Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update maven.version [SECURITY] #19

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update maven.version [SECURITY] #19

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 4, 2022
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.apache.maven:maven-core 3.0.5 -> 3.8.1 age adoption passing confidence
org.apache.maven:maven-model 3.0.5 -> 3.9.9 age adoption passing confidence
org.apache.maven:maven-settings 3.0.5 -> 3.9.9 age adoption passing confidence
org.apache.maven:maven-artifact 3.0.5 -> 3.9.9 age adoption passing confidence
org.apache.maven:maven-plugin-api 3.0.5 -> 3.9.9 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-26291

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@0crat 0crat added the 0crat/new label Nov 4, 2022
@0crat
Copy link

0crat commented Nov 4, 2022

@renovate/z[bot] this pull request is too small, just 2 lines changed (less than 10), there will be no formal code review, see §53 and §28; in the future, try to make sure your pull requests are not too small; @yegor256/z please review this and merge or reject

@yegor256
Copy link
Member

yegor256 commented Nov 4, 2022

@rultor please, try to merge

@rultor
Copy link
Contributor

rultor commented Nov 4, 2022

@rultor please, try to merge

@yegor256 OK, I'll try to merge now. You can check the progress of the merge here

@rultor
Copy link
Contributor

rultor commented Nov 4, 2022

@rultor please, try to merge

@renovate[bot] @yegor256 Oops, I failed. You can see the full log here (spent 59min)

    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
    at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:294)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:566)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.eclipse.aether.transfer.ArtifactNotFoundException: Could not find artifact com.sun:tools:jar:1.5.0 at specified path /usr/lib/jvm/java-11-openjdk-amd64/../lib/tools.jar
    at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve (DefaultArtifactResolver.java:266)
    at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts (DefaultArtifactResolver.java:229)
    at org.eclipse.aether.internal.impl.DefaultRepositorySystem.resolveDependencies (DefaultRepositorySystem.java:340)
    at org.apache.maven.plugin.internal.DefaultPluginDependenciesResolver.resolveInternal (DefaultPluginDependenciesResolver.java:226)
    at org.apache.maven.plugin.internal.DefaultPluginDependenciesResolver.resolve (DefaultPluginDependenciesResolver.java:165)
    at org.apache.maven.plugin.internal.DefaultMavenPluginManager.createPluginRealm (DefaultMavenPluginManager.java:404)
    at org.apache.maven.plugin.internal.DefaultMavenPluginManager.setupPluginRealm (DefaultMavenPluginManager.java:374)
    at org.apache.maven.plugin.DefaultBuildPluginManager.getPluginRealm (DefaultBuildPluginManager.java:234)
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:105)
    at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:370)
    at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:351)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
    at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:294)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:566)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
[ERROR] 
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginResolutionException
\u001b[0m\u001b[0mcontainer fbc638a5c024a04719014a3dc7b11e21a863dacbedb9bd1585c72934f6a2da3d is dead
Fri 04 Nov 2022 08:29:16 PM CET

@renovate renovate bot changed the title Update maven.version to v3.8.6 Update maven.version to v3.8.7 Dec 30, 2022
@renovate renovate bot force-pushed the renovate/maven.version branch from b693ef1 to 651834e Compare December 30, 2022 23:07
@renovate renovate bot changed the title Update maven.version to v3.8.7 Update maven.version to v3.9.0 Mar 16, 2023
@renovate renovate bot force-pushed the renovate/maven.version branch from 651834e to 1cb81b2 Compare March 16, 2023 19:56
@renovate renovate bot changed the title Update maven.version to v3.9.0 Update maven.version to v3.9.1 Apr 3, 2023
@renovate renovate bot force-pushed the renovate/maven.version branch from 1cb81b2 to b9ac6b6 Compare April 3, 2023 16:01
@renovate renovate bot changed the title Update maven.version to v3.9.1 Update maven.version to v3.9.2 May 30, 2023
@renovate renovate bot force-pushed the renovate/maven.version branch from b9ac6b6 to 7ff0a92 Compare May 30, 2023 19:59
@renovate renovate bot changed the title Update maven.version to v3.9.2 Update maven.version to v3.9.3 Jun 26, 2023
@renovate renovate bot force-pushed the renovate/maven.version branch from 7ff0a92 to ae830b7 Compare June 26, 2023 23:35
@renovate renovate bot changed the title Update maven.version to v3.9.3 Update maven.version to v3.9.4 Aug 4, 2023
@renovate renovate bot force-pushed the renovate/maven.version branch from ae830b7 to a65d9a0 Compare August 4, 2023 02:27
@renovate renovate bot changed the title Update maven.version to v3.9.4 Update maven.version to v3.9.5 Oct 5, 2023
@renovate renovate bot force-pushed the renovate/maven.version branch from a65d9a0 to 1eec7eb Compare October 5, 2023 05:13
@renovate renovate bot changed the title Update maven.version to v3.9.5 Update maven.version to v3.9.6 Dec 2, 2023
@renovate renovate bot force-pushed the renovate/maven.version branch from 1eec7eb to 4d1c96f Compare December 2, 2023 11:45
@renovate renovate bot changed the title Update maven.version to v3.9.6 Update maven.version to v3.9.7 May 26, 2024
@renovate renovate bot force-pushed the renovate/maven.version branch from 4d1c96f to 5dd61ca Compare May 26, 2024 02:07
@renovate renovate bot changed the title Update maven.version to v3.9.7 Update maven.version to v3.9.8 Jun 19, 2024
@renovate renovate bot force-pushed the renovate/maven.version branch from 5dd61ca to c9a757a Compare June 19, 2024 02:38
@renovate renovate bot force-pushed the renovate/maven.version branch from c9a757a to 0d59667 Compare August 18, 2024 02:40
@renovate renovate bot changed the title Update maven.version to v3.9.8 Update maven.version to v3.9.9 Aug 18, 2024
@renovate renovate bot changed the title Update maven.version to v3.9.9 Update maven.version [SECURITY] Jan 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
0crat/new
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@0crat @yegor256 @rultor