Re: [commons-text] branch master updated: Bump checkstyle from 9.3 to 10.2

2022-05-21 Thread Gary Gregory 
-1

Please stop updating checkstyle to 10.2 because it breaks the build as
10.2 requires Java 11.

Gary

On Fri, May 20, 2022 at 7:04 PM  wrote:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> kinow pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/commons-text.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
>  new 2450b5bf Bump checkstyle from 9.3 to 10.2
> 2450b5bf is described below
>
> commit 2450b5bfc0460e22e86e33e517f4944ade33573b
> Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
> AuthorDate: Fri May 20 20:03:05 2022 +
>
> Bump checkstyle from 9.3 to 10.2
>
> Bumps [checkstyle](https://github.com/checkstyle/checkstyle) from 9.3 to 
> 10.2.
> - [Release notes](https://github.com/checkstyle/checkstyle/releases)
> - 
> [Commits](https://github.com/checkstyle/checkstyle/compare/checkstyle-9.3...checkstyle-10.2)
>
> ---
> updated-dependencies:
> - dependency-name: com.puppycrawl.tools:checkstyle
>   dependency-type: direct:production
>   update-type: version-update:semver-major
> ...
>
> Signed-off-by: dependabot[bot] 
> ---
>  pom.xml | 2 +-
>  src/changes/changes.xml | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/pom.xml b/pom.xml
> index 24a06cef..ed92f57b 100644
> --- a/pom.xml
> +++ b/pom.xml
> @@ -48,7 +48,7 @@
>  
> site-content
>
>  3.1.2
> -9.3
> +10.2
>
>  
> 4.6.0.0
>  4.7.0
> diff --git a/src/changes/changes.xml b/src/changes/changes.xml
> index eca43f0a..3d53e762 100644
> --- a/src/changes/changes.xml
> +++ b/src/changes/changes.xml
> @@ -79,7 +79,7 @@ The  type attribute can be add,update,fix,remove.
>   due-to="Dependabot">Bump actions/checkout from v1 to 3 #138, #146, #165, 
> #183, #274, #279, #304.
>   due-to="Dependabot">Bump actions/cache from v2 to v2.1.6 #205 #217 
> #234.
>   due-to="Dependabot">Bump github/codeql-action from 1 to 2 #319.
> - due-to="Dependabot">Bump checkstyle from 8.34 to 9.3, #141, #168, #182, #188, 
> #193, #201, #208, #211, #228, #235, #245, #253, #255, #262, #270, #280, #287, 
> #299, #315, #321.
> + due-to="Dependabot">Bump checkstyle from 8.34 to 10.2, #141, #168, #182, 
> #188, #193, #201, #208, #211, #228, #235, #245, #253, #255, #262, #270, #280, 
> #287, #299, #315, #321, #327.
>  Bump spotbugs-maven-plugin from 4.0.0 to 4.6.0.0, #144, 
> #150, #167, #176, #194, #210, #223, #250, #268, #273, #277, #278, #286, #293, 
> #303, #320.
>   due-to="Dependabot">Bump mockito-inline from 3.4.4 to 4.5.1, #143, #148, 
> #149, #152, #153, #154, #158, #159, #166, #177, #180, #187, #195, #197, #207, 
> #216, #231, #236, #237, #243, #258, #259, #260, #261, #272, #285, #291, #305, 
> #317.
>   due-to="Dependabot">Bump junit-jupiter from 5.6.2 to 5.8.2 #163, #204, #232, 
> #265, #269, #288.
>

-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org

Re: [commons-lang] 02/02: Add Spotbugs exclusions after dependabot update (no code modification)

2022-05-21 Thread Gary Gregory 
-1

Please do not allow turn off this check. These checks are real
anti-patterns and have allowed me to fix call sites here IIRC and in
other components. If there are spot cases of legitimate code like
"throws new RuntimeException(...)", then the code should be documented
in-line and each call site specifically excluded from SpotBugs.
Otherwise, PRs and maintainers can add "throws new
RuntimeException(..,)" all over the place without SpotBugs rasing this
as an anti-pattern.

