dependabot[bot]
13342db73e
Bump org.apache.maven.plugin-tools:maven-plugin-annotations ( #1908 )
...
Bumps [org.apache.maven.plugin-tools:maven-plugin-annotations](https://github.com/apache/maven-plugin-tools ) from 3.6.4 to 3.15.1.
- [Release notes](https://github.com/apache/maven-plugin-tools/releases )
- [Commits](https://github.com/apache/maven-plugin-tools/compare/maven-plugin-tools-3.6.4...maven-plugin-tools-3.15.1 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugin-tools:maven-plugin-annotations
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 08:32:55 +01:00
Guillaume Nodet
12b3dae3ce
Add CI cache ( #1914 )
...
* Add cache for all steps
* Pass through the maven.repo.loca.tail property
2024-11-17 15:50:32 +01:00
Tamas Cservenak
ab7d766c72
Exception usage cleanup ( #1910 )
...
This is just a cleanup of exception usage (by making them checked, fixing compiler issues, and undoing the change). There are at least two bugs (runtime escapes) fixed in this PR.
2024-11-16 21:36:20 +01:00
Guillaume Nodet
c4834efdba
Move everything out of bootstrap ( #1909 )
2024-11-16 18:50:22 +01:00
Tamas Cservenak
1614226c68
[MNG-8379] Decrypt all of settings on building it ( #1913 )
...
The decryption should happen transparently, also, resolver should not decrypt for itself only, whole maven should have access to all.
This PR also disables Maven 3.0 IT MNG-4459 as Maven4 stops with this "security through obscurity" (keep encrypted pw in memory kinda for "security reasons" but in reality any mojo or extension can decrypt anything they want).
---
https://issues.apache.org/jira/browse/MNG-8379
2024-11-16 14:55:43 +01:00
Guillaume Nodet
4b0dd4362a
Cleanup file access and assertions in ITs ( #1912 )
2024-11-15 13:08:33 +01:00
Guillaume Nodet
a14732597b
[MNG-8336] Only inject plugins information if requested ( #1904 )
2024-11-15 10:24:21 +01:00
Guillaume Nodet
46707e0f28
[MNG-8340] Resolve parent according to the exact model location ( #1857 )
2024-11-13 20:26:56 +01:00
Tamas Cservenak
903cf59b0b
Add missing annotation
2024-11-13 17:00:46 +01:00
dependabot[bot]
11c235eafe
IT: Bump org.codehaus.plexus:plexus-component-annotations ( #1878 )
...
Bumps [org.codehaus.plexus:plexus-component-annotations](https://github.com/codehaus-plexus/plexus-containers ) from 2.1.1 to 2.2.0.
- [Release notes](https://github.com/codehaus-plexus/plexus-containers/releases )
- [Changelog](https://github.com/codehaus-plexus/plexus-containers/blob/master/ReleaseNotes.md )
- [Commits](https://github.com/codehaus-plexus/plexus-containers/compare/plexus-containers-2.1.1...plexus-containers-2.2.0 )
---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-component-annotations
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-13 16:02:14 +01:00
Tamas Cservenak
f36f8e1bd6
IT: update archaic deps ( #1903 )
...
This PR is based on dependabot PRs but they require code changes as well.
Based on:
* https://github.com/apache/maven/pull/1895
* https://github.com/apache/maven/pull/1889
2024-11-13 16:00:55 +01:00
P. Ottlinger
4b18bfb9a8
[MNG-8372] Augment error message to give users more context when running into deprecated encryption warning ( #1898 )
...
Augment error message to give users more context when running into deprecated encryption warning
---
https://issues.apache.org/jira/browse/MNG-8372
2024-11-13 15:15:57 +01:00
Tamas Cservenak
a67d2746af
[MNG-8375] CLIng diet ( #1897 )
...
First part was to "reverse" MavenCli into CLIng, that also became a huge and complex beast. Now, sanitization comes, tearing down unneeded stuff. CLIng should be simple and straightforward.
Now the **invoker** fully parses args, creates Maven instance (ie. local, using Maven components on classpath) and invokes Maven. The new **executor** in turn does NOT fully parses args and is logical equivalent of maven-invoker.
