You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@maven.apache.org by GitBox <gi...@apache.org> on 2021/12/03 02:51:29 UTC
[GitHub] [maven-site-plugin] olamy opened a new pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
olamy opened a new pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] michael-o commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
michael-o commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r427603026
##########
File path: src/it/projects/new-configuration/pom.xml
##########
@@ -76,7 +76,7 @@ under the License.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>2.7</version>
+ <version>@javadocPluginVersion@</version>
Review comment:
+1 on the JIRA ticket. If you are not willing to clean up. Leave as-is and have someone else clean it up. No issue.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] yeikel commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
yeikel commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-984729207
Sorry to bump, but what happened to this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] yeikel commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
yeikel commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-907681304
>
>
> > Hi, what's blocking this? 9.2.29 is not safe anymore
>
> Not safe for what?
Sorry, my initial comment was vague.
There are a couple of security vulnerabilities against Jetty, such as :
CVE-2021-28165
CVE-2021-28164
CVE-2021-28163
Read more : https://www.cybersecurity-help.cz/vdb/SB2021040179
https://www.eclipse.org/jetty/security_reports.php
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] olamy commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x
Posted by GitBox <gi...@apache.org>.
olamy commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r425567345
##########
File path: pom.xml
##########
@@ -211,6 +211,9 @@ under the License.
<projectInfoReportsPluginVersion>2.7</projectInfoReportsPluginVersion>
<surefirePluginVersion>2.22.1</surefirePluginVersion>
<project.build.outputTimestamp>2020-03-06T20:49:49Z</project.build.outputTimestamp>
+ <maven.compiler.target>1.8</maven.compiler.target>
+ <maven.compiler.source>1.8</maven.compiler.source>
+ <jettyVersion>9.4.12.v20180830</jettyVersion>
Review comment:
oops thanks
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] olamy commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
olamy commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r427588408
##########
File path: src/it/projects/new-configuration/pom.xml
##########
@@ -76,7 +76,7 @@ under the License.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>2.7</version>
+ <version>@javadocPluginVersion@</version>
Review comment:
I use java11 so the IT tests was failing for locally because of this
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] olamy closed pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
olamy closed pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] slachiewicz commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
slachiewicz commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-911379039
`Total 5 (delta 2), reused 0 (delta 0), pack-reused 0
remote: remote:
remote: remote: GitHub found 18 vulnerabilities on apache/maven-site-plugin's default branch (15 high, 2 moderate, 1 low). To find out more, visit:
remote: remote: https://github.com/apache/maven-site-plugin/security/dependabot
remote: remote:
`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] mthmulders commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x
Posted by GitBox <gi...@apache.org>.
mthmulders commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r425085702
##########
File path: pom.xml
##########
@@ -211,6 +211,9 @@ under the License.
<projectInfoReportsPluginVersion>2.7</projectInfoReportsPluginVersion>
<surefirePluginVersion>2.22.1</surefirePluginVersion>
<project.build.outputTimestamp>2020-03-06T20:49:49Z</project.build.outputTimestamp>
+ <maven.compiler.target>1.8</maven.compiler.target>
+ <maven.compiler.source>1.8</maven.compiler.source>
+ <jettyVersion>9.4.12.v20180830</jettyVersion>
Review comment:
`jettyVersion` is defined twice (here and in line 203)?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] olamy commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
olamy commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-910947476
> > Somewhat. They block Jetty for everyone(including the projects where the vulnerabilities applies) which affects this plugin indirectly.
> > If it helps, what we use is similar to this :
> > https://www.google.com/amp/s/blog.sonatype.com/keeping-third-party-dependencies-in-check-with-nexus%3fhs_amp=true
>
> Many vendors provide this superficial crap -- as you can see it proves nothing here.
>
@michael-o
so many tools send warning/alarms because of dependencies with security issues/CVE.
maybe (certainly) it's wrong but big companies use those tools as a policy and we can't fight this!!
BUT we still want people using Apache Maven so we have to live with that!
@yeikel
I will update this PR
> > If this PR is considered stale then I can resume and maybe target the latest version instead?
>
> Split between Java 8 upgrade and Jetty upgrade in at least two PRs.
>
> @hboutemy @rfscholte Yet another reason why we need to split this plugin in two.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] olamy commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x
Posted by GitBox <gi...@apache.org>.
olamy commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r425568135
##########
File path: pom.xml
##########
@@ -196,11 +196,11 @@ under the License.