TY,
Gary

On Fri, May 20, 2022 at 6:51 PM  wrote:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> kinow pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/commons-lang.git
>
> commit b9f3b72c15508057d93ad2ed9399a18400d1b2d0
> Author: Bruno P. Kinoshita 
> AuthorDate: Sat May 21 10:44:37 2022 +1200
>
> Add Spotbugs exclusions after dependabot update (no code modification)
> ---
>  src/conf/spotbugs-exclude-filter.xml | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/src/conf/spotbugs-exclude-filter.xml 
> b/src/conf/spotbugs-exclude-filter.xml
> index 7cbba7a97..2d4cf12f3 100644
> --- a/src/conf/spotbugs-exclude-filter.xml
> +++ b/src/conf/spotbugs-exclude-filter.xml
> @@ -30,6 +30,9 @@
>
>
>
> +  
> +  
> +  
>  
>
>
>

-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org

Re: [commons-text] branch master updated: Bump checkstyle from 9.3 to 10.2

2022-05-21 Thread sebb 
I suggest the Pom is commented accordingly

On Sat, 21 May 2022 at 14:48, Gary Gregory  wrote:
>
> -1
>
> Please stop updating checkstyle to 10.2 because it breaks the build as
> 10.2 requires Java 11.
>
> Gary
>
> On Fri, May 20, 2022 at 7:04 PM  wrote:
> >
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > kinow pushed a commit to branch master
> > in repository https://gitbox.apache.org/repos/asf/commons-text.git
> >
> >
> > The following commit(s) were added to refs/heads/master by this push:
> >  new 2450b5bf Bump checkstyle from 9.3 to 10.2
> > 2450b5bf is described below
> >
> > commit 2450b5bfc0460e22e86e33e517f4944ade33573b
> > Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
> > AuthorDate: Fri May 20 20:03:05 2022 +
> >
> > Bump checkstyle from 9.3 to 10.2
> >
> > Bumps [checkstyle](https://github.com/checkstyle/checkstyle) from 9.3 
> > to 10.2.
> > - [Release notes](https://github.com/checkstyle/checkstyle/releases)
> > - 
> > [Commits](https://github.com/checkstyle/checkstyle/compare/checkstyle-9.3...checkstyle-10.2)
> >
> > ---
> > updated-dependencies:
> > - dependency-name: com.puppycrawl.tools:checkstyle
> >   dependency-type: direct:production
> >   update-type: version-update:semver-major
> > ...
> >
> > Signed-off-by: dependabot[bot] 
> > ---
> >  pom.xml | 2 +-
> >  src/changes/changes.xml | 2 +-
> >  2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/pom.xml b/pom.xml
> > index 24a06cef..ed92f57b 100644
> > --- a/pom.xml
> > +++ b/pom.xml
> > @@ -48,7 +48,7 @@
> >  
> > site-content
> >
> >  3.1.2
> > -9.3
> > +10.2
> >
> >  
> > 4.6.0.0
> >  4.7.0
> > diff --git a/src/changes/changes.xml b/src/changes/changes.xml
> > index eca43f0a..3d53e762 100644
> > --- a/src/changes/changes.xml
> > +++ b/src/changes/changes.xml
> > @@ -79,7 +79,7 @@ The  type attribute can be add,update,fix,remove.
> >   > due-to="Dependabot">Bump actions/checkout from v1 to 3 #138, #146, #165, 
> > #183, #274, #279, #304.
> >   > due-to="Dependabot">Bump actions/cache from v2 to v2.1.6 #205 #217 
> > #234.
> >   > due-to="Dependabot">Bump github/codeql-action from 1 to 2 #319.
> > - > due-to="Dependabot">Bump checkstyle from 8.34 to 9.3, #141, #168, #182, 
> > #188, #193, #201, #208, #211, #228, #235, #245, #253, #255, #262, #270, 
> > #280, #287, #299, #315, #321.
> > + > due-to="Dependabot">Bump checkstyle from 8.34 to 10.2, #141, #168, #182, 
> > #188, #193, #201, #208, #211, #228, #235, #245, #253, #255, #262, #270, 
> > #280, #287, #299, #315, #321, #327.
> >  Bump spotbugs-maven-plugin from 4.0.0 to 4.6.0.0, 
> > #144, #150, #167, #176, #194, #210, #223, #250, #268, #273, #277, #278, 
> > #286, #293, #303, #320.
> >   > due-to="Dependabot">Bump mockito-inline from 3.4.4 to 4.5.1, #143, #148, 
> > #149, #152, #153, #154, #158, #159, #166, #177, #180, #187, #195, #197, 
> > #207, #216, #231, #236, #237, #243, #258, #259, #260, #261, #272, #285, 
> > #291, #305, #317.
> >   > due-to="Dependabot">Bump junit-jupiter from 5.6.2 to 5.8.2 #163, #204, 
> > #232, #265, #269, #288.
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
> For additional commands, e-mail: dev-h...@commons.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org

