Bugfix/report set inheritance 4.0.x#12244
Closed
hboutemy wants to merge 372 commits into
Closed
Conversation
Resolver 2.0.13 has fixed several bugs and issues from 2.0.11 causing endless loops/stack overflow with some more complex graphs. Changes in ITs: * classpath string is now levelOrder (not preOrder as Maven 3) * error string comparison that fits apache and jdk transport (error message is slightly different) Backport of 14d6d44
Bumps [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) from 0.8.13 to 0.8.14. - [Release notes](https://github.com/jacoco/jacoco/releases) - [Commits](jacoco/jacoco@v0.8.13...v0.8.14) --- updated-dependencies: - dependency-name: org.jacoco:jacoco-maven-plugin dependency-version: 0.8.14 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [eu.maveniverse.maven.mimir:testing](https://github.com/maveniverse/mimir) from 0.9.3 to 0.9.4. - [Release notes](https://github.com/maveniverse/mimir/releases) - [Commits](maveniverse/mimir@release-0.9.3...release-0.9.4) --- updated-dependencies: - dependency-name: eu.maveniverse.maven.mimir:testing dependency-version: 0.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [org.apache.maven:maven-archiver](https://github.com/apache/maven-archiver) from 3.6.4 to 3.6.5. - [Release notes](https://github.com/apache/maven-archiver/releases) - [Commits](apache/maven-archiver@maven-archiver-3.6.4...maven-archiver-3.6.5) --- updated-dependencies: - dependency-name: org.apache.maven:maven-archiver dependency-version: 3.6.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [org.codehaus.plexus:plexus-testing](https://github.com/codehaus-plexus/plexus-testing) from 1.6.0 to 1.6.1. - [Release notes](https://github.com/codehaus-plexus/plexus-testing/releases) - [Commits](codehaus-plexus/plexus-testing@plexus-testing-1.6.0...plexus-testing-1.6.1) --- updated-dependencies: - dependency-name: org.codehaus.plexus:plexus-testing dependency-version: 1.6.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [org.codehaus.plexus:plexus-testing](https://github.com/codehaus-plexus/plexus-testing) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/codehaus-plexus/plexus-testing/releases) - [Commits](codehaus-plexus/plexus-testing@plexus-testing-1.6.1...plexus-testing-1.7.0) --- updated-dependencies: - dependency-name: org.codehaus.plexus:plexus-testing dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [com.github.siom79.japicmp:japicmp-maven-plugin](https://github.com/siom79/japicmp) from 0.24.1 to 0.24.2. - [Release notes](https://github.com/siom79/japicmp/releases) - [Changelog](https://github.com/siom79/japicmp/blob/master/release.py) - [Commits](siom79/japicmp@japicmp-base-0.24.1...japicmp-base-0.24.2) --- updated-dependencies: - dependency-name: com.github.siom79.japicmp:japicmp-maven-plugin dependency-version: 0.24.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [org.codehaus.plexus:plexus-velocity](https://github.com/codehaus-plexus/plexus-velocity) from 2.2.1 to 2.3.0. - [Release notes](https://github.com/codehaus-plexus/plexus-velocity/releases) - [Commits](codehaus-plexus/plexus-velocity@plexus-velocity-2.2.1...plexus-velocity-2.3.0) --- updated-dependencies: - dependency-name: org.codehaus.plexus:plexus-velocity dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
And collect more information, and we seems loose some information in case of IT failures. Changes: * upgrade to Mimir 0.10.0 * GH action collects IT failsafe outputs as well (as I sus we have something on stdout or stderr) * centrally manage Toolbox and Mimir versions * make Maven 3 tests use Mimir as well (by doing UW or PW setup for it); so far those did not use Mimir, but went directly to Central instead * in maven-executor and maven-cli test disable prefix RRF (for now) Backport of 58dea98 Backport of e92746c
Bumps [org.codehaus.mojo:exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) from 3.6.1 to 3.6.2. - [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases) - [Commits](mojohaus/exec-maven-plugin@3.6.1...3.6.2) --- updated-dependencies: - dependency-name: org.codehaus.mojo:exec-maven-plugin dependency-version: 3.6.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.19 to 1.5.20. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.19...v_1.5.20) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.20 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) (#11310) When `--raw-streams` is used (especially when combined with options like `--quiet` and `-DforceStdout`) there is no guarantee that anything touches terminal. Hence, in case of embedded executor it is quite possible that cached/warm code arrives quickly at the place that would do system out **before** the thread with `FastTerminal` finishes system install. In other words, when `--raw-streams` are used, we cannot guarantee that system streams are already properly set up. This PR changes that, and makes sure (by triggering a dummy call to terminal), at the cost of "jline3 install lag" for CLI invocation. OTOH, this lag in case of embedded executors does not exists (it exists only on first invocation). My suspicion that this is the cause of IT instability issues, when Verifier used Toolbox output ends up on Surefire stdout and not on "grabbed" output, as simply streams are not yet set up properly. Also, this usually happens "around the second half" of ITs, when cached and warmed up embedded instance is already uber optimized. Backport of bb94de0
A dot is already automatically added by Javadoc, so these trailing dots were causing dots to appear twice in the generated Javadoc.