<properties>
<mavenVersion>3.0</mavenVersion>
- <javaVersion>7</javaVersion>
+ <javaVersion>8</javaVersion>
Review comment:
we need 8 for the change so let's do it all together
except having a sort of bureaucratic own PR I cannot see the technical need :)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] michael-o commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
michael-o commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-910510416
>
>
> Somewhat. They block Jetty for everyone(including the projects where the vulnerabilities applies) which affects this plugin indirectly.
>
> If it helps, what we use is similar to this :
> https://www.google.com/amp/s/blog.sonatype.com/keeping-third-party-dependencies-in-check-with-nexus%3fhs_amp=true
Many vendors provide this superficial crap -- as you can see it proves nothing here.
> If this PR is considered stale then I can resume and maybe target the latest version instead?
Split between Java 8 upgrade and Jetty upgrade in at least two PRs.
@hboutemy @rfscholte Yet another reason why we need to split this plugin in two.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] elharo commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x
Posted by GitBox <gi...@apache.org>.
elharo commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r425124986
##########
File path: Jenkinsfile
##########
@@ -17,4 +17,4 @@
* under the License.
*/
-asfMavenTlpPlgnBuild(jdk:['7','8','11','12'], maven:['3.0.x', '3.2.x', '3.3.x', '3.5.x'])
+asfMavenTlpPlgnBuild(jdk:['8','11','12'], maven:['3.2.x', '3.3.x', '3.5.x'])
Review comment:
3.1 seems more important than 3.2
and perhaps 3.6?
##########
File path: pom.xml
##########
@@ -196,11 +196,11 @@ under the License.
<properties>
<mavenVersion>3.0</mavenVersion>
- <javaVersion>7</javaVersion>
+ <javaVersion>8</javaVersion>
Review comment:
This change should probably be made, if at all, in its own PR, not as a driveby of a minor version dependency update
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] olamy merged pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
olamy merged pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-site-plugin] olamy commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
olamy commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r427603657
##########
File path: src/it/projects/new-configuration/pom.xml
##########
@@ -76,7 +76,7 @@ under the License.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>2.7</version>
+ <version>@javadocPluginVersion@</version>
Review comment:
LOL thanks you made my day
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] michael-o commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
michael-o commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r427591833
##########
File path: src/it/projects/new-configuration/pom.xml
##########
@@ -76,7 +76,7 @@ under the License.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>2.7</version>
+ <version>@javadocPluginVersion@</version>
Review comment:
Makes sense, but should be a separate PR because it is logically not related.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] slachiewicz commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x
Posted by GitBox <gi...@apache.org>.
slachiewicz commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r425130232
##########
File path: Jenkinsfile
##########
@@ -17,4 +17,4 @@
* under the License.
*/
-asfMavenTlpPlgnBuild(jdk:['7','8','11','12'], maven:['3.0.x', '3.2.x', '3.3.x', '3.5.x'])
+asfMavenTlpPlgnBuild(jdk:['8','11','12'], maven:['3.2.x', '3.3.x', '3.5.x'])
Review comment:
Maybe we can define asfMavenTlpPlgnBuild8() function - more and more plugins will move to next java over time. Then we can controll centrally on what mvn versions we run tests.
Cases to consider - new minimum mvn version, and java 8
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] michael-o commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
michael-o commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r427584057
##########
File path: pom.xml
##########
@@ -211,6 +211,8 @@ under the License.
<projectInfoReportsPluginVersion>2.7</projectInfoReportsPluginVersion>
<surefirePluginVersion>2.22.1</surefirePluginVersion>
<project.build.outputTimestamp>2020-03-06T20:49:49Z</project.build.outputTimestamp>
+ <maven.compiler.target>1.8</maven.compiler.target>
Review comment:
I am confused. We have `javaVersion`. Why did you set these too?
##########
File path: pom.xml
##########
@@ -473,28 +474,28 @@ under the License.
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
- <version>1.5.3</version>
+ <version>1.7.29</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
- <version>1.5.3</version>
+ <version>1.7.29</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
- <version>1.6.1</version>
+ <version>1.7.29</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
- <version>3.4</version>
+ <version>3.5</version>
Review comment:
Seems unrelated.