Re: [commons-text] branch master updated: Bump checkstyle from 9.3 to 10.2

2022-05-21 Thread Eric Bresie 
So at what point do we consider updating to new required Java version?

From: Gary Gregory 
Sent: Saturday, May 21, 2022 8:48 AM
To: Commons Developers List 
Subject: Re: [commons-text] branch master updated: Bump checkstyle from 9.3 to 
10.2

-1

Please stop updating checkstyle to 10.2 because it breaks the build as
10.2 requires Java 11.

Gary

On Fri, May 20, 2022 at 7:04 PM  wrote:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> kinow pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/commons-text.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
>  new 2450b5bf Bump checkstyle from 9.3 to 10.2
> 2450b5bf is described below
>
> commit 2450b5bfc0460e22e86e33e517f4944ade33573b
> Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
> AuthorDate: Fri May 20 20:03:05 2022 +
>
> Bump checkstyle from 9.3 to 10.2
>
> Bumps [checkstyle](https://github.com/checkstyle/checkstyle) from 9.3 to 
> 10.2.
> - [Release notes](https://github.com/checkstyle/checkstyle/releases)
> - 
> [Commits](https://github.com/checkstyle/checkstyle/compare/checkstyle-9.3...checkstyle-10.2)
>
> ---
> updated-dependencies:
> - dependency-name: com.puppycrawl.tools:checkstyle
>   dependency-type: direct:production
>   update-type: version-update:semver-major
> ...
>
> Signed-off-by: dependabot[bot] 
> ---
>  pom.xml | 2 +-
>  src/changes/changes.xml | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/pom.xml b/pom.xml
> index 24a06cef..ed92f57b 100644
> --- a/pom.xml
> +++ b/pom.xml
> @@ -48,7 +48,7 @@
>  
> site-content
>
>  3.1.2
> -9.3
> +10.2
>
>  
> 4.6.0.0
>  4.7.0
> diff --git a/src/changes/changes.xml b/src/changes/changes.xml
> index eca43f0a..3d53e762 100644
> --- a/src/changes/changes.xml
> +++ b/src/changes/changes.xml
> @@ -79,7 +79,7 @@ The  type attribute can be add,update,fix,remove.
>   due-to="Dependabot">Bump actions/checkout from v1 to 3 #138, #146, #165, 
> #183, #274, #279, #304.
>   due-to="Dependabot">Bump actions/cache from v2 to v2.1.6 #205 #217 
> #234.
>   due-to="Dependabot">Bump github/codeql-action from 1 to 2 #319.
> - due-to="Dependabot">Bump checkstyle from 8.34 to 9.3, #141, #168, #182, #188, 
> #193, #201, #208, #211, #228, #235, #245, #253, #255, #262, #270, #280, #287, 
> #299, #315, #321.
> + due-to="Dependabot">Bump checkstyle from 8.34 to 10.2, #141, #168, #182, 
> #188, #193, #201, #208, #211, #228, #235, #245, #253, #255, #262, #270, #280, 
> #287, #299, #315, #321, #327.
>  Bump spotbugs-maven-plugin from 4.0.0 to 4.6.0.0, #144, 
> #150, #167, #176, #194, #210, #223, #250, #268, #273, #277, #278, #286, #293, 
> #303, #320.
>   due-to="Dependabot">Bump mockito-inline from 3.4.4 to 4.5.1, #143, #148, 
> #149, #152, #153, #154, #158, #159, #166, #177, #180, #187, #195, #197, #207, 
> #216, #231, #236, #237, #243, #258, #259, #260, #261, #272, #285, #291, #305, 
> #317.
>   due-to="Dependabot">Bump junit-jupiter from 5.6.2 to 5.8.2 #163, #204, #232, 
> #265, #269, #288.
>

