Apache
/
maven
mirror of https://github.com/apache/maven.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,077 Commits 83 Branches 94 Tags 109 MiB
Commit Graph

2566 Commits

Author SHA1 Message Date
Guillaume Nodet 12b3dae3ce
Add CI cache (#1914) 
* Add cache for all steps
* Pass through the maven.repo.loca.tail property
 2024-11-17 15:50:32 +01:00
Guillaume Nodet c4834efdba
Move everything out of bootstrap (#1909) 2024-11-16 18:50:22 +01:00
Tamas Cservenak 1614226c68
[MNG-8379] Decrypt all of settings on building it (#1913) 
The decryption should happen transparently, also, resolver should not decrypt for itself only, whole maven should have access to all.

This PR also disables Maven 3.0 IT MNG-4459 as Maven4 stops with this "security through obscurity" (keep encrypted pw in memory kinda for "security reasons" but in reality any mojo or extension can decrypt anything they want).

---

https://issues.apache.org/jira/browse/MNG-8379
 2024-11-16 14:55:43 +01:00
Guillaume Nodet 4b0dd4362a
Cleanup file access and assertions in ITs (#1912) 2024-11-15 13:08:33 +01:00
Guillaume Nodet a14732597b
[MNG-8336] Only inject plugins information if requested (#1904) 2024-11-15 10:24:21 +01:00
Guillaume Nodet 46707e0f28
[MNG-8340] Resolve parent according to the exact model location (#1857) 2024-11-13 20:26:56 +01:00
dependabot[bot] 11c235eafe
IT: Bump org.codehaus.plexus:plexus-component-annotations (#1878) 
Bumps [org.codehaus.plexus:plexus-component-annotations](https://github.com/codehaus-plexus/plexus-containers) from 2.1.1 to 2.2.0.
- [Release notes](https://github.com/codehaus-plexus/plexus-containers/releases)
- [Changelog](https://github.com/codehaus-plexus/plexus-containers/blob/master/ReleaseNotes.md)
- [Commits](https://github.com/codehaus-plexus/plexus-containers/compare/plexus-containers-2.1.1...plexus-containers-2.2.0)

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-component-annotations
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-13 16:02:14 +01:00
Tamas Cservenak f36f8e1bd6
IT: update archaic deps (#1903) 
This PR is based on dependabot PRs but they require code changes as well.

Based on:
* https://github.com/apache/maven/pull/1895
* https://github.com/apache/maven/pull/1889
 2024-11-13 16:00:55 +01:00
P. Ottlinger 4b18bfb9a8
[MNG-8372] Augment error message to give users more context when running into deprecated encryption warning (#1898) 
Augment error message to give users more context when running into deprecated encryption warning

---

https://issues.apache.org/jira/browse/MNG-8372
 2024-11-13 15:15:57 +01:00
dependabot[bot] c7effeb15c
IT: Bump org.codehaus.plexus:plexus-velocity from 1.1.7 to 2.2.0 (#1901) 
Bumps [org.codehaus.plexus:plexus-velocity](https://github.com/codehaus-plexus/plexus-velocity) from 1.1.7 to 2.2.0.
- [Release notes](https://github.com/codehaus-plexus/plexus-velocity/releases)
- [Commits](https://github.com/codehaus-plexus/plexus-velocity/commits/plexus-velocity-2.2.0)

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-velocity
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-13 10:51:39 +01:00
dependabot[bot] d0cdd8c13e
IT: Bump commons-io:commons-io from 2.14.0 to 2.17.0 (#1899) 
Bumps commons-io:commons-io from 2.14.0 to 2.17.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-12 20:35:16 +01:00
dependabot[bot] 49482c53fc
IT: Bump org.hamcrest:hamcrest from 2.2 to 3.0 (#1900) 
Bumps [org.hamcrest:hamcrest](https://github.com/hamcrest/JavaHamcrest) from 2.2 to 3.0.
- [Release notes](https://github.com/hamcrest/JavaHamcrest/releases)
- [Changelog](https://github.com/hamcrest/JavaHamcrest/blob/master/CHANGES.md)
- [Commits](https://github.com/hamcrest/JavaHamcrest/compare/v2.2...v3.0)

---
updated-dependencies:
- dependency-name: org.hamcrest:hamcrest
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-12 20:35:01 +01:00
dependabot[bot] de4bba8787
IT: Bump org.junit.jupiter:junit-jupiter from 5.8.0 to 5.11.3 (#1894) 
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.8.0 to 5.11.3.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.8.0...r5.11.3)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-11 12:10:52 +01:00
dependabot[bot] 0752547314
IT: Bump org.apache.maven.shared:maven-shared-utils from 0.9 to 3.4.2 (#1896) 
Bumps [org.apache.maven.shared:maven-shared-utils](https://github.com/apache/maven-shared-utils) from 0.9 to 3.4.2.
- [Release notes](https://github.com/apache/maven-shared-utils/releases)
- [Commits](https://github.com/apache/maven-shared-utils/compare/maven-shared-utils-0.9...maven-shared-utils-3.4.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.shared:maven-shared-utils
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-11 12:10:32 +01:00
dependabot[bot] 8dcee59138
IT: Bump log4j:log4j from 1.2.14 to 1.2.17 (#1890) 
Bumps log4j:log4j from 1.2.14 to 1.2.17.

