Apache
/
maven
mirror of https://github.com/apache/maven.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,077 Commits 83 Branches 94 Tags 109 MiB
Commit Graph

15077 Commits

Author SHA1 Message Date
Guillaume Nodet 12b3dae3ce
Add CI cache (#1914) 
* Add cache for all steps
* Pass through the maven.repo.loca.tail property
 2024-11-17 15:50:32 +01:00
Tamas Cservenak ab7d766c72
Exception usage cleanup (#1910) 
This is just a cleanup of exception usage (by making them checked, fixing compiler issues, and undoing the change). There are at least two bugs (runtime escapes) fixed in this PR.
 2024-11-16 21:36:20 +01:00
Guillaume Nodet c4834efdba
Move everything out of bootstrap (#1909) 2024-11-16 18:50:22 +01:00
Tamas Cservenak 1614226c68
[MNG-8379] Decrypt all of settings on building it (#1913) 
The decryption should happen transparently, also, resolver should not decrypt for itself only, whole maven should have access to all.

This PR also disables Maven 3.0 IT MNG-4459 as Maven4 stops with this "security through obscurity" (keep encrypted pw in memory kinda for "security reasons" but in reality any mojo or extension can decrypt anything they want).

---

https://issues.apache.org/jira/browse/MNG-8379
 2024-11-16 14:55:43 +01:00
Guillaume Nodet 4b0dd4362a
Cleanup file access and assertions in ITs (#1912) 2024-11-15 13:08:33 +01:00
Guillaume Nodet a14732597b
[MNG-8336] Only inject plugins information if requested (#1904) 2024-11-15 10:24:21 +01:00
Guillaume Nodet 46707e0f28
[MNG-8340] Resolve parent according to the exact model location (#1857) 2024-11-13 20:26:56 +01:00
Tamas Cservenak 903cf59b0b Add missing annotation 2024-11-13 17:00:46 +01:00
dependabot[bot] 11c235eafe
IT: Bump org.codehaus.plexus:plexus-component-annotations (#1878) 
Bumps [org.codehaus.plexus:plexus-component-annotations](https://github.com/codehaus-plexus/plexus-containers) from 2.1.1 to 2.2.0.
- [Release notes](https://github.com/codehaus-plexus/plexus-containers/releases)
- [Changelog](https://github.com/codehaus-plexus/plexus-containers/blob/master/ReleaseNotes.md)
- [Commits](https://github.com/codehaus-plexus/plexus-containers/compare/plexus-containers-2.1.1...plexus-containers-2.2.0)

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-component-annotations
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-13 16:02:14 +01:00
Tamas Cservenak f36f8e1bd6
IT: update archaic deps (#1903) 
This PR is based on dependabot PRs but they require code changes as well.

Based on:
* https://github.com/apache/maven/pull/1895
* https://github.com/apache/maven/pull/1889
 2024-11-13 16:00:55 +01:00
P. Ottlinger 4b18bfb9a8
[MNG-8372] Augment error message to give users more context when running into deprecated encryption warning (#1898) 
Augment error message to give users more context when running into deprecated encryption warning

---

https://issues.apache.org/jira/browse/MNG-8372
 2024-11-13 15:15:57 +01:00
Tamas Cservenak a67d2746af
[MNG-8375] CLIng diet (#1897) 
First part was to "reverse" MavenCli into CLIng, that also became a huge and complex beast. Now, sanitization comes, tearing down unneeded stuff. CLIng should be simple and straightforward.

Now the **invoker** fully parses args, creates Maven instance (ie. local, using Maven components on classpath) and invokes Maven. The new **executor** in turn does NOT fully parses args and is logical equivalent of maven-invoker.

Changes:
* radically simplify CLIng existing classes (and especially API - the fact we have "local", "resident" etc invoker is actually implementation detail).
* introduce "executor", a "lower level" tool that does not parse args (and is logical equivalent of maven-invoker) and support Maven 4.x and Maven 3.x.

