Toned down the Maven4 sec dispatcher messages. Also, IF maven3 passwords detected AND there was `.mvn/extensions.xml` the warnings were doubled.
Examples:
Failure to start Maven (due non-decryptable passwords):
```
$ mvn clean
[ERROR] Error executing Maven.
[ERROR] Error building settings
* FATAL: Could not decrypt password (fix the corrupted password or remove it, if unused) {xL6L/HbmrY++sNkphnq3fguYepTpM04WlIXb8nB1pk=}
* WARNING: Detected 2 pre-Maven 4 legacy encrypted password(s) - configure password encryption with the help of mvnenc for increased security.
$
```
Warning at start (due Maven3 passwords):
```
$ mvn clean
[INFO]
[INFO] Some problems were encountered while building the effective settings (use -X to see details)
[INFO]
[INFO] Scanning for projects...
[INFO] --------------------------------------------------------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Apache Maven
...
```
---
https://issues.apache.org/jira/browse/MNG-8424https://issues.apache.org/jira/browse/MNG-8419
* [MNG-8388] Fix escape characters being replaced to change the original configuration
Signed-off-by: crazyhzm <crazyhzm@apache.org>
* Add unit test
---------
Signed-off-by: crazyhzm <crazyhzm@apache.org>
Co-authored-by: Guillaume Nodet <gnodet@gmail.com>
And make use of it in CLIng. Also, move from "late" Resolver session factory to "early" CLIng invocation of `PropertyContributor` SPI and make contribution visible across whole Maven, not only Resolver.
---
https://issues.apache.org/jira/browse/MNG-8385
This is just a cleanup of exception usage (by making them checked, fixing compiler issues, and undoing the change). There are at least two bugs (runtime escapes) fixed in this PR.
The decryption should happen transparently, also, resolver should not decrypt for itself only, whole maven should have access to all.
This PR also disables Maven 3.0 IT MNG-4459 as Maven4 stops with this "security through obscurity" (keep encrypted pw in memory kinda for "security reasons" but in reality any mojo or extension can decrypt anything they want).
---
https://issues.apache.org/jira/browse/MNG-8379
To have them listed in generated docs, as they were forgotten.
Also, adding a "compat" support for Maven 3.9.x property for chained reposes.
---
https://issues.apache.org/jira/browse/MNG-8362
Guillaume Nodet
Tamas Cservenak
Jermaine Hua