maven/maven.changes

537 lines
22 KiB
Plaintext

-------------------------------------------------------------------
Tue Jan 30 07:13:33 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Upgrade tu upstream version 3.9.6
* Bug
+ MNG-7851: Error message when modelVersion is 4.0 is confusing
* Improvement
+ MNG-7875: Colorize transfer messages
+ MNG-7895: Support ${project.basedir} in file profile
activation
+ MNG-7939: Allow to exclude plugins from validation
* Task
+ MNG-7856: Maven Resolver Provider classes ctor change
+ MNG-7870: Undeprecate wrongly deprecated repository metadata
+ MNG-7872: Deprecate
org.apache.maven.repository.internal.MavenResolverModule
+ MNG-7874: maven-resolver-provider: introduce NAME constants.
* Dependency upgrade
+ MNG-7859: Update to Resolver 1.9.16
+ MNG-7913: Upgrade Sisu version to 0.9.0.M2
+ MNG-7934: Upgrade Resolver version to 1.9.18
+ MNG-7942: Upgrade to parent POM 41
+ MNG-7943: Upgrade default plugin bindings
-------------------------------------------------------------------
Thu Sep 21 12:03:34 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Upgrade tu upstream version 3.9.4
* Bug
+ MNG-7705: Sporadic failures on multiple builds sharing the
same local repo when writing the .lastUpdated file
+ MNG-7786: Maven Plugin Validation message is misleading
+ MNG-7795: IllegalArgumentException: 'other' has different root
during plugin validation
+ MNG-7796: Top directory cannot be computed
+ MNG-7799: Plugin validation falsely reports there are issues
(but shows none)
+ MNG-7811: Plugins verification - reports are inconsistent
+ MNG-7818: [REGRESSION] maven improperly excludes hamcrest-core
from junit
+ MNG-7819: Create IT that exercise file locking with snapshots
+ MNG-7846: endless loop in DefaultExceptionHandler.getMessage()
* Improvement
+ MNG-7698: Allow comments in .mvn/maven.config
+ MNG-7785: Clean usage of SessionData
+ MNG-7787: Introduce new options for plugin validation
+ MNG-7788: Plugin Validation Report should be printed before
build summary
+ MNG-7789: Plugin Dependency Validations use wrong data set
+ MNG-7806: Plugins verification - remove used in module(s)
report
+ MNG-7823: Make plugin validation level parsing more consistent
* Task
+ MNG-5987: Document the algorithm calculating the order of
plugin executions inside a phase.
+ MNG-7743: Make the build work on JDK 20
+ MNG-7790: Update lifecycle plugins
+ MNG-7791: Split validation issues into "user actionable" and
"plugin dev actionable"
+ MNG-7797: Return BRIEF mode, simply map it onto SUMMARY
+ MNG-7807: Update Super POM plugins
* Dependency upgrade
+ MNG-7800: Upgrade to Maven Resolver 1.9.13
+ MNG-7816: Bump maven parent from 39 to 40
+ MNG-7828: Bump guava from 31.1-jre to 32.0.1-jre
+ MNG-7847: Upgrade to Resolver 1.9.14
-------------------------------------------------------------------
Tue Sep 12 12:55:07 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Reproducible builds: do not output build number
-------------------------------------------------------------------
Mon Sep 4 15:13:23 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Added patch:
* 0005-Reproducible-maven.build.timestamp.patch
+ debian patch to make maven builds more reproducible
-------------------------------------------------------------------
Mon Jun 19 15:31:21 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 3.9.2
* Bug
+ MNG-7750: Interpolated properties in originalModel in
an active profile.
+ MNG-7759: java.lang.NullPointerException at org.apache
.maven.repository.internal.DefaultModelCache.newInstance
(DefaultModelCache.java:37)
* Improvement
+ MNG-7712: Core should issue a warning if plugin depends
on maven-compat
+ MNG-7741: Add more information when using
-Dmaven.repo.local.recordReverseTree=true
+ MNG-7754: Improvement and extension of plugin validation
+ MNG-7767: Tone down plugin validation report
+ MNG-7776: don't fingerprint Sigstore signatures (like GPG)
+ MNG-7778: Maven should print suppressed exceptions when a
mojo fails
* Task
+ MNG-7749: Upgrade animal-sniffer from 1.21 to 1.23
+ MNG-7774: Maven config and command line interpolation
-------------------------------------------------------------------
Thu May 11 08:39:04 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Modified patch:
* 0001-Adapt-mvn-script.patch
+ revert to older version which worked well (bsc#1211198)
-------------------------------------------------------------------
Wed May 3 11:44:20 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 3.9.1
* Changes of version 3.8.7:
+ Regression fixes from Maven 3.8.6
+ General fixes
+ Maven Wagon upgrade
* Changes of verson 3.8.8
+ Regression fixes from Maven 3.8.7
+ General fixes
+ Non-functional backports and improvements from 3.9.0
* Changes of version 3.9.0
+ Minimum Java version to use with Maven 3.9.0 is raised to
Java 8.