---

https://issues.apache.org/jira/browse/MNG-8375
 2024-11-13 15:14:56 +01:00
dependabot[bot] c7effeb15c
IT: Bump org.codehaus.plexus:plexus-velocity from 1.1.7 to 2.2.0 (#1901) 
Bumps [org.codehaus.plexus:plexus-velocity](https://github.com/codehaus-plexus/plexus-velocity) from 1.1.7 to 2.2.0.
- [Release notes](https://github.com/codehaus-plexus/plexus-velocity/releases)
- [Commits](https://github.com/codehaus-plexus/plexus-velocity/commits/plexus-velocity-2.2.0)

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-velocity
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-13 10:51:39 +01:00
dependabot[bot] d0cdd8c13e
IT: Bump commons-io:commons-io from 2.14.0 to 2.17.0 (#1899) 
Bumps commons-io:commons-io from 2.14.0 to 2.17.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-12 20:35:16 +01:00
dependabot[bot] 49482c53fc
IT: Bump org.hamcrest:hamcrest from 2.2 to 3.0 (#1900) 
Bumps [org.hamcrest:hamcrest](https://github.com/hamcrest/JavaHamcrest) from 2.2 to 3.0.
- [Release notes](https://github.com/hamcrest/JavaHamcrest/releases)
- [Changelog](https://github.com/hamcrest/JavaHamcrest/blob/master/CHANGES.md)
- [Commits](https://github.com/hamcrest/JavaHamcrest/compare/v2.2...v3.0)

---
updated-dependencies:
- dependency-name: org.hamcrest:hamcrest
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-12 20:35:01 +01:00
dependabot[bot] de4bba8787
IT: Bump org.junit.jupiter:junit-jupiter from 5.8.0 to 5.11.3 (#1894) 
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.8.0 to 5.11.3.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.8.0...r5.11.3)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-11 12:10:52 +01:00
dependabot[bot] 0752547314
IT: Bump org.apache.maven.shared:maven-shared-utils from 0.9 to 3.4.2 (#1896) 
Bumps [org.apache.maven.shared:maven-shared-utils](https://github.com/apache/maven-shared-utils) from 0.9 to 3.4.2.
- [Release notes](https://github.com/apache/maven-shared-utils/releases)
- [Commits](https://github.com/apache/maven-shared-utils/compare/maven-shared-utils-0.9...maven-shared-utils-3.4.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.shared:maven-shared-utils
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-11 12:10:32 +01:00
dependabot[bot] 8dcee59138
IT: Bump log4j:log4j from 1.2.14 to 1.2.17 (#1890) 
Bumps log4j:log4j from 1.2.14 to 1.2.17.

---
updated-dependencies:
- dependency-name: log4j:log4j
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-08 09:51:42 +01:00
dependabot[bot] 5be30376e9
IT: Bump org.codehaus.plexus:plexus-container-default (#1891) 
Bumps org.codehaus.plexus:plexus-container-default from 1.0-alpha-9 to 2.1.1.

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-container-default
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-08 09:51:32 +01:00
dependabot[bot] e65819388f
IT: Bump junit:junit from 3.8.1 to 4.13.2 (#1892) 
Bumps [junit:junit](https://github.com/junit-team/junit4) from 3.8.1 to 4.13.2.
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.2.md)
- [Commits](https://github.com/junit-team/junit4/commits/r4.13.2)

---
updated-dependencies:
- dependency-name: junit:junit
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-08 09:51:22 +01:00
Tamas Cservenak 4f79f2d876
[MNG-8332] Detach CLIng from deprecated Embedder (#1882) 
Detach maven-cli from maven-embedder (deprecated). Basically, classes are copied from embedder to cli, while embedder points to old classes and cli to new classes. **One important exception is logging**: the classes are _moved_ to cli, and embedder modified to use those classes (and dependency reversed: embedder now depends on cli). Reason is Verifier, that still calls into "hack method" of deprecated MavenCli, and then without logging classes move would explode due casting.

