exist icon indicating copy to clipboard operation
exist copied to clipboard
verified publisher icon eXist-db

Bump maven-dependency-plugin from 3.1.2 to 3.3.0

Open dependabot[bot] opened this issue 3 years ago • 7 comments

Bumps maven-dependency-plugin from 3.1.2 to 3.3.0.

Commits
  • e52bc02 [maven-release-plugin] prepare release maven-dependency-plugin-3.3.0
  • 0ec0a52 Fix Jenkins url
  • 77e42ca [MDEP-796] Upgrade Maven Parent to 35
  • 78976c0 [MDEP-795] Update Jetty to 9.4.45.v20220203 (#202)
  • a8d4690 [MDEP-788] Upgrade maven-reporting-impl to version 3.1.0
  • 25ca833 (doc) Update link to Github PR docs
  • 76d59f0 [MDEP-789] Improve documentation of analyze - Non-test scoped
  • b66d2b2 Bump mockito-core from 4.2.0 to 4.3.1
  • b057234 Bump slf4j-simple from 1.7.32 to 1.7.36
  • f64d4f7 [MDEP-787] allow ignoring non-test-scoped dependencies
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Mar 14 '22 03:03 dependabot[bot]

@dependabot rebase

dizzzz avatar Apr 06 '22 08:04 dizzzz

@dependabot rebase

joewiz avatar Apr 14 '22 14:04 joewiz

dependabot rebase

dizzzz avatar May 30 '22 19:05 dizzzz

@dependabot rebase

reinhapa avatar May 31 '22 05:05 reinhapa

do the warnings trigger the build failure?

dizzzz avatar May 31 '22 09:05 dizzzz

do the warnings trigger the build failure?

@dizzzz yes, seems that the new version detects more unused stuff:

Warning:  Unused declared dependencies found:
Warning:     org.apache.logging.log4j:log4j-jul:jar:2.17.2:runtime
Warning:  Non-test scoped test only dependencies found:
Warning:     org.xmlunit:xmlunit-matchers:jar:2.9.0:compile
Warning:     org.eclipse.jetty:jetty-http:jar:9.4.45.v20220203:compile

reinhapa avatar May 31 '22 11:05 reinhapa

@adamretter I did some research in that problem and there are test related code (package org.exist.test) in the exist-core module that depends on testing libraries, that may needed to be separated out of the main source tree into some other location. As I'm not that experienced with Maven I do not know how to separate out something like test fixtures to be used within other modules as test dependencies though...

reinhapa avatar Jun 22 '22 05:06 reinhapa

Superseded by #4631.

dependabot[bot] avatar Nov 30 '22 03:11 dependabot[bot]