##########
File path: pom.xml
##########
@@ -473,28 +474,28 @@ under the License.
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
- <version>1.5.3</version>
+ <version>1.7.29</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
- <version>1.5.3</version>
+ <version>1.7.29</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
- <version>1.6.1</version>
+ <version>1.7.29</version>
Review comment:
This should be a property and match the version on Maven core.
##########
File path: pom.xml
##########
@@ -623,6 +624,7 @@ under the License.
<maven.compiler.source>${maven.compiler.source}</maven.compiler.source>
<maven.compiler.target>${maven.compiler.target}</maven.compiler.target>
</properties>
+ <javaHome>${java.home}</javaHome>
Review comment:
Why is that necessary?
##########
File path: src/it/projects/new-configuration/pom.xml
##########
@@ -76,7 +76,7 @@ under the License.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>2.7</version>
+ <version>@javadocPluginVersion@</version>
Review comment:
How are these related?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] yeikel commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
yeikel commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-1047878111
> I rebased from master. will wait few days and if no complain I will merge that.
Did you get a chance to work on this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-site-plugin] yeikel commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
yeikel commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-910379293
> >
> >
> > > > Hi, what's blocking this? 9.2.29 is not safe anymore
> > >
> > >
> > > Not safe for what?
> >
> > Sorry, my initial comment was vague.
> >
> > There are a couple of security vulnerabilities against Jetty, such as :
> >
> > [CVE-2021-28165](https://github.com/advisories/GHSA-26vr-8j45-3r4w)
> > [CVE-2021-28164](https://github.com/advisories/GHSA-v7ff-8wcx-gmc5)
> > [CVE-2021-28163](https://github.com/advisories/GHSA-j6qj-j888-vvgq)
> >
> > Read more : https://www.cybersecurity-help.cz/vdb/SB2021040179
> > https://www.eclipse.org/jetty/security_reports.php
>
> and none of them affect this plugin if you'd knew what we do with Jetty.
That makes sense. Problem is that security scans do not have the background about this is used within the plugin and they simply block the build when the plugin tries to pull Jetty
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] yeikel commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
yeikel commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-907342007
Hi, what's blocking this? 9.2.29 is not safe anymore
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] michael-o commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
michael-o commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-907682185
>
>
> > > Hi, what's blocking this? 9.2.29 is not safe anymore
> >
> >
> > Not safe for what?
>
> Sorry, my initial comment was vague.
>
> There are a couple of security vulnerabilities against Jetty, such as :
>
> [CVE-2021-28165](https://github.com/advisories/GHSA-26vr-8j45-3r4w)
> [CVE-2021-28164](https://github.com/advisories/GHSA-v7ff-8wcx-gmc5)
> [CVE-2021-28163](https://github.com/advisories/GHSA-j6qj-j888-vvgq)
>
> Read more : https://www.cybersecurity-help.cz/vdb/SB2021040179
> https://www.eclipse.org/jetty/security_reports.php
and none of them affect this plugin if you'd knew what we do with Jetty.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] olamy commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
olamy commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r427591510
##########
File path: pom.xml
##########
@@ -473,28 +474,28 @@ under the License.
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
- <version>1.5.3</version>
+ <version>1.7.29</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
- <version>1.5.3</version>
+ <version>1.7.29</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
- <version>1.6.1</version>
+ <version>1.7.29</version>
Review comment:
see slf4j version in core https://github.com/apache/maven/blob/5397fb66e7ea45dd756cd48c18f7dc476e2a06a6/pom.xml#L69
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] michael-o commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
michael-o commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-910398852
> > > > > Hi, what's blocking this? 9.2.29 is not safe anymore
> > > >
> > > >
> > > > Not safe for what?
> > >
> > >
> > > Sorry, my initial comment was vague.
> > > There are a couple of security vulnerabilities against Jetty, such as :
> > > [CVE-2021-28165](https://github.com/advisories/GHSA-26vr-8j45-3r4w)
> > > [CVE-2021-28164](https://github.com/advisories/GHSA-v7ff-8wcx-gmc5)
> > > [CVE-2021-28163](https://github.com/advisories/GHSA-j6qj-j888-vvgq)
> > > Read more : https://www.cybersecurity-help.cz/vdb/SB2021040179
> > > https://www.eclipse.org/jetty/security_reports.php
> >
> >
> > and none of them affect this plugin if you'd knew what we do with Jetty.