---

https://issues.apache.org/jira/browse/MNG-8332
 2024-11-08 09:49:11 +01:00
Tamas Cservenak 37b8a62bd5
IT fix: Drop ancient reporting, use latest (#1887) 
Attempt to stop ITs pulling in ancient (and vulnerable) deps.
 2024-11-07 17:41:37 +01:00
Tamas Cservenak 457bb8e000
CLIng: finish TODO (#1888) 
Also clear up javadoc.
 2024-11-07 17:41:13 +01:00
Tamas Cservenak a836e898b0
IT: cleanup (#1886) 
Yet another round

Changes:
* get rid of Guava (2 classes affected)
* align dependencies
* align plugins
 2024-11-07 12:43:46 +01:00
Tamas Cservenak 1ab2ccf066
Add maven.repo.local.head (#1881) 
As counterpart to maven.repo.local.tail, but this one "prepends" while other "appends". This means one can do like this

```
$ mvn install -Prun-its -Dmaven.repo.local.head=~/.m2/repository-it
```

And have stuff installed into dedicated IT local repo (as IT bits must be installed), instead to pollute own local repo.

---

https://issues.apache.org/jira/browse/MNG-8370
 2024-11-07 11:14:15 +01:00
Tamas Cservenak 1b3a3575ca
IT: Ant update (#1879) 
Dependabot missed that it needs several deps updated
at once.
 2024-11-06 14:36:32 +01:00
dependabot[bot] 0da78176d7
Bump org.codehaus.plexus:plexus-utils (#1867) 
Bumps [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils) from 1.1 to 3.0.24.
- [Release notes](https://github.com/codehaus-plexus/plexus-utils/releases)
- [Commits](https://github.com/codehaus-plexus/plexus-utils/commits/plexus-utils-3.0.24)

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-utils
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 14:00:02 +01:00
dependabot[bot] e9f5a1fd4a
Bump commons-io:commons-io (#1868) 
Bumps commons-io:commons-io from 1.4 to 2.14.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 13:59:53 +01:00
dependabot[bot] 1ff134ecc3
Bump org.apache.maven.shared:maven-shared-utils (#1869) 
Bumps [org.apache.maven.shared:maven-shared-utils](https://github.com/apache/maven-shared-utils) from 0.1 to 3.3.3.
- [Release notes](https://github.com/apache/maven-shared-utils/releases)
- [Commits](https://github.com/apache/maven-shared-utils/compare/maven-shared-utils-0.1...maven-shared-utils-3.3.3)

---
updated-dependencies:
- dependency-name: org.apache.maven.shared:maven-shared-utils
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 13:59:31 +01:00
dependabot[bot] fe35d034ef
Bump org.apache.maven:maven-core (#1871) 
Bumps org.apache.maven:maven-core from 3.6.0 to 3.8.1.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-core
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 13:59:07 +01:00
dependabot[bot] 8f2ef8ebe1
Bump org.eclipse.jetty:jetty-server in /its/core-it-suite (#1872) 
Bumps org.eclipse.jetty:jetty-server from 9.4.53.v20231009 to 9.4.55.v20240627.

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 13:58:58 +01:00
dependabot[bot] aa863a93a6
Bump org.ow2.asm:asm from 7.3.1 to 9.7.1 (#1875) 
Bumps org.ow2.asm:asm from 7.3.1 to 9.7.1.