Changes:
* radically simplify CLIng existing classes (and especially API - the fact we have "local", "resident" etc invoker is actually implementation detail).
* introduce "executor", a "lower level" tool that does not parse args (and is logical equivalent of maven-invoker) and support Maven 4.x and Maven 3.x.
---
https://issues.apache.org/jira/browse/MNG-8375
2024-11-13 15:14:56 +01:00
dependabot[bot]
c7effeb15c
IT: Bump org.codehaus.plexus:plexus-velocity from 1.1.7 to 2.2.0 ( #1901 )
...
Bumps [org.codehaus.plexus:plexus-velocity](https://github.com/codehaus-plexus/plexus-velocity ) from 1.1.7 to 2.2.0.
- [Release notes](https://github.com/codehaus-plexus/plexus-velocity/releases )
- [Commits](https://github.com/codehaus-plexus/plexus-velocity/commits/plexus-velocity-2.2.0 )
---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-velocity
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-13 10:51:39 +01:00
dependabot[bot]
d0cdd8c13e
IT: Bump commons-io:commons-io from 2.14.0 to 2.17.0 ( #1899 )
...
Bumps commons-io:commons-io from 2.14.0 to 2.17.0.
---
updated-dependencies:
- dependency-name: commons-io:commons-io
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-12 20:35:16 +01:00
dependabot[bot]
49482c53fc
IT: Bump org.hamcrest:hamcrest from 2.2 to 3.0 ( #1900 )
...
Bumps [org.hamcrest:hamcrest](https://github.com/hamcrest/JavaHamcrest ) from 2.2 to 3.0.
- [Release notes](https://github.com/hamcrest/JavaHamcrest/releases )
- [Changelog](https://github.com/hamcrest/JavaHamcrest/blob/master/CHANGES.md )
- [Commits](https://github.com/hamcrest/JavaHamcrest/compare/v2.2...v3.0 )
---
updated-dependencies:
- dependency-name: org.hamcrest:hamcrest
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-12 20:35:01 +01:00
dependabot[bot]
de4bba8787
IT: Bump org.junit.jupiter:junit-jupiter from 5.8.0 to 5.11.3 ( #1894 )
...
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5 ) from 5.8.0 to 5.11.3.
- [Release notes](https://github.com/junit-team/junit5/releases )
- [Commits](https://github.com/junit-team/junit5/compare/r5.8.0...r5.11.3 )
---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-11 12:10:52 +01:00
dependabot[bot]
0752547314
IT: Bump org.apache.maven.shared:maven-shared-utils from 0.9 to 3.4.2 ( #1896 )
...
Bumps [org.apache.maven.shared:maven-shared-utils](https://github.com/apache/maven-shared-utils ) from 0.9 to 3.4.2.
- [Release notes](https://github.com/apache/maven-shared-utils/releases )
- [Commits](https://github.com/apache/maven-shared-utils/compare/maven-shared-utils-0.9...maven-shared-utils-3.4.2 )
---
updated-dependencies:
- dependency-name: org.apache.maven.shared:maven-shared-utils
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-11 12:10:32 +01:00
dependabot[bot]
8dcee59138
IT: Bump log4j:log4j from 1.2.14 to 1.2.17 ( #1890 )
...
Bumps log4j:log4j from 1.2.14 to 1.2.17.
---
updated-dependencies:
- dependency-name: log4j:log4j
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 09:51:42 +01:00
dependabot[bot]
5be30376e9
IT: Bump org.codehaus.plexus:plexus-container-default ( #1891 )
...
Bumps org.codehaus.plexus:plexus-container-default from 1.0-alpha-9 to 2.1.1.
---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-container-default
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 09:51:32 +01:00
dependabot[bot]
e65819388f
IT: Bump junit:junit from 3.8.1 to 4.13.2 ( #1892 )
...
Bumps [junit:junit](https://github.com/junit-team/junit4 ) from 3.8.1 to 4.13.2.
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.2.md )
- [Commits](https://github.com/junit-team/junit4/commits/r4.13.2 )
---
updated-dependencies:
- dependency-name: junit:junit
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 09:51:22 +01:00
Tamas Cservenak
4f79f2d876
[MNG-8332] Detach CLIng from deprecated Embedder ( #1882 )
...