>
> That makes sense. Problem is that security scans do not have the background about how this is used within the plugin and they simply block the build when the plugin tries to pull Jetty
Therefore, I consider them partially useless. Just like this.
Maybe someone can rework the PR.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] olamy commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
olamy commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r427588408
##########
File path: src/it/projects/new-configuration/pom.xml
##########
@@ -76,7 +76,7 @@ under the License.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>2.7</version>
+ <version>@javadocPluginVersion@</version>
Review comment:
I use java11 so the IT tests were failing for locally because of this and need more recent java version
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] olamy commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
olamy commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r427587877
##########
File path: pom.xml
##########
@@ -196,11 +196,11 @@ under the License.
<properties>
<mavenVersion>3.0</mavenVersion>
- <javaVersion>7</javaVersion>
+ <javaVersion>8</javaVersion>
Review comment:
it's ALREADY there https://issues.apache.org/jira/browse/MSITE-828 and the git comment will clearly says that
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] olamy commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
olamy commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r427601611
##########
File path: src/it/projects/new-configuration/pom.xml
##########
@@ -76,7 +76,7 @@ under the License.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>2.7</version>
+ <version>@javadocPluginVersion@</version>
Review comment:
sorry but I will not do it. Maybe I should create a Jira ticket as well.
Seriously stop such nit picking... I prefer spend my time on more useful stuff for the project than waste my time remove this commit creating a branch and a separate PR only for this...
I don't see why it's useful for the project.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] olamy commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x
Posted by GitBox <gi...@apache.org>.
olamy commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r426105614
##########
File path: Jenkinsfile
##########
@@ -17,4 +17,4 @@
* under the License.
*/
-asfMavenTlpPlgnBuild(jdk:['7','8','11','12'], maven:['3.0.x', '3.2.x', '3.3.x', '3.5.x'])
+asfMavenTlpPlgnBuild(jdk:['8','11','12'], maven:['3.2.x', '3.3.x', '3.5.x'])
Review comment:
I changed it to `maven:['3.1.x', '3.3.x', '3.5.x', '3.6.x']` but looks to be a more generic issue than only this plugin/pr? :)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] michael-o commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
michael-o commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r427583663
##########
File path: pom.xml
##########
@@ -196,11 +196,11 @@ under the License.
<properties>
<mavenVersion>3.0</mavenVersion>
- <javaVersion>7</javaVersion>
+ <javaVersion>8</javaVersion>
Review comment:
@olamy I am the bureaucratic person. This needs to be changelog visible.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] michael-o commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
michael-o commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-907451903
>
>
> Hi, what's blocking this? 9.2.29 is not safe anymore
Not safe for what?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] rfscholte commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x
Posted by GitBox <gi...@apache.org>.
rfscholte commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r425670278
##########
File path: Jenkinsfile
##########
@@ -17,4 +17,4 @@
* under the License.
*/
-asfMavenTlpPlgnBuild(jdk:['7','8','11','12'], maven:['3.0.x', '3.2.x', '3.3.x', '3.5.x'])
+asfMavenTlpPlgnBuild(jdk:['8','11','12'], maven:['3.2.x', '3.3.x', '3.5.x'])
Review comment:
let's not make a separate method. My preferred solution would be to specify `[8..maxJdk]`, where `maxJdk` is an available constant in the script, but Groovy started to support this in the recent Groovy 3, not sure if Jenkins is already using this. Another solution would be `minJdk:'8'`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] olamy commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
olamy commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-911409468
@slachiewicz I saw and I guess because of https://issues.apache.org/jira/browse/MNG-7215
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] slachiewicz commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
slachiewicz commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-911407326
@olamy builds fails only on Maven 3.8.2, same on the master branch
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] michael-o commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
michael-o commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-911205914
> > > Somewhat. They block Jetty for everyone(including the projects where the vulnerabilities applies) which affects this plugin indirectly.
> > > If it helps, what we use is similar to this :
> > > https://www.google.com/amp/s/blog.sonatype.com/keeping-third-party-dependencies-in-check-with-nexus%3fhs_amp=true
> >
> >
> > Many vendors provide this superficial crap -- as you can see it proves nothing here.