---
updated-dependencies:
- dependency-name: org.ow2.asm:asm
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 13:58:49 +01:00
dependabot[bot] fb43bde8a2
Bump org.apache.maven.plugins:maven-scm-publish-plugin from 1.1 to 3.3.0 (#1876) 
Bumps [org.apache.maven.plugins:maven-scm-publish-plugin](https://github.com/apache/maven-scm-publish-plugin) from 1.1 to 3.3.0.
- [Commits](https://github.com/apache/maven-scm-publish-plugin/compare/maven-scm-publish-plugin-1.1...maven-scm-publish-plugin-3.3.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-scm-publish-plugin
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 13:58:36 +01:00
dependabot[bot] 7c0181db09
Bump org.apache.maven:maven-archiver from 3.6.0 to 3.6.3 (#1877) 
Bumps [org.apache.maven:maven-archiver](https://github.com/apache/maven-archiver) from 3.6.0 to 3.6.3.
- [Release notes](https://github.com/apache/maven-archiver/releases)
- [Commits](https://github.com/apache/maven-archiver/compare/maven-archiver-3.6.0...maven-archiver-3.6.3)

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-archiver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 13:58:28 +01:00
Tamas Cservenak dfd5ec5f85
[MNG-8362] Adding some missing config properties (#1861) 
To have them listed in generated docs, as they were forgotten.
Also, adding a "compat" support for Maven 3.9.x property for chained reposes.

---

https://issues.apache.org/jira/browse/MNG-8362
 2024-11-05 17:06:57 +01:00
Guillaume Nodet 62c94d123c
[MNG-8368] Fix dependency resolver not using project repositories (#1865) 2024-11-05 17:01:08 +01:00
Guillaume Nodet 51123f3abc
Remove unused class (#1866) 2024-11-05 17:00:23 +01:00
Guillaume Nodet 75258afcc6 Integrate into maven's build 2024-11-05 16:56:49 +01:00
Guillaume Nodet 4270e7883f Simplify hocon IT to not rely on a complex parent POM 2024-11-05 16:56:46 +01:00
Guillaume Nodet 2f8f380da9 Merge remote-tracking branch 'its/master' into merge-its 2024-11-05 16:56:27 +01:00
dependabot[bot] 32e67f83c2
[MNG-8366] Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 (#1859) 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.11 to 1.5.12.
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.11...v_1.5.12)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---

https://issues.apache.org/jira/browse/MNG-8366
 2024-11-05 15:48:04 +01:00
dependabot[bot] 39eed0cad5
[MNG-8365] Bump net.bytebuddy:byte-buddy from 1.15.7 to 1.15.10 (#1863) 
Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.15.7 to 1.15.10.
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.15.7...byte-buddy-1.15.10)

---
updated-dependencies:
- dependency-name: net.bytebuddy:byte-buddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---

https://issues.apache.org/jira/browse/MNG-8365
 2024-11-05 15:47:03 +01:00
Guillaume Nodet 8005826df7 [MNG-8361] Fix typo in color styles 2024-11-02 10:29:52 +01:00
Tamas Cservenak 4e1152f047
Drop staging repository for Resolver 2.0.3 (#1860) 
It was released.
 2024-11-01 14:16:16 +01:00
Tamas Cservenak f8cba5dc27 Redirect master to Resolver 2.0.3, respin 1 2024-10-29 10:41:19 +01:00
Tamas Cservenak 9e62984ae3 [MNG-8347] Additional tests (#398) 
Add additional cases as original test is not the full story.
Make sure tree is same even if pushed down a level (in Maven3 is not)

---

https://issues.apache.org/jira/browse/MNG-8347
 2024-10-29 10:00:06 +01:00
Guillaume Nodet 2a6fc5ab67
[MNG-8329] ArtifactInstallerRequest and ArtifactDeployerRequest should use Collection<ProducedArtifact> (#1836) 2024-10-25 18:43:07 +02:00
Guillaume Nodet 227b13a900
Remove unused files (#1854) 2024-10-25 17:35:25 +02:00
Guillaume Nodet c0866ec067
[MNG-8360] Fix parent profiles not reported as activated (#1852) 2024-10-25 17:34:15 +02:00
Guillaume Nodet 216c16c4b3 [MNG-8360] IT for subproject profile activation (#396) 2024-10-25 17:33:53 +02:00