… the code and forces us to be more consistent since all constructions must pass by the canonical constructor. This refactored class should have the same behavior as the previous class (no new feature).
…cation in `maven.mdo`
requires that we resolve against `${project.build.outputDirectory}`, which is not `baseDir`.
Also modify the specification for resolving against `${project.build.testOutputDirectory}`
if the scope is test and `${project.build.directory}` is the scope is neither main or test.
Add a `Project.getOutputDirectory(ProjectScope)` for avoiding the need to repeat the same code in the plugins.
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5.0.0 to 6.0.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@634f93c...018cc2c) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 5.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...330a01c) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps `xmlunitVersion` from 2.10.4 to 2.11.0. Updates `org.xmlunit:xmlunit-assertj` from 2.10.4 to 2.11.0 - [Release notes](https://github.com/xmlunit/xmlunit/releases) - [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md) - [Commits](xmlunit/xmlunit@v2.10.4...v2.11.0) Updates `org.xmlunit:xmlunit-core` from 2.10.4 to 2.11.0 - [Release notes](https://github.com/xmlunit/xmlunit/releases) - [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md) - [Commits](xmlunit/xmlunit@v2.10.4...v2.11.0) Updates `org.xmlunit:xmlunit-matchers` from 2.10.4 to 2.11.0 - [Release notes](https://github.com/xmlunit/xmlunit/releases) - [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md) - [Commits](xmlunit/xmlunit@v2.10.4...v2.11.0) --- updated-dependencies: - dependency-name: org.xmlunit:xmlunit-assertj dependency-version: 2.11.0 dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.xmlunit:xmlunit-core dependency-version: 2.11.0 dependency-type: direct:development update-type: version-update:semver-minor - dependency-name: org.xmlunit:xmlunit-matchers dependency-version: 2.11.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps org.apache.maven.plugin-tools:maven-plugin-tools-java from 3.15.1 to 3.15.2. --- updated-dependencies: - dependency-name: org.apache.maven.plugin-tools:maven-plugin-tools-java dependency-version: 3.15.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [org.apache.maven.plugin-tools:maven-plugin-annotations](https://github.com/apache/maven-plugin-tools) from 3.15.1 to 3.15.2. - [Release notes](https://github.com/apache/maven-plugin-tools/releases) - [Commits](apache/maven-plugin-tools@maven-plugin-tools-3.15.1...maven-plugin-tools-3.15.2) --- updated-dependencies: - dependency-name: org.apache.maven.plugin-tools:maven-plugin-annotations dependency-version: 3.15.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps `jlineVersion` from 4.1.0 to 4.1.2. Updates `org.jline:jline-reader` from 4.1.0 to 4.1.2 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.0...4.1.2) Updates `org.jline:jline-style` from 4.1.0 to 4.1.2 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.0...4.1.2) Updates `org.jline:jline-builtins` from 4.1.0 to 4.1.2 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.0...4.1.2) Updates `org.jline:jline-console` from 4.1.0 to 4.1.2 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.0...4.1.2) Updates `org.jline:jline-console-ui` from 4.1.0 to 4.1.2 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.0...4.1.2) Updates `org.jline:jline-terminal` from 4.1.0 to 4.1.2 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.0...4.1.2) Updates `org.jline:jline-terminal-ffm` from 4.1.0 to 4.1.2 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.0...4.1.2) Updates `org.jline:jline-terminal-jni` from 4.1.0 to 4.1.2 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.0...4.1.2) Updates `org.jline:jline-native` from 4.1.0 to 4.1.2 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.0...4.1.2) Updates `org.jline:jansi-core` from 4.1.0 to 4.1.2 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.0...4.1.2) --- updated-dependencies: - dependency-name: org.jline:jline-reader dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-style dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-builtins dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-console dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-console-ui dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-terminal dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-terminal-ffm dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-terminal-jni dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-native dependency-version: 4.1.2 dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.jline:jansi-core dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The main goal of `maven-executor` is ability to execute Maven 3/4 in "embedded" and "forked" mode, and has not related with Maven release lifecycle itself (and is dependency-less as well). So, let's move it out into own project. https://github.com/apache/maven-executor The new library executes Maven in: * forked or embedded mode, but introduces other providers as well * supports Maven 3 and 4 * the main `maven-executor` module is Java 8, dependency-less library (is MR-JAR, and on 9+ is modular and provides ToolProvider SPI integration as well) Backport from master: 15d19f2