-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org

Re: [commons-text] branch master updated: Bump checkstyle from 9.3 to 10.2

2022-05-21 Thread Gary Gregory 
On Sat, May 21, 2022 at 11:32 AM Eric Bresie  wrote:
>
> So at what point do we consider updating to new required Java version?

Probably soon-ish maybe this year? Next year? Who knows ;-) Java 8 is
still under LTS support and is still widely used:
https://www.infoworld.com/article/3652408/java-8-still-dominates-but-java-17-wave-is-coming-survey.html#:~:text=Oracle's%20Java%20distribution%20was%20the,by%2022%25%20using%20monolithic%20applications.

Gary

> 
> From: Gary Gregory 
> Sent: Saturday, May 21, 2022 8:48 AM
> To: Commons Developers List 
> Subject: Re: [commons-text] branch master updated: Bump checkstyle from 9.3 
> to 10.2
>
> -1
>
> Please stop updating checkstyle to 10.2 because it breaks the build as
> 10.2 requires Java 11.
>
> Gary
>
> On Fri, May 20, 2022 at 7:04 PM  wrote:
> >
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > kinow pushed a commit to branch master
> > in repository https://gitbox.apache.org/repos/asf/commons-text.git
> >
> >
> > The following commit(s) were added to refs/heads/master by this push:
> >  new 2450b5bf Bump checkstyle from 9.3 to 10.2
> > 2450b5bf is described below
> >
> > commit 2450b5bfc0460e22e86e33e517f4944ade33573b
> > Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
> > AuthorDate: Fri May 20 20:03:05 2022 +
> >
> > Bump checkstyle from 9.3 to 10.2
> >
> > Bumps [checkstyle](https://github.com/checkstyle/checkstyle) from 9.3 
> > to 10.2.
> > - [Release notes](https://github.com/checkstyle/checkstyle/releases)
> > - 
> > [Commits](https://github.com/checkstyle/checkstyle/compare/checkstyle-9.3...checkstyle-10.2)
> >
> > ---
> > updated-dependencies:
> > - dependency-name: com.puppycrawl.tools:checkstyle
> >   dependency-type: direct:production
> >   update-type: version-update:semver-major
> > ...
> >
> > Signed-off-by: dependabot[bot] 
> > ---
> >  pom.xml | 2 +-
> >  src/changes/changes.xml | 2 +-
> >  2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/pom.xml b/pom.xml
> > index 24a06cef..ed92f57b 100644
> > --- a/pom.xml
> > +++ b/pom.xml
> > @@ -48,7 +48,7 @@
> >  
> > site-content
> >
> >  3.1.2
> > -9.3
> > +10.2
> >
> >  
> > 4.6.0.0
> >  4.7.0
> > diff --git a/src/changes/changes.xml b/src/changes/changes.xml
> > index eca43f0a..3d53e762 100644
> > --- a/src/changes/changes.xml
> > +++ b/src/changes/changes.xml
> > @@ -79,7 +79,7 @@ The  type attribute can be add,update,fix,remove.
> >   > due-to="Dependabot">Bump actions/checkout from v1 to 3 #138, #146, #165, 
> > #183, #274, #279, #304.
> >   > due-to="Dependabot">Bump actions/cache from v2 to v2.1.6 #205 #217 
> > #234.
> >   > due-to="Dependabot">Bump github/codeql-action from 1 to 2 #319.
> > - > due-to="Dependabot">Bump checkstyle from 8.34 to 9.3, #141, #168, #182, 
> > #188, #193, #201, #208, #211, #228, #235, #245, #253, #255, #262, #270, 
> > #280, #287, #299, #315, #321.
> > + > due-to="Dependabot">Bump checkstyle from 8.34 to 10.2, #141, #168, #182, 
> > #188, #193, #201, #208, #211, #228, #235, #245, #253, #255, #262, #270, 
> > #280, #287, #299, #315, #321, #327.
> >  Bump spotbugs-maven-plugin from 4.0.0 to 4.6.0.0, 
> > #144, #150, #167, #176, #194, #210, #223, #250, #268, #273, #277, #278, 
> > #286, #293, #303, #320.
> >   > due-to="Dependabot">Bump mockito-inline from 3.4.4 to 4.5.1, #143, #148, 
> > #149, #152, #153, #154, #158, #159, #166, #177, #180, #187, #195, #197, 
> > #207, #216, #231, #236, #237, #243, #258, #259, #260, #261, #272, #285, 
> > #291, #305, #317.
> >   > due-to="Dependabot">Bump junit-jupiter from 5.6.2 to 5.8.2 #163, #204, 
> > #232, #265, #269, #288.
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
> For additional commands, e-mail: dev-h...@commons.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org