+ With Java 8, upgrade of several key dependencies became
possible as well.
+ Several backports from Maven 4.x line.
+ Long outstanding issue fixes from Maven 3.x line.
+ Cutting ties with Maven 2 backward compatibility, preparing
grounds for Maven 4.
+ General fixes and improvements.
+ The Maven Resolver transport has changed from Wagon to “native
HTTP”, see Resolver Transport guide.
+ Maven 2.x was auto-injecting an ancient version of
plexus-utils dependency into the plugin classpath, and Maven
3.x continued doing this to preserve backward compatibility.
Starting with Maven 3.9, it does not happen anymore. This
change may lead to plugin breakage. The fix for affected
plugin maintainers is to explicitly declare a dependency on
plexus-utils. The workaround for affected plugin users is to
add this dependency to plugin dependencies until issue is
fixed by the affected plugin maintainer.
+ Mojos are prevented to boostrap new instance of
RepositorySystem (for example by using deprecated
ServiceLocator), they should reuse RepositorySystem instance
provided by Maven instead. See MNG-7471.
+ Each line in .mvn/maven.config is now interpreted as a single
argument. That is, if the file contains multiple arguments,
these must now be placed on separate lines, see MNG-7684.
* Changes of version 3.9.1:
+ Regression fixes from Maven 3.9.0
+ General performance and other fixes
- Changed patches:
* 0001-Adapt-mvn-script.patch
* 0002-Invoke-logback-via-reflection.patch
+ rediff to changed context
* 0004-Remove-dependency-on-powermock.patch
-> 0003-Remove-dependency-on-powermock.patch
* 0007-Fix-build-with-qdox-2.0.1.patch
-> 0004-Fix-build-with-qdox-2.0.1.patch
+ rediff and rename to have the sequence of patches right
- Removed patches:
* 0003-Use-non-shaded-HTTP-wagon.patch
* 0005-Port-to-maven-resolver-1.7.2.patch
* 0006-Restore-DefaultModelValidator-compatibility-with-Mav.patch
+ not needed with 3.9.1
-------------------------------------------------------------------
Mon Aug 29 08:50:39 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
- Move mvn.1 from bin to man directory
-------------------------------------------------------------------
Mon Jul 25 12:13:39 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 3.8.6
* Bug
+ MNG-7432: [REGRESSION] Resolver session contains
non-MavenWorkspaceReader
+ MNG-7433: [REGRESSION] Multiple maven instances working on
same source tree can lock each other
+ MNG-7441: Update Version of (optional) Logback to Address
CVE-2021-42550, bsc#1193795
+ MNG-7448: Don't ignore bin/ otherwise bin/ in apache-maven
module cannot be readded
+ MNG-7455: [REGRESSION] IllegalStateException in
SessionScope during guice injection in multithreaded build
+ MNG-7459: Revert MNG-7347 (SessionScoped beans should be
singletons for a given session)
+ MNG-7467: [REGRESSION] Compilation failure with relocated
transitive dependency
+ MNG-7487: Fix deadlock during forked lifecycle executions
+ MNG-7493: [REGRESSION] Resolving dependencies between
submodules fails
* New Feature
+ MNG-7486: Create a multiline message helper for boxed log
messages
* Improvement
+ MNG-7445: to refactor some useless code
+ MNG-7476: Display a warning when an aggregator mojo is
locking other mojo executions
* Task
+ MNG-7466: Align Assembly Descriptor NS versions
* Dependency upgrade
+ MNG-7488: Upgrade SLF4J to 1.7.36
+ MNG-7489: Upgrade JUnit to 4.13.2
+ MNG-7490: Upgrade Plexus Utils to 3.3.1
-------------------------------------------------------------------
Mon May 16 14:26:42 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 3.8.5
* Bug
+ MNG-5180: Versioning's snapshot version list is not
included in metadata merge
+ MNG-5561: Plugin relocation loses configuration
+ MNG-5982: The POM for ... is invalid, transitive
dependencies ... while property was overriden
+ MNG-6326: Build continues when core extensions aren't
found
+ MNG-6727: Using version range in parent and CI Friendly
Version fails