Bumps [net.sourceforge.pmd:pmd-core](https://github.com/pmd/pmd) from 7.24.0 to 7.25.0. - [Release notes](https://github.com/pmd/pmd/releases) - [Commits](pmd/pmd@pmd_releases/7.24.0...pmd_releases/7.25.0) --- updated-dependencies: - dependency-name: net.sourceforge.pmd:pmd-core dependency-version: 7.25.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps `domtripVersion` from 1.5.1 to 1.5.2. Updates `eu.maveniverse.maven.domtrip:domtrip-core` from 1.5.1 to 1.5.2 - [Release notes](https://github.com/maveniverse/domtrip/releases) - [Commits](maveniverse/domtrip@1.5.1...1.5.2) Updates `eu.maveniverse.maven.domtrip:domtrip-maven` from 1.5.1 to 1.5.2 - [Release notes](https://github.com/maveniverse/domtrip/releases) - [Commits](maveniverse/domtrip@1.5.1...1.5.2) --- updated-dependencies: - dependency-name: eu.maveniverse.maven.domtrip:domtrip-core dependency-version: 1.5.2 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: eu.maveniverse.maven.domtrip:domtrip-maven dependency-version: 1.5.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps `xmlunitVersion` from 2.11.0 to 2.12.0. Updates `org.xmlunit:xmlunit-assertj` from 2.11.0 to 2.12.0 - [Release notes](https://github.com/xmlunit/xmlunit/releases) - [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md) - [Commits](xmlunit/xmlunit@v2.11.0...v2.12.0) Updates `org.xmlunit:xmlunit-core` from 2.11.0 to 2.12.0 - [Release notes](https://github.com/xmlunit/xmlunit/releases) - [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md) - [Commits](xmlunit/xmlunit@v2.11.0...v2.12.0) Updates `org.xmlunit:xmlunit-matchers` from 2.11.0 to 2.12.0 - [Release notes](https://github.com/xmlunit/xmlunit/releases) - [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md) - [Commits](xmlunit/xmlunit@v2.11.0...v2.12.0) --- updated-dependencies: - dependency-name: org.xmlunit:xmlunit-assertj dependency-version: 2.12.0 dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.xmlunit:xmlunit-core dependency-version: 2.12.0 dependency-type: direct:development update-type: version-update:semver-minor - dependency-name: org.xmlunit:xmlunit-matchers dependency-version: 2.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.18.8 to 1.18.10. - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](raphw/byte-buddy@byte-buddy-1.18.8...byte-buddy-1.18.10) --- updated-dependencies: - dependency-name: net.bytebuddy:byte-buddy dependency-version: 1.18.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.33 to 1.5.34. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.33...v_1.5.34) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.34 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@de0fac2...df4cb1c) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps `jlineVersion` from 4.1.2 to 4.1.3. Updates `org.jline:jline-reader` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.2...4.1.3) Updates `org.jline:jline-style` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.2...4.1.3) Updates `org.jline:jline-builtins` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.2...4.1.3) Updates `org.jline:jline-console` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.2...4.1.3) Updates `org.jline:jline-console-ui` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.2...4.1.3) Updates `org.jline:jline-terminal` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.2...4.1.3) Updates `org.jline:jline-terminal-ffm` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.2...4.1.3) Updates `org.jline:jline-terminal-jni` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.2...4.1.3) Updates `org.jline:jline-native` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.2...4.1.3) Updates `org.jline:jansi-core` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.2...4.1.3) --- updated-dependencies: - dependency-name: org.jline:jline-reader dependency-version: 4.1.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-style dependency-version: 4.1.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-builtins dependency-version: 4.1.