Re: [commons-text] branch master updated: Bump checkstyle from 9.3 to 10.2

2022-05-21 Thread Bruno Kinoshita 
Ah, good point. I saw builds in other projects failing, and the PR's being
closed due to the upgrade, but looks like Text's GH Actions set up needs to
be fixed too. The build for checkstyle passed (even though it appears to
include Java 8), maybe it's not calling checkstyle.

https://github.com/apache/commons-text/pull/327/checks

I will revert it and update the GH workflows to include checkstyle with
each JVM version.

Thanks Gary!
Bruno

On Sun, 22 May 2022 at 01:48, Gary Gregory  wrote:

> -1
>
> Please stop updating checkstyle to 10.2 because it breaks the build as
> 10.2 requires Java 11.
>
> Gary
>
> On Fri, May 20, 2022 at 7:04 PM  wrote:
> >
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > kinow pushed a commit to branch master
> > in repository https://gitbox.apache.org/repos/asf/commons-text.git
> >
> >
> > The following commit(s) were added to refs/heads/master by this push:
> >  new 2450b5bf Bump checkstyle from 9.3 to 10.2
> > 2450b5bf is described below
> >
> > commit 2450b5bfc0460e22e86e33e517f4944ade33573b
> > Author: dependabot[bot] <49699333+dependabot[bot]@
> users.noreply.github.com>
> > AuthorDate: Fri May 20 20:03:05 2022 +
> >
> > Bump checkstyle from 9.3 to 10.2
> >
> > Bumps [checkstyle](https://github.com/checkstyle/checkstyle) from
> 9.3 to 10.2.
> > - [Release notes](https://github.com/checkstyle/checkstyle/releases)
> > - [Commits](
> https://github.com/checkstyle/checkstyle/compare/checkstyle-9.3...checkstyle-10.2
> )
> >
> > ---
> > updated-dependencies:
> > - dependency-name: com.puppycrawl.tools:checkstyle
> >   dependency-type: direct:production
> >   update-type: version-update:semver-major
> > ...
> >
> > Signed-off-by: dependabot[bot] 
> > ---
> >  pom.xml | 2 +-
> >  src/changes/changes.xml | 2 +-
> >  2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/pom.xml b/pom.xml
> > index 24a06cef..ed92f57b 100644
> > --- a/pom.xml
> > +++ b/pom.xml
> > @@ -48,7 +48,7 @@
> >
> site-content
> >
> >  3.1.2
> > -9.3
> > +10.2
> >
> >
> 4.6.0.0
> >  4.7.0
> > diff --git a/src/changes/changes.xml b/src/changes/changes.xml
> > index eca43f0a..3d53e762 100644
> > --- a/src/changes/changes.xml
> > +++ b/src/changes/changes.xml
> > @@ -79,7 +79,7 @@ The  type attribute can be
> add,update,fix,remove.
> >   due-to="Dependabot">Bump actions/checkout from v1 to 3 #138, #146, #165,
> #183, #274, #279, #304.
> >   due-to="Dependabot">Bump actions/cache from v2 to v2.1.6 #205 #217
> #234.
> >   due-to="Dependabot">Bump github/codeql-action from 1 to 2 #319.
> > - due-to="Dependabot">Bump checkstyle from 8.34 to 9.3, #141, #168, #182,
> #188, #193, #201, #208, #211, #228, #235, #245, #253, #255, #262, #270,
> #280, #287, #299, #315, #321.
> > + due-to="Dependabot">Bump checkstyle from 8.34 to 10.2, #141, #168, #182,
> #188, #193, #201, #208, #211, #228, #235, #245, #253, #255, #262, #270,
> #280, #287, #299, #315, #321, #327.
> >  Bump spotbugs-maven-plugin from 4.0.0 to 4.6.0.0,
> #144, #150, #167, #176, #194, #210, #223, #250, #268, #273, #277, #278,
> #286, #293, #303, #320.
> >   due-to="Dependabot">Bump mockito-inline from 3.4.4 to 4.5.1, #143, #148,
> #149, #152, #153, #154, #158, #159, #166, #177, #180, #187, #195, #197,
> #207, #216, #231, #236, #237, #243, #258, #259, #260, #261, #272, #285,
> #291, #305, #317.
> >   due-to="Dependabot">Bump junit-jupiter from 5.6.2 to 5.8.2 #163, #204,
> #232, #265, #269, #288.
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
> For additional commands, e-mail: dev-h...@commons.apache.org
>
>

