-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Modernizing POM #14
Modernizing POM #14
Conversation
Hi Jesse,
So, I cloned your fork and I'm working on the issue:
|
Fix pulled to master branch in upstream repo. |
Yes, that would be one benefit.
b89e536, OK. To be clear, this patch is untested. |
<jenkins.version>2.138</jenkins.version> | ||
<java.level>8</java.level> | ||
<slf4jVersion>1.7.26</slf4jVersion> | ||
<jenkins.version>2.277.4</jenkins.version> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(first LTS with new Spring Security)
<dependency> | ||
<groupId>org.ow2.clif</groupId> | ||
<artifactId>clif-api</artifactId> | ||
<version>3.0.1</version> | ||
<exclusions> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally means that runtime behavior is hard to predict. You can try
- manual sanity checks
RealJenkinsRule
pluginFirstClassLoading
(also dangerous)- using a different artifact that has fewer deps
- forking a tool rather than trying to load it inside the controller’s JVM
I'm going to test this. |
Neither is the
Yes, newer POM and core versions do not include the |
OK, thanks for your feedback. OK, let's switch to this implementation bound to the spotbugs tool.
I tried to get some information about this issue but could not find a solution. Are you aware of this issue? Is it a problem or may we just live with it? |
Not sure what is causing that warning exactly. Maven is seeing some repository definition, either in some transitive POM or in your local settings, which uses insecure |
Unclear how this will all work at runtime; without
RealJenkinsRule
it is hard to predict. https://www.jenkins.io/doc/developer/plugin-development/dependencies-and-class-loading/ The dependencies in this plugin seem to overlap heavily with things supplied by Jenkins core.