+ MNG-6802: FileProfileActivator changes
FileProfileActivator.exists which lets flattened
resolveCiFriendliesOnly depending fail activating profile
+ MNG-7156: Parallel build can cause issues between clean
and forked goals
+ MNG-7335: [Regression] Parallel build fails due to missing
JAR artifacts in compilePath
+ MNG-7347: SessionScoped beans should be singletons for a
given session
+ MNG-7357: All Maven Core JARs have unusual entry order
+ MNG-7362: DefaultArtifactResolver has spurious "Failure
detected" INFO log
+ MNG-7374: Mutating RelocatedArtifact does not retain type
+ MNG-7386: ModelMerger$MergingList is not serializable
+ MNG-7402: BuildListCalculator never detaches the
classloader
+ MNG-7417: Several classes do not set properties properly
for building requests
* New Feature
+ MNG-7395: Support interpolation in extensions.xml
+ MNG-7407: Introduce a ModelVersionProcessor component to
make CI Friendly Versions pluggable
* Improvement
+ MNG-6960: Use RuntimeInformation instead of reading
properties
+ MNG-7349: Limit relocation warning message to direct
dependencies only
+ MNG-7380: Don't log non-threadsafe warning if only
building a single module
+ MNG-7381: Shorten parallel builder thread name to
artifactId, conditionally with groupId
+ MNG-7385: Improve documentation on repository metadata
+ MNG-7400: Allow more WorkspaceReaders to participate
+ MNG-7408: Explain reporting plugin version automatic
selection (in Maven 3)
* Dependency upgrade
+ MNG-7370: Upgrade Maven Wagon to 3.5.1
+ MNG-7384: Upgrade Maven JAR Plugin to 3.2.2
+ MNG-7428: Upgrade Maven Parent to 35
- Modified patches:
* 0001-Adapt-mvn-script.patch
* 0002-Invoke-logback-via-reflection.patch
* 0005-Port-to-maven-resolver-1.7.2.patch
* 0004-Use-non-shaded-HTTP-wagon.patch ->
0003-Use-non-shaded-HTTP-wagon.patch
+ rebase
* qdox-2.0.1.patch -> 0007-Fix-build-with-qdox-2.0.1.patch
+ rebase using git
- Added patches:
* 0004-Remove-dependency-on-powermock.patch
+ Remove the non-interpolated tests that require powermock
* 0006-Restore-DefaultModelValidator-compatibility-with-Mav.patch
+ XMvn was relying on default constructor for the
org.apache.maven.model.validation.DefaultModelValidator,
which is not generated, since a non-default one is defined.
+ This adds the no-parameter constructor back implicitely
-------------------------------------------------------------------
Fri May 13 09:01:43 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Fix build with modello-2.0.0
-------------------------------------------------------------------
Wed Apr 27 14:00:15 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Remove using of alternatives, since the symlinks are in a separate
package that one can decide not to install and this is the only
provider for mvn and mvnDebug links
- Remove dependency on cglib and aopalliance, since the no_aop
version of guice does not really depend on them
-------------------------------------------------------------------
Fri Mar 11 12:11:36 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Added patch:
* 0005-Port-to-maven-resolver-1.7.2.patch
+ fix build with the API incompatible maven-resolver 1.7.3
- Link the new maven-resolver-named-locks artifact too
-------------------------------------------------------------------
Thu Jan 13 07:12:09 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 3.8.4
* Sub-task
+ MNG-6281: ArrayIndexOutOfBoundsException caused by pom.xml
with invalid/duplicate XML
* Bug
+ MNG-4706: Multithreaded building can create bad files for
downloaded artifacts in local repository
+ MNG-5307: NPE during resolution of dependencies - parallel
mode
+ MNG-5315: Artifact resolution sporadically fails in
parallel builds
+ MNG-5838: Maven on No-File-Lock Systems
+ MNG-5868: Adding serval times the same artifact via
MavenProjectHelper (attachArtifact) keep adding to the List
duplicate artifacts
+ MNG-6071: GetResource ('/) returns 'null' if build is
started with -f