Re: [commons-text] branch master updated: Bump checkstyle from 9.3 to 10.2

2022-05-21 Thread Bruno Kinoshita 
There you go: https://github.com/apache/commons-text/pull/328 take a look
and feel free to merge it if it's looking OK, please

I tested first by making GH Actions to run just `mvn`, without changing the
pom.xml, and the build failed. Then reverted the change in pom.xml and
push-forced, and now the build passed.

Thanks

On Sun, 22 May 2022 at 10:39, Bruno Kinoshita  wrote:

> Ah, good point. I saw builds in other projects failing, and the PR's being
> closed due to the upgrade, but looks like Text's GH Actions set up needs to
> be fixed too. The build for checkstyle passed (even though it appears to
> include Java 8), maybe it's not calling checkstyle.
>
> https://github.com/apache/commons-text/pull/327/checks
>
> I will revert it and update the GH workflows to include checkstyle with
> each JVM version.
>
> Thanks Gary!
> Bruno
>
> On Sun, 22 May 2022 at 01:48, Gary Gregory  wrote:
>
>> -1
>>
>> Please stop updating checkstyle to 10.2 because it breaks the build as
>> 10.2 requires Java 11.
>>
>> Gary
>>
>> On Fri, May 20, 2022 at 7:04 PM  wrote:
>> >
>> > This is an automated email from the ASF dual-hosted git repository.
>> >
>> > kinow pushed a commit to branch master
>> > in repository https://gitbox.apache.org/repos/asf/commons-text.git
>> >
>> >
>> > The following commit(s) were added to refs/heads/master by this push:
>> >  new 2450b5bf Bump checkstyle from 9.3 to 10.2
>> > 2450b5bf is described below
>> >
>> > commit 2450b5bfc0460e22e86e33e517f4944ade33573b
>> > Author: dependabot[bot] <49699333+dependabot[bot]@
>> users.noreply.github.com>
>> > AuthorDate: Fri May 20 20:03:05 2022 +
>> >
>> > Bump checkstyle from 9.3 to 10.2
>> >
>> > Bumps [checkstyle](https://github.com/checkstyle/checkstyle) from
>> 9.3 to 10.2.
>> > - [Release notes](https://github.com/checkstyle/checkstyle/releases
>> )
>> > - [Commits](
>> https://github.com/checkstyle/checkstyle/compare/checkstyle-9.3...checkstyle-10.2
>> )
>> >
>> > ---
>> > updated-dependencies:
>> > - dependency-name: com.puppycrawl.tools:checkstyle
>> >   dependency-type: direct:production
>> >   update-type: version-update:semver-major
>> > ...
>> >
>> > Signed-off-by: dependabot[bot] 
>> > ---
>> >  pom.xml | 2 +-
>> >  src/changes/changes.xml | 2 +-
>> >  2 files changed, 2 insertions(+), 2 deletions(-)
>> >
>> > diff --git a/pom.xml b/pom.xml
>> > index 24a06cef..ed92f57b 100644
>> > --- a/pom.xml
>> > +++ b/pom.xml
>> > @@ -48,7 +48,7 @@
>> >
>> site-content
>> >
>> >  3.1.2
>> > -9.3
>> > +10.2
>> >
>> >
>> 4.6.0.0
>> >
>> 4.7.0
>> > diff --git a/src/changes/changes.xml b/src/changes/changes.xml
>> > index eca43f0a..3d53e762 100644
>> > --- a/src/changes/changes.xml