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-console dependency-version: 4.1.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-console-ui dependency-version: 4.1.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-terminal dependency-version: 4.1.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-terminal-ffm dependency-version: 4.1.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-terminal-jni dependency-version: 4.1.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.jline:jline-native dependency-version: 4.1.3 dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.jline:jansi-core dependency-version: 4.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…adlock, mutable properties) (#12166) * Fix deadlock in AbstractRequestCache.requests() due to unstable hashCode The `requests()` method uses a HashMap to coordinate batch results between the batch supplier and the individual CachingSupplier instances. When a request object's hashCode() changes between HashMap.put() and HashMap.containsKey() (e.g., because ResolverRequest includes a RequestTrace with mutable ModelBuilderRequest data), the key is stored in one bucket but looked up in another, causing containsKey() to return false. The individualSupplier then waits forever for a result that is already in the map but unreachable. Switch to IdentityHashMap which uses System.identityHashCode() and reference equality (==), both of which are stable regardless of mutable object state. This is safe because the code always uses the same object reference for put and get. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix re-entrant self-deadlock in CachingSupplier during batch cache computation When requests() stores CachingSuppliers wrapping individualSupplier in the session cache, a re-entrant call from the same thread can self-deadlock: the batch computation triggers request() which finds the cached entry, calls individualSupplier.apply() which wait()s for the batch to complete, but the batch can't complete because this thread is now blocked. Track the computing thread in CachingSupplier and throw CyclicCacheAccessException on re-entrant access. The request() method catches this and falls back to computing directly with the caller's supplier, bypassing the cache for that one call. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Always snapshot system/user properties in ModelBuilderRequest When systemProperties or userProperties are null, the constructor fell through to session.getSystemProperties() without Map.copyOf(). That returns a live view over java.util.Properties, whose hashCode() mutates if System.setProperty() is called. Since ModelBuilderRequest ends up as RequestTrace.data in parent traces, and ResolverRequest.hashCode() recurses through the entire trace chain, this made cache keys unstable. Always wrap in Map.copyOf() regardless of the source. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…mvnup (#12158) (#12222) The undefined property detection in CompatibilityFixStrategy only performed static analysis of reactor POMs, missing properties inherited from remote parent POMs. This caused valid dependencyManagement entries to be incorrectly commented out, breaking child modules relying on them for version resolution. Now uses buildEffectiveModel to collect properties from the full parent chain, including remote parents resolved via relativePath or Maven repositories. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…plugins (#12223) * Fix mvnup plugin upgrade for versions locked by parent's build/plugins (#12165) When a remote parent POM declares a plugin with an explicit version in build/plugins (not via pluginManagement), adding a pluginManagement entry in the child is insufficient — the parent's explicit version takes precedence. The analysis now compares each plugin's effective version in build/plugins against build/pluginManagement/plugins: - Same version: version comes from PM, pluginManagement override works - Different version (or absent from PM): explicit version in parent's plugins, needs a direct build/plugins entry to override Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * spotless --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…f converting them (#12160) (#12224) Maven 3 silently ignored invalid combine.self and combine.children attribute values, so removing them entirely preserves actual Maven 3 behavior. Previously mvnup converted specific invalid values (e.g. combine.self="append" → "merge"), which could miss other invalid values and subtly changed semantics. Now both fixers detect any invalid value against the full set of valid values (combine.self: override/merge/remove; combine.children: append/merge), remove the attribute, and collect to a list before mutating to avoid potential stream processing issues. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…ns (#12172) (#12225) maven-compiler-plugin was listed as 3.2.0 but Maven Central only has 3.2, causing resolution failures. exec-maven-plugin had wrong groupId (org.apache.maven.plugins) and artifactId (maven-exec-plugin), inconsistent with getPluginUpgradesMap() which correctly uses org.codehaus.mojo:exec-maven-plugin. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…12226) Version 4.9.2 still calls add() on immutable lists returned by Maven 4 API. The fix (commit e6d922eb) landed in 4.9.5, the first version published to Maven Central after the fix. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…tion (#12184) (#12227) The model builder inconsistently used session properties for CI-friendly version replacement and model property merging, while model interpolation used request properties. When user properties on the ModelBuilderRequest differ from the Session (e.g. -Drevision=2.0.0 overriding a POM-defined revision), ${revision} in dependency versions and distributionManagement was not properly resolved. Fix three places in DefaultModelBuilder to use request properties: - getPropertiesWithProfiles(): use request system+user properties instead of session.getEffectiveProperties() - doReadFileModel(): use request.getUserProperties() instead of session.getUserProperties() for model property and profile merging Also fix DefaultConsumerPomBuilder.buildModel() to pass API Session properties (iSession) instead of RepositorySystemSession properties to the model builder request, ensuring consumer POM builds have access to the full set of user properties. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…istencies (#12200) (#12228) - exec-maven-plugin: bump from 3.2.0 to 3.5.0 (3.1.0 and earlier use MavenSession.getContainer() which returns null in Maven 4) - Fix PLUGIN_UPGRADES list: exec-maven-plugin had wrong groupId (org.apache.maven.plugins) and artifactId (maven-exec-plugin) - Fix compiler-plugin min version in PLUGIN_UPGRADES: 3.2.0 → 3.2 (3.2.0 does not exist on Maven Central) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
#12229) * mvnup: comment out repositories with undefined property expressions Projects like uima-uimaj, opennlp-sandbox, and seatunnel-shade define repositories with ${eclipseP2RepoId} in the repo ID. This property is never defined — it was used as a literal string in Maven 3. Maven 4 rejects it with IllegalArgumentException at runtime. Extend the mvnup compatibility fix strategy to detect and comment out repositories and plugin repositories whose id or url contain undefined property expressions, following the same pattern used for dependencies (#12080). Handles both root-level and profile-level repositories. * Filter project repositories with uninterpolated property expressions When a project POM defines repositories with ${...} expressions that cannot be resolved (e.g. ${eclipseP2RepoId}), Maven 4 previously failed with InternalErrorException. This change downgrades the model validation from ERROR to WARNING and filters such repositories before they reach the resolver, logging a warning instead of failing the build. --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…12205) (#12230) * Fix mvnup effective model analysis for CI-friendly parent versions mvnup's PluginUpgradeStrategy copied POMs to a temp directory for effective model analysis. That temp directory lacked .mvn, so root detection failed for child modules with ${revision} parent versions, producing "Parent POM is located above the root directory" errors. Eliminate the temp directory entirely — build effective models from the original file paths, which already have proper .mvn and project structure for root detection. Also fix DefaultModelBuilder.doReadFileModel() to: - Enter the parent resolution block when parent version contains expressions (${revision}, etc.) - Only enforce isParentWithinRootDirectory when rootDirectory came from the session, not the fallback heuristic - Accept parent version match when version contains an expression * Fix Spotless formatting violation --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Add required super("[4.0.0-rc-1,)") constructor call. On 4.0.x,
AbstractMavenIntegrationTestCase has no no-arg constructor unlike
master, so cherry-picked tests need the version range argument.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Static filed in Junit extension can impact on tests executed in parallel. For static methods preserver current test context in local thread. (cherry picked from commit 52c4d43)
