Skip to content

build(deps)!: bump maven-core from 3.6.3 to 3.8.1 #7612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps)!: bump maven-core from 3.6.3 to 3.8.1 #7612

wants to merge 1 commit into from

Conversation

jeremylong
Copy link
Collaborator

BREAKING CHANGE: dependency-check-maven now requires maven 3.8.1 or newer
Resolves #7566

@jeremylong
build(deps)!: bump maven-core from 3.6.3 to 3.8.1
4566b08 
BREAKING CHANGE: dependency-check-maven now requires maven 3.8.1 or newer
resolves #7566
@boring-cyborg boring-cyborg bot added ant changes to ant cli changes to the cli core changes to core documentation site documentation maven changes to the maven plugin utils changes to utils labels Apr 22, 2025
@jeremylong jeremylong requested a review from aikebah April 22, 2025 10:27
aikebah
aikebah approved these changes Apr 22, 2025
View reviewed changes
Copy link
Collaborator

@aikebah aikebah left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM; not required, but it saves us a whole lot of confusion and anyone interested in secure development pipelines should've upgraded to 3.8.1 or later anyhow.

Not sure how soon you'd like to release it as I can foresee my local attempts to get rid of the deprecated maven-artifact-transfer (https://github.com./apache/maven-artifact-transfer?tab=readme-ov-file#deprecation) as something that could likely trigger a new major (as it would be a good time to further cleanup/refactoring of the maven plugin amongst others addressing the plugin-dependencies-scope issue).

Hope to spend some serious time on that the week after ascension day.

@jeremylong
Copy link
Collaborator Author

@aikebah I'm fine holding off on publishing this so we can combine a few breaking changes. I don't see this PR as too high of a priority.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aikebah aikebah aikebah approved these changes

@nhumblot nhumblot nhumblot approved these changes

Assignees
No one assigned
Labels
ant changes to ant cli changes to the cli core changes to core documentation site documentation maven changes to the maven plugin utils changes to utils
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Pulling in old vulnerable version of maven-core
3 participants
@jeremylong @aikebah @nhumblot