Detach maven-cli from maven-embedder (deprecated). Basically, classes are copied from embedder to cli, while embedder points to old classes and cli to new classes. **One important exception is logging**: the classes are _moved_ to cli, and embedder modified to use those classes (and dependency reversed: embedder now depends on cli). Reason is Verifier, that still calls into "hack method" of deprecated MavenCli, and then without logging classes move would explode due casting.
---
https://issues.apache.org/jira/browse/MNG-8332
2024-11-08 09:49:11 +01:00
Tamas Cservenak
37b8a62bd5
IT fix: Drop ancient reporting, use latest ( #1887 )
...
Attempt to stop ITs pulling in ancient (and vulnerable) deps.
2024-11-07 17:41:37 +01:00
Tamas Cservenak
457bb8e000
CLIng: finish TODO ( #1888 )
...
Also clear up javadoc.
2024-11-07 17:41:13 +01:00
Tamas Cservenak
a836e898b0
IT: cleanup ( #1886 )
...
Yet another round
Changes:
* get rid of Guava (2 classes affected)
* align dependencies
* align plugins
2024-11-07 12:43:46 +01:00
Tamas Cservenak
1ab2ccf066
Add maven.repo.local.head ( #1881 )
...
As counterpart to maven.repo.local.tail, but this one "prepends" while other "appends". This means one can do like this
```
$ mvn install -Prun-its -Dmaven.repo.local.head=~/.m2/repository-it
```
And have stuff installed into dedicated IT local repo (as IT bits must be installed), instead to pollute own local repo.
---
https://issues.apache.org/jira/browse/MNG-8370
2024-11-07 11:14:15 +01:00
Tamas Cservenak
1b3a3575ca
IT: Ant update ( #1879 )
...
Dependabot missed that it needs several deps updated
at once.
2024-11-06 14:36:32 +01:00
dependabot[bot]
0da78176d7
Bump org.codehaus.plexus:plexus-utils ( #1867 )
...
Bumps [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils ) from 1.1 to 3.0.24.
- [Release notes](https://github.com/codehaus-plexus/plexus-utils/releases )
- [Commits](https://github.com/codehaus-plexus/plexus-utils/commits/plexus-utils-3.0.24 )
---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-utils
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-06 14:00:02 +01:00
dependabot[bot]
e9f5a1fd4a
Bump commons-io:commons-io ( #1868 )
...
Bumps commons-io:commons-io from 1.4 to 2.14.0.
---
updated-dependencies:
- dependency-name: commons-io:commons-io
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-06 13:59:53 +01:00
dependabot[bot]
1ff134ecc3
Bump org.apache.maven.shared:maven-shared-utils ( #1869 )
...
Bumps [org.apache.maven.shared:maven-shared-utils](https://github.com/apache/maven-shared-utils ) from 0.1 to 3.3.3.
- [Release notes](https://github.com/apache/maven-shared-utils/releases )
- [Commits](https://github.com/apache/maven-shared-utils/compare/maven-shared-utils-0.1...maven-shared-utils-3.3.3 )
---
updated-dependencies:
- dependency-name: org.apache.maven.shared:maven-shared-utils
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-06 13:59:31 +01:00
dependabot[bot]
fe35d034ef
Bump org.apache.maven:maven-core ( #1871 )
...
Bumps org.apache.maven:maven-core from 3.6.0 to 3.8.1.
---
updated-dependencies:
- dependency-name: org.apache.maven:maven-core
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-06 13:59:07 +01:00
dependabot[bot]
8f2ef8ebe1
Bump org.eclipse.jetty:jetty-server in /its/core-it-suite ( #1872 )
...
Bumps org.eclipse.jetty:jetty-server from 9.4.53.v20231009 to 9.4.55.v20240627.
---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-06 13:58:58 +01:00
dependabot[bot]
aa863a93a6
Bump org.ow2.asm:asm from 7.3.1 to 9.7.1 ( #1875 )
...
Bumps org.ow2.asm:asm from 7.3.1 to 9.7.1.
---
updated-dependencies:
- dependency-name: org.ow2.asm:asm
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-06 13:58:49 +01:00
dependabot[bot]
fb43bde8a2
Bump org.apache.maven.plugins:maven-scm-publish-plugin from 1.1 to 3.3.0 ( #1876 )
...