---
updated-dependencies:
- dependency-name: log4j:log4j
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-08 09:51:42 +01:00
dependabot[bot] 5be30376e9
IT: Bump org.codehaus.plexus:plexus-container-default (#1891) 
Bumps org.codehaus.plexus:plexus-container-default from 1.0-alpha-9 to 2.1.1.

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-container-default
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-08 09:51:32 +01:00
dependabot[bot] e65819388f
IT: Bump junit:junit from 3.8.1 to 4.13.2 (#1892) 
Bumps [junit:junit](https://github.com/junit-team/junit4) from 3.8.1 to 4.13.2.
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.2.md)
- [Commits](https://github.com/junit-team/junit4/commits/r4.13.2)

---
updated-dependencies:
- dependency-name: junit:junit
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-08 09:51:22 +01:00
Tamas Cservenak 37b8a62bd5
IT fix: Drop ancient reporting, use latest (#1887) 
Attempt to stop ITs pulling in ancient (and vulnerable) deps.
 2024-11-07 17:41:37 +01:00
Tamas Cservenak a836e898b0
IT: cleanup (#1886) 
Yet another round

Changes:
* get rid of Guava (2 classes affected)
* align dependencies
* align plugins
 2024-11-07 12:43:46 +01:00
Tamas Cservenak 1b3a3575ca
IT: Ant update (#1879) 
Dependabot missed that it needs several deps updated
at once.
 2024-11-06 14:36:32 +01:00
dependabot[bot] 0da78176d7
Bump org.codehaus.plexus:plexus-utils (#1867) 
Bumps [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils) from 1.1 to 3.0.24.
- [Release notes](https://github.com/codehaus-plexus/plexus-utils/releases)
- [Commits](https://github.com/codehaus-plexus/plexus-utils/commits/plexus-utils-3.0.24)

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-utils
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 14:00:02 +01:00
dependabot[bot] e9f5a1fd4a
Bump commons-io:commons-io (#1868) 
Bumps commons-io:commons-io from 1.4 to 2.14.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 13:59:53 +01:00
dependabot[bot] 1ff134ecc3
Bump org.apache.maven.shared:maven-shared-utils (#1869) 
Bumps [org.apache.maven.shared:maven-shared-utils](https://github.com/apache/maven-shared-utils) from 0.1 to 3.3.3.
- [Release notes](https://github.com/apache/maven-shared-utils/releases)
- [Commits](https://github.com/apache/maven-shared-utils/compare/maven-shared-utils-0.1...maven-shared-utils-3.3.3)

---
updated-dependencies:
- dependency-name: org.apache.maven.shared:maven-shared-utils
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 13:59:31 +01:00
dependabot[bot] fe35d034ef
Bump org.apache.maven:maven-core (#1871) 
Bumps org.apache.maven:maven-core from 3.6.0 to 3.8.1.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-core
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 13:59:07 +01:00
dependabot[bot] 8f2ef8ebe1
Bump org.eclipse.jetty:jetty-server in /its/core-it-suite (#1872) 
Bumps org.eclipse.jetty:jetty-server from 9.4.53.v20231009 to 9.4.55.v20240627.

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 13:58:58 +01:00
dependabot[bot] aa863a93a6
Bump org.ow2.asm:asm from 7.3.1 to 9.7.1 (#1875) 
Bumps org.ow2.asm:asm from 7.3.1 to 9.7.1.

---
updated-dependencies:
- dependency-name: org.ow2.asm:asm
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 13:58:49 +01:00
dependabot[bot] fb43bde8a2
Bump org.apache.maven.plugins:maven-scm-publish-plugin from 1.1 to 3.3.0 (#1876) 
Bumps [org.apache.maven.plugins:maven-scm-publish-plugin](https://github.com/apache/maven-scm-publish-plugin) from 1.1 to 3.3.0.
- [Commits](https://github.com/apache/maven-scm-publish-plugin/compare/maven-scm-publish-plugin-1.1...maven-scm-publish-plugin-3.3.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-scm-publish-plugin
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 13:58:36 +01:00
dependabot[bot] 7c0181db09
Bump org.apache.maven:maven-archiver from 3.6.0 to 3.6.3 (#1877) 
Bumps [org.apache.maven:maven-archiver](https://github.com/apache/maven-archiver) from 3.6.0 to 3.6.3.
- [Release notes](https://github.com/apache/maven-archiver/releases)
- [Commits](https://github.com/apache/maven-archiver/compare/maven-archiver-3.6.0...maven-archiver-3.6.3)

