Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[MNG-5968] Default plugin version updates #151

Closed
wants to merge 1 commit into from
Closed

[MNG-5968] Default plugin version updates #151

wants to merge 1 commit into from

Conversation

slachiewicz
Copy link
Member

o Updated default plugin versions to latest release version to bring in the latest fixes (and issues to report).
o Updated to correct the 'ear' packaging bindings.
o Downgraded the 'maven-plugin-plugin' from 3.4 to 3.3 due to MPLUGIN-296.
o Updated to 'maven-site-plugin' 3.7

@slachiewicz
[MNG-5968] Default plugin version updates.
235eaaa 
o Updated default plugin versions to latest release version to bring in the latest fixes (and issues to report).
o Updated to correct the 'ear' packaging bindings.
o Downgraded the 'maven-plugin-plugin' from 3.4 to 3.3  due to MPLUGIN-296.
o Updated to 'maven-site-plugin' 3.7
@slachiewicz
Copy link
Member Author

I found this changes in abdoned 3.4 line. Should also fix MNG-5992

@hboutemy
Copy link
Member

hboutemy commented Jan 7, 2018

I'm not a fan of default plugins updates in core:

  • depending on default versions is a bad practice, we expect users to explicitely choose their version through pluginManagement (and we display a big WARNING in case they don't do it)
  • it changes behaviour when switching from one mvn version to the other

then IMHO changing default plugins version should really be driven by key issues that we really want to avoid for untrained people (who don't know the requirement to define their choice): for example MNG-5992 would such an exception (default security is more important than helping people know that they need to choose their plugins versions by letting old plugins versions by default)

@hboutemy
Copy link
Member

hboutemy commented Jan 7, 2018

other topics:

  • MNG-5968 is closed
  • MNG-5968 is not about default plugins versions, but about Maven core build

if you rework this PR to focus on MNG-5992, ie providing a more secure maven-release-plugin by default in Super POM, I would push this one
If you want to update other plugins, please consider other PRs with other Jira issues, since I will challenge the change seriously :)

@slachiewicz
Copy link
Member Author

Thank you for the explanation, I have seen previous discussions about the update - for sure the refreshment of the topic will be useful like MNG-6169
I have prepared fix for MNG-5992 and clossing this pull.

@slachiewicz slachiewicz closed this Jan 7, 2018
pzygielo pushed a commit to pzygielo/maven that referenced this pull request Jan 4, 2023
@dependabot
Bump jackson-databind in /src/it/projects/bom-pomElements/bom (apache…
939c5fd 
…#151)

Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.9.10.1 to 2.9.10.4.
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@slachiewicz @hboutemy