>
> @michael-o
> so many tools send warning/alarms because of dependencies with security issues/CVE.
> maybe (certainly) it's wrong but big companies use those tools as a policy and we can't fight this!!
> BUT we still want people using Apache Maven so we have to live with that!
I know and that is sadly stupid.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] olamy commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
olamy commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r427595053
##########
File path: pom.xml
##########
@@ -473,28 +474,28 @@ under the License.
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
- <version>1.5.3</version>
+ <version>1.7.29</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
- <version>1.5.3</version>
+ <version>1.7.29</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
- <version>1.6.1</version>
+ <version>1.7.29</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
- <version>3.4</version>
+ <version>3.5</version>
Review comment:
while investigating while java11 was failing local build I tought maybe it's the old bug from commons-lang3.
anyway such upgrade doesn't hurt
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] yeikel edited a comment on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
yeikel edited a comment on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-910379293
> >
> >
> > > > Hi, what's blocking this? 9.2.29 is not safe anymore
> > >
> > >
> > > Not safe for what?
> >
> > Sorry, my initial comment was vague.
> >
> > There are a couple of security vulnerabilities against Jetty, such as :
> >
> > [CVE-2021-28165](https://github.com/advisories/GHSA-26vr-8j45-3r4w)
> > [CVE-2021-28164](https://github.com/advisories/GHSA-v7ff-8wcx-gmc5)
> > [CVE-2021-28163](https://github.com/advisories/GHSA-j6qj-j888-vvgq)
> >
> > Read more : https://www.cybersecurity-help.cz/vdb/SB2021040179
> > https://www.eclipse.org/jetty/security_reports.php
>
> and none of them affect this plugin if you'd knew what we do with Jetty.
That makes sense. Problem is that security scans do not have the background about how this is used within the plugin and they simply block the build when the plugin tries to pull Jetty
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] olamy commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
olamy commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-985171206
I rebased from master.
will wait few days and if no complain I will merge that.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] yeikel commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
yeikel commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-910950725
> > > Somewhat. They block Jetty for everyone(including the projects where the vulnerabilities applies) which affects this plugin indirectly.
> > > If it helps, what we use is similar to this :
> > > https://www.google.com/amp/s/blog.sonatype.com/keeping-third-party-dependencies-in-check-with-nexus%3fhs_amp=true
> >
> > Many vendors provide this superficial crap -- as you can see it proves nothing here.
> >
>
> @michael-o
> so many tools send warning/alarms because of dependencies with security issues/CVE.
> maybe (certainly) it's wrong but big companies use those tools as a policy and we can't fight this!!
> BUT we still want people using Apache Maven so we have to live with that!
>
> @yeikel
> I will update this PR
>
> > > If this PR is considered stale then I can resume and maybe target the latest version instead?
> >
> > Split between Java 8 upgrade and Jetty upgrade in at least two PRs.
> >
> > @hboutemy @rfscholte Yet another reason why we need to split this plugin in two.
>
>
Definitely. We had to overwrite the version manually in our build to be able to use the plugin but doing so without the corresponding tests could introduce unexpected regressions for us
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] slawekjaranowski commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
slawekjaranowski commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-911432504
> @olamy builds fails only on Maven 3.8.2, same on the master branch
All GitHub runners will have Maven `3.8.2` in a moment
https://github.com/actions/virtual-environments/issues/3969
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] yeikel commented on pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
yeikel commented on pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#issuecomment-910492406
Somewhat. They block Jetty for everyone(including the projects where the vulnerabilities applies) which affects this plugin indirectly.
If it helps, what we use is similar to this :
https://www.google.com/amp/s/blog.sonatype.com/keeping-third-party-dependencies-in-check-with-nexus%3fhs_amp=true
If this PR is considered stale then I can resume and maybe target the latest version instead?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] [maven-site-plugin] michael-o commented on a change in pull request #21: [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now
Posted by GitBox <gi...@apache.org>.
michael-o commented on a change in pull request #21:
URL: https://github.com/apache/maven-site-plugin/pull/21#discussion_r427591526
##########
File path: pom.xml
##########
@@ -196,11 +196,11 @@ under the License.
<properties>
<mavenVersion>3.0</mavenVersion>
- <javaVersion>7</javaVersion>
+ <javaVersion>8</javaVersion>
Review comment:
Good, let's re-merge MSITE-828 first.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org