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-archiver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-06 13:58:28 +01:00
Guillaume Nodet 75258afcc6 Integrate into maven's build 2024-11-05 16:56:49 +01:00
Guillaume Nodet 4270e7883f Simplify hocon IT to not rely on a complex parent POM 2024-11-05 16:56:46 +01:00
Tamas Cservenak 9e62984ae3 [MNG-8347] Additional tests (#398) 
Add additional cases as original test is not the full story.
Make sure tree is same even if pushed down a level (in Maven3 is not)

---

https://issues.apache.org/jira/browse/MNG-8347
 2024-10-29 10:00:06 +01:00
Guillaume Nodet 216c16c4b3 [MNG-8360] IT for subproject profile activation (#396) 2024-10-25 17:33:53 +02:00
Tamas Cservenak 8dc7f3b990 [MNG-8347] IT for transitive dependency management (#395) 
Add IT for transitive dep management. The fix should come with updated Resolver 2.0.3

---

https://issues.apache.org/jira/browse/MNG-8347
 2024-10-25 15:38:54 +02:00
Guillaume Nodet 94049cd8c5 [MNG-8341] Add IT for deadlock during model building (#394) 2024-10-25 10:29:16 +02:00
Maarten Mulders fc444a4dec [MNG-8331] Demonstrate the problem with disappearing dependencies 
Closes 393.
 2024-10-19 19:53:52 +02:00
Guillaume Nodet 314e983f74 [MNG-8258] Change the fixed reproducible build outputTimestamp to 1 Feb 1980 (#392) 2024-10-17 16:52:40 +02:00
Guillaume Nodet d8f9b3f40b [MNG-8322] The EventSpy receives the new settings request/result (#391) 2024-10-17 11:25:42 +02:00
Guillaume Nodet eff246a5bf [MNG-8299] IT for custom lifecycle phase ordering (#389) 
Main PR: https://github.com/apache/maven/pull/1802

---

https://issues.apache.org/jira/browse/MNG-8299
 2024-10-16 16:19:22 +02:00
Guillaume Nodet d98fe8e9f0 [MNG-8295] Add IT for Dependency Manager Transitivity (#384) 
Co-authored-by: DidierLoiseau <didierloiseau+github@gmail.com>
 2024-10-15 14:25:54 +02:00
Guillaume Nodet 83f034d177 [MNG-8294] Consistency checks when loading parent (#383) 2024-10-09 13:07:21 +02:00
Guillaume Nodet 2ce2200086 [MNG-8293] [MNG-8288] Two new ITs and disable MNG-2196 IT (#382) 
* Two new ITs for MNG-8288 and MNG-8293

Both problems happens during reactor load up, so ITs code
is simple, just invoke "mvn validate" while the actual trick
is in resources (projects).

* Fix javadoc

* Disable MNG-2196 IT as it can infer the parent

---------

Co-authored-by: Tamas Cservenak <tamas@cservenak.net>
 2024-10-07 17:32:18 +02:00
dependabot[bot] 9ef2164b69 Bump actions/setup-java from 3 to 4 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-03 18:07:25 +02:00
dependabot[bot] d9d6200fe6 Bump actions/checkout from 3 to 4 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-03 18:07:03 +02:00
Tamas Cservenak 218d11b55e Add dependabot, we have stale actions 2024-10-03 17:55:24 +02:00
Tamas Cservenak 2e0d09ec7e Workaround just to test this 2024-10-03 17:46:10 +02:00
Tamas Cservenak 0bfde6311c [MNG-8282] Disable MNG-0553 IT for Maven 4-beta5+ (feature reworked) 
---

https://issues.apache.org/jira/browse/MNG-8282
 2024-10-03 17:46:10 +02:00
Tamas Cservenak e2890989c1 [MNG-8267] Disable MNG-5774 ITs for beta-5+ 
Also minor fix, but MavenITmng8220ExtensionWithDITest needs
slf4j-api 2.0.16 that is not in bootstrap.

---

https://issues.apache.org/jira/browse/MNG-8267
 2024-10-03 17:46:10 +02:00
Guillaume Nodet 4e1de4ef6e [MNG-8133] IT for ${project.rootDirectory} in external parent (#368) 2024-10-02 23:27:02 +02:00
Guillaume Nodet fa8432713a [MNG-8281] Change the outcome of an IT wrt interpolation (#370) 2024-10-02 23:25:37 +02:00
Guillaume Nodet c5211f95cb [MNG-8258] activate Reproducible Builds by default (#369) 2024-10-01 16:50:50 +02:00