Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork1.4k
build(deps)!: bump maven-core from 3.6.3 to 3.8.1#7612
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:main
Are you sure you want to change the base?
Uh oh!
There was an error while loading.Please reload this page.
Conversation
BREAKING CHANGE: dependency-check-maven now requires maven 3.8.1 or newerresolves#7566
aikebah left a comment• edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LGTM; not required, but it saves us a whole lot of confusion and anyone interested in secure development pipelines should've upgraded to 3.8.1 or later anyhow.
Not sure how soon you'd like to release it as I can foresee my local attempts to get rid of the deprecated maven-artifact-transfer (https://github.com/apache/maven-artifact-transfer?tab=readme-ov-file#deprecation) as something that could likely trigger a new major (as it would be a good time to further cleanup/refactoring of the maven plugin amongst others addressing the plugin-dependencies-scope issue).
Hope to spend some serious time on that the week after ascension day.
@aikebah I'm fine holding off on publishing this so we can combine a few breaking changes. I don't see this PR as too high of a priority. |
BREAKING CHANGE: dependency-check-maven now requires maven 3.8.1 or newer
Resolves#7566