+ MNG-6216: ArrayIndexOutOfBoundsException when parsing POM
+ MNG-6239: Jansi messes up System.err and System.out
+ MNG-6380: Option -Dstyle.color=always doesn't force color
output
+ MNG-6604: Intermittent failures while downloading GAVs from
Nexus
+ MNG-6648: 'mavenrc_pre' script does not receive arguments
like mavenrc in Bourne shell does
+ MNG-6719: mvn color output escape keys w/ "| tee xxx.log"
on Win with git/bash
+ MNG-6737: StackOverflowError when version ranges are
unsolvable and graph contains a cycle
+ MNG-6767: Plugin with ${project.groupId} resolved
improperly
+ MNG-6819: NullPointerException for
DefaultArtifactDescriptorReader.loadPom
+ MNG-6828: DependencyResolutionException breaks
serialization
+ MNG-6842: ProjectBuilderTest uses Guava, but Guava is not
defined in dependencies
+ MNG-6843: Parallel build fails due to missing JAR artifacts
in compilePath
+ MNG-6850: Prevent printing the EXEC_DIR when it's just a
disk letter
+ MNG-6921: Maven compile with properties ${artifactId} and
${project.build.finalName} occurs
java.lang.NullPointerException
+ MNG-6937: StringSearchModelInterpolatorTest fails on
symlinked paths
+ MNG-6964: Maven version sorting is internally inconsistent
+ MNG-6983: Plugin key can get out of sync with artifactId
and groupId
+ MNG-7000: metadata.mdo contains invalid link to schema
+ MNG-7032: Option -B still showing formatting when used
with --version
+ MNG-7034: StackOverflowError thrown if a cycle exists in
BOM imports
+ MNG-7045: Drop CDI API from Maven
+ MNG-7090: mvnDebug does not work on Java 11+
+ MNG-7127: NullPointerException in
MavenCliTest.testStyleColors in JDK 16
+ MNG-7155: make sources jar reproducible (upgrade
maven-source-plugin to 3.2.1)
+ MNG-7161: Error thrown during uninstalling of JAnsi
+ MNG-7214: Bad transitive dependency parent from CDI API
+ MNG-7215: [Regression] Maven Site Plugin cannot resolve
parent site descriptor without locale
+ MNG-7216: Revert MNG-7170
+ MNG-7218: [Regression]
o.a.m.model.Build.getSourceDirectory() incorrectly returns
absolute dir on 3.8.2
+ MNG-7219: [Regression] plexus-cipher missing from
transitive dependencies
+ MNG-7220: [REGRESSION] test-classpath incorrectly resolved
+ MNG-7251: Fix threadLocalArtifactsHolder leaking into
cloned project
+ MNG-7253: Relocation message is never shown
+ MNG-7270: Maven startup script (init) calls which(1) which
is an external command
+ MNG-7285: [Regression] MavenProject.getArtifacts() not
returning correct value across multiple threads
+ MNG-7300: [Regression] Reloading web application (Enter)
fails due to java.lang.ClassNotFoundException
* New Feature
+ MNG-7149: Introduce MAVEN_DEBUG_ADDRESS in mvnDebug scripts
+ MNG-7164: Add constructor MojoExecutionException(Throwable)
* Improvement
+ MNG-2802: Concurrent-safe access to local Maven repository
+ MNG-6471: Parallel builder should use the module name as
thread name
+ MNG-6754: Set the same timestamp in multi module builds
+ MNG-6810: Remove profiles in maven-model
+ MNG-6811: Remove unnecessary filtering configuration
+ MNG-6816: Prefer System.lineSeparator() over system
properties
+ MNG-6827: Replace deprecated StringUtils#defaultString()
from Plexus Utils
+ MNG-6837: Simplify detection of the MAVEN_HOME and make it
fully qualified on Windows
+ MNG-6844: Use StandardCharsets and remove outdated
@SuppressWarnings
+ MNG-6853: Don't box primitives where it's not needed
+ MNG-6859: Build not easily reproducible when built from
source release archive
+ MNG-6873: Inconsistent library versions notice
+ MNG-6967: Improve the command line output from
maven-artifact
+ MNG-6987: Reorder groupId before artifactId when writing an
exclusion using maven-model
+ MNG-7010: Omit "NB: JAVA_HOME should point to a JDK not a
JRE" except when that is the problem
+ MNG-7064: Use HTTPS for schema location in global
settings.xml
+ MNG-7080: Add a --color option
+ MNG-7170: Allow to associate pomFile/${basedir} with
DefaultProjectBuilder.build(ModelSource, ...)