…ory override (#11826) (#12231) The test was disabled in 2021 after the fix was reverted twice. Maven 4's session-based architecture fixes the root cause: the new DefaultModelBuilder properly propagates user-configured repositories (including central overrides) through nested import scope resolution. Both test scenarios (testitInProject and testitInDependency) now pass. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…osal (#11825) (#12232) * [MNG-8572] Fix @PreDestroy ClassNotFoundException caused by premature ClassRealm disposal The Plexus Disposable.dispose() lifecycle runs before Sisu's @PreDestroy callbacks. When dispose() called flush(), it disposed ClassRealms before @PreDestroy methods on beans loaded from those realms could execute, causing ClassNotFoundException. Change dispose() to only clear the cache map without disposing realms. The flush() method (used for explicit cache clearing between builds) remains unchanged. ClassRealms are disposed when the PlexusContainer shuts down after all lifecycle callbacks complete. * Add test for dispose() vs flush() ClassRealm behavior Verifies that dispose() clears the cache without disposing ClassRealms (so @PreDestroy callbacks can still execute), while flush() disposes both the cache and the realms. --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…hases (#11889) (#12233) When a custom lifecycle registered via components.xml maps plugin goals to standard lifecycle phases (e.g., process-sources) via <default-phases>, the LifecycleWrapperProvider now includes those entries as additional phases in the wrapped API Lifecycle. The v3phases() method is overridden to return only the custom lifecycle's own phases, ensuring computePhases() is unaffected while getDefaultPhases() correctly picks up the bindings. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…filtering errors (#11888) (#12234) * Fix #11856: Improve error message for prefix-based remote repository filtering errors * Fix #11856: Mention both prefixes and groupId filters in error message The ArtifactFilteredOutException can be triggered by either the prefixes or the groupId remote repository filter. Update the error message to mention both properties so users know which to disable. * Refactor: Convert error message string concatenation to text block Replace multi-line string concatenation with System.lineSeparator() calls with a cleaner text block in DefaultExceptionHandler. The error message for ArtifactFilteredOutException now uses Java text blocks (triple-quoted strings) instead of the + operator, improving readability and maintainability. --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Claude Code <claude@anthropic.com>
The DefaultModelPathTranslator was aligning Source.targetPath to the project basedir, converting relative paths like "META-INF/tags/rdc" into absolute paths. This caused maven-resources-plugin to copy resources to wrong locations (e.g., /META-INF/tags/rdc instead of target/classes/META-INF/tags/rdc). The targetPath is relative to the output directory (target/classes or target/test-classes), not the project basedir, so it must not be resolved against basedir during model path translation. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…ions (#11780) (#12236) * [GH-11772] Fail-fast consumer POM validation for non-4.0.0 model versions When a POM-packaged project (parent POM) uses Maven 4.1.0 features like profile conditions that cannot be stripped during consumer POM transformation, the build now fails fast with actionable guidance instead of silently deploying a consumer POM that Maven 3 and Gradle cannot resolve. The validation applies only to: - POM-packaged projects (parent POMs) on the non-flatten path - Projects without preserve.model.version=true Also adds a maven.consumer.pom.removeUnusedManagedDependencies property (default: true) to control whether unused managed dependencies are removed during consumer POM flattening. * Refactor consumer POM validation error message to use text blocks Convert string concatenation in the consumer POM model version validation error message to use Java text blocks for improved readability and maintainability. The multi-line error message is now expressed as a text block with .formatted() for parameter substitution. This change affects the validation that ensures POM-packaged projects can be downgraded to model version 4.0.0 for Maven 3/Gradle compatibility. * Fix Spotless formatting violation --------- Co-authored-by: Claude Code <claude@anthropic.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
backport in 4.0.x of #12243 for 4.1.x