBLEMS`.
Rules:
* on problem addition counters are always updated
* if below threshold, store the problem (and will be reported later to the user)
* if above threshold, try to drop one problem with severity lower than currently reported problem, if succeeded, store the current problem, otherwise drop it
---
https://issues.apache.org/jira/browse/MNG-8447
Toned down the Maven4 sec dispatcher messages. Also, IF maven3 passwords detected AND there was `.mvn/extensions.xml` the warnings were doubled.
Examples:
Failure to start Maven (due non-decryptable passwords):
```
$ mvn clean
[ERROR] Error executing Maven.
[ERROR] Error building settings
* FATAL: Could not decrypt password (fix the corrupted password or remove it, if unused) {xL6L/HbmrY++sNkphnq3fguYepTpM04WlIXb8nB1pk=}
* WARNING: Detected 2 pre-Maven 4 legacy encrypted password(s) - configure password encryption with the help of mvnenc for increased security.
$
```
Warning at start (due Maven3 passwords):
```
$ mvn clean
[INFO]
[INFO] Some problems were encountered while building the effective settings (use -X to see details)
[INFO]
[INFO] Scanning for projects...
[INFO] --------------------------------------------------------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Apache Maven
...
```
---
https://issues.apache.org/jira/browse/MNG-8424https://issues.apache.org/jira/browse/MNG-8419
* [MNG-8388] Fix escape characters being replaced to change the original configuration
Signed-off-by: crazyhzm <crazyhzm@apache.org>
* Add unit test
---------
Signed-off-by: crazyhzm <crazyhzm@apache.org>
Co-authored-by: Guillaume Nodet <gnodet@gmail.com>
And make use of it in CLIng. Also, move from "late" Resolver session factory to "early" CLIng invocation of `PropertyContributor` SPI and make contribution visible across whole Maven, not only Resolver.
---
https://issues.apache.org/jira/browse/MNG-8385
This is just a cleanup of exception usage (by making them checked, fixing compiler issues, and undoing the change). There are at least two bugs (runtime escapes) fixed in this PR.
The decryption should happen transparently, also, resolver should not decrypt for itself only, whole maven should have access to all.
This PR also disables Maven 3.0 IT MNG-4459 as Maven4 stops with this "security through obscurity" (keep encrypted pw in memory kinda for "security reasons" but in reality any mojo or extension can decrypt anything they want).
---
https://issues.apache.org/jira/browse/MNG-8379
To have them listed in generated docs, as they were forgotten.
Also, adding a "compat" support for Maven 3.9.x property for chained reposes.
---
https://issues.apache.org/jira/browse/MNG-8362
Tamas Cservenak
Guillaume Nodet
Jermaine Hua