Bumps [org.apache.maven.plugins:maven-scm-publish-plugin](https://github.com/apache/maven-scm-publish-plugin ) from 1.1 to 3.3.0.
- [Commits](https://github.com/apache/maven-scm-publish-plugin/compare/maven-scm-publish-plugin-1.1...maven-scm-publish-plugin-3.3.0 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-scm-publish-plugin
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-06 13:58:36 +01:00
dependabot[bot]
7c0181db09
Bump org.apache.maven:maven-archiver from 3.6.0 to 3.6.3 ( #1877 )
...
Bumps [org.apache.maven:maven-archiver](https://github.com/apache/maven-archiver ) from 3.6.0 to 3.6.3.
- [Release notes](https://github.com/apache/maven-archiver/releases )
- [Commits](https://github.com/apache/maven-archiver/compare/maven-archiver-3.6.0...maven-archiver-3.6.3 )
---
updated-dependencies:
- dependency-name: org.apache.maven:maven-archiver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-06 13:58:28 +01:00
Tamas Cservenak
dfd5ec5f85
[MNG-8362] Adding some missing config properties ( #1861 )
...
To have them listed in generated docs, as they were forgotten.
Also, adding a "compat" support for Maven 3.9.x property for chained reposes.
---
https://issues.apache.org/jira/browse/MNG-8362
2024-11-05 17:06:57 +01:00
Guillaume Nodet
62c94d123c
[MNG-8368] Fix dependency resolver not using project repositories ( #1865 )
2024-11-05 17:01:08 +01:00
Guillaume Nodet
51123f3abc
Remove unused class ( #1866 )
2024-11-05 17:00:23 +01:00
Guillaume Nodet
75258afcc6
Integrate into maven's build
2024-11-05 16:56:49 +01:00
Guillaume Nodet
4270e7883f
Simplify hocon IT to not rely on a complex parent POM
2024-11-05 16:56:46 +01:00
Guillaume Nodet
2f8f380da9
Merge remote-tracking branch 'its/master' into merge-its
2024-11-05 16:56:27 +01:00
dependabot[bot]
32e67f83c2
[MNG-8366] Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 ( #1859 )
...
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback ) from 1.5.11 to 1.5.12.
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.11...v_1.5.12 )
---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
https://issues.apache.org/jira/browse/MNG-8366
2024-11-05 15:48:04 +01:00
dependabot[bot]
39eed0cad5
[MNG-8365] Bump net.bytebuddy:byte-buddy from 1.15.7 to 1.15.10 ( #1863 )
...
Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy ) from 1.15.7 to 1.15.10.
- [Release notes](https://github.com/raphw/byte-buddy/releases )
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md )
- [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.15.7...byte-buddy-1.15.10 )
---
updated-dependencies:
- dependency-name: net.bytebuddy:byte-buddy
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
https://issues.apache.org/jira/browse/MNG-8365
2024-11-05 15:47:03 +01:00
Guillaume Nodet
8005826df7
[MNG-8361] Fix typo in color styles
2024-11-02 10:29:52 +01:00
Tamas Cservenak
4e1152f047
Drop staging repository for Resolver 2.0.3 ( #1860 )
...
It was released.
2024-11-01 14:16:16 +01:00
Tamas Cservenak
f8cba5dc27
Redirect master to Resolver 2.0.3, respin 1
2024-10-29 10:41:19 +01:00
Tamas Cservenak
9e62984ae3
[MNG-8347] Additional tests ( #398 )
...
Add additional cases as original test is not the full story.
Make sure tree is same even if pushed down a level (in Maven3 is not)
---
https://issues.apache.org/jira/browse/MNG-8347
2024-10-29 10:00:06 +01:00
Guillaume Nodet
2a6fc5ab67
[MNG-8329] ArtifactInstallerRequest and ArtifactDeployerRequest should use Collection<ProducedArtifact> ( #1836 )
2024-10-25 18:43:07 +02:00
Guillaume Nodet
227b13a900
Remove unused files ( #1854 )
2024-10-25 17:35:25 +02:00
Guillaume Nodet
c0866ec067
[MNG-8360] Fix parent profiles not reported as activated ( #1852 )
2024-10-25 17:34:15 +02:00