+ MNG-7180: Make --color option behave more like BSD/GNU
grep's --color option
+ MNG-7181: Make --version support -q
+ MNG-7185: Describe explicit and recommended version for
VersionRange.createFromVersionSpec()
+ MNG-7190: Load mavenrc from /usr/local/etc also in Bourne
shell script
+ MNG-7235: Speed improvements when calculating the sorted
project graph
+ MNG-7236: The DefaultPluginVersionResolver should cache
results for the session
* Task
+ MNG-6598: Maven 3.6.0 and Surefire problem
+ MNG-6884: Cleanup POM File after version upgrade
+ MNG-7172: Remove expansion of Jansi native libraries
+ MNG-7184: document .mavenrc/maven_pre.bat|cmd scripts and
MAVEN_SKIP_RC environment variable
+ MNG-7252: Fix warnings issued by dependency:analyze
+ MNG-7254: Expand Windows native libraries for Jansi due to
JDK-8195129 (workaround)
+ MNG-7312: Revert ThreadLocal approach from MNG-6843 and
MNG-7251
* Dependency upgrade
+ MNG-6818: Upgrade Plexus Utils to 3.3.0
+ MNG-6841: Upgrade Plexus Interpolation to 1.26
+ MNG-6872: Found CVEs in your dependencies - plexus-utils
(tests)
+ MNG-6874: Upgrade Maven Parent to 34
+ MNG-6886: Upgrade plexus-cipher 1.8
+ MNG-6993: Upgrade SLF4J to 1.7.30
+ MNG-7152: Upgrade Maven Resolver to 1.6.3
+ MNG-7177: Upgrade Maven Shared Utils to 3.3.4
+ MNG-7179: Upgrade Jansi to 2.3.3
+ MNG-7186: Upgrade Guice to 4.2.2
+ MNG-7196: Upgrade Jansi to 2.3.4
+ MNG-7198: Upgrade SLF4J to 1.7.32
+ MNG-7246: Upgrade Plexus Cipher and Sec Dispatcher to 2.0
+ MNG-7250: Upgrade Sisu Inject/Plexus to 0.3.5
+ MNG-7331: Upgrade Jansi to 2.4.0
- Added patch:
* qdox-2.0.1.patch
+ Fix syntax error with qdox 2.0.1 and method declarations
containing the new keyword "record" as name of variables
-------------------------------------------------------------------
Sun Nov 21 08:49:59 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
- add upstream signing key and verify source signature
-------------------------------------------------------------------
Tue Sep 14 14:44:11 UTC 2021 - Stefan Schubert <schubi@suse.de>
- Use libalternatives instead of update-alternatives.
-------------------------------------------------------------------
Tue May 11 09:57:12 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Do not build against the compatibility version guava20 any more,
but use the default guava package
-------------------------------------------------------------------
Tue Apr 27 07:25:29 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 3.8.1
* Security fixes:
+ CVE-2021-26291 and CVE-2020-13956
* Bug:
+ MNG-7128: improve error message when blocked repository
defined in build POM
* New Feature
+ MNG-7116: Add support for mirror selector on
external:http:*
+ MNG-7117: Add support for blocking mirrors
+ MNG-7118: Block external HTTP repositories by default
* Dependency upgrade
+ MNG-7119: Upgrade Maven Wagon to 3.4.3
+ MNG-7123: Upgrade Maven Resolver to 1.6.2
-------------------------------------------------------------------
Sun Mar 1 08:27:38 UTC 2020 - Fridrich Strba <fstrba@suse.com>
- Let maven-lib obsolete maven-jansi
-------------------------------------------------------------------
Fri Feb 7 15:50:55 UTC 2020 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 3.6.3
- Modified patches:
* 0002-Invoke-logback-via-reflection.patch
* 0004-Use-non-shaded-HTTP-wagon.patch
+ Adapt to changed line endings
-------------------------------------------------------------------
Thu Nov 21 15:53:17 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream version 3.6.2
- Modified patch:
* 0002-Invoke-logback-via-reflection.patch
+ adapt to changed context
- Removed patch:
* 0003-Revert-MNG-6335-Update-Mockito-to-2.12.0.patch
+ we don't need this patch, since we are not running tests
by default
- Added patch:
* 0004-Use-non-shaded-HTTP-wagon.patch
+ we don't use/distribute shared wagon-http
-------------------------------------------------------------------
Mon Apr 1 23:29:07 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Adjust RPM groups. Avoid bashisms in %postun.
-------------------------------------------------------------------
Fri Mar 29 07:58:04 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Initial packaging of maven 3.5.4
- Generate and customize ant build files