>> > +++ b/src/changes/changes.xml
>> > @@ -79,7 +79,7 @@ The  type attribute can be
>> add,update,fix,remove.
>> >  > due-to="Dependabot">Bump actions/checkout from v1 to 3 #138, #146, #165,
>> #183, #274, #279, #304.
>> >  > due-to="Dependabot">Bump actions/cache from v2 to v2.1.6 #205 #217
>> #234.
>> >  > due-to="Dependabot">Bump github/codeql-action from 1 to 2 #319.
>> > -> due-to="Dependabot">Bump checkstyle from 8.34 to 9.3, #141, #168, #182,
>> #188, #193, #201, #208, #211, #228, #235, #245, #253, #255, #262, #270,
>> #280, #287, #299, #315, #321.
>> > +> due-to="Dependabot">Bump checkstyle from 8.34 to 10.2, #141, #168, #182,
>> #188, #193, #201, #208, #211, #228, #235, #245, #253, #255, #262, #270,
>> #280, #287, #299, #315, #321, #327.
>> >  Bump spotbugs-maven-plugin from 4.0.0 to 4.6.0.0,
>> #144, #150, #167, #176, #194, #210, #223, #250, #268, #273, #277, #278,
>> #286, #293, #303, #320.
>> >  > due-to="Dependabot">Bump mockito-inline from 3.4.4 to 4.5.1, #143, #148,
>> #149, #152, #153, #154, #158, #159, #166, #177, #180, #187, #195, #197,
>> #207, #216, #231, #236, #237, #243, #258, #259, #260, #261, #272, #285,
>> #291, #305, #317.
>> >  > due-to="Dependabot">Bump junit-jupiter from 5.6.2 to 5.8.2 #163, #204,
>> #232, #265, #269, #288.
>> >
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
>> For additional commands, e-mail: dev-h...@commons.apache.org
>>
>>

Re: [commons-lang] 02/02: Add Spotbugs exclusions after dependabot update (no code modification)

2022-05-21 Thread Bruno Kinoshita 
Hi Gary,

Fair enough. I only checked on case, in the Functions.java where a generic
type extends Throwable and triggers the issue in Spotbugs [1]

But I agree other cases might be legit code smells that need fixing. I will
revert the change on the master branch, and when/if Dependabot triggers a
new PR I'll try to add notes about what can be ignored and what needs
fixing.

Thanks for spotting it!

Bruno

[1]
https://github.com/apache/commons-lang/blob/90086a212df1069fd19fb9e4db5b6471761d02b8/src/main/java/org/apache/commons/lang3/Functions.java#L160

On Sun, 22 May 2022 at 01:58, Gary Gregory  wrote:

> -1
>
> Please do not allow turn off this check. These checks are real
> anti-patterns and have allowed me to fix call sites here IIRC and in
> other components. If there are spot cases of legitimate code like
> "throws new RuntimeException(...)", then the code should be documented
> in-line and each call site specifically excluded from SpotBugs.
> Otherwise, PRs and maintainers can add "throws new
> RuntimeException(..,)" all over the place without SpotBugs rasing this
> as an anti-pattern.
>
> TY,
> Gary
>
> On Fri, May 20, 2022 at 6:51 PM  wrote:
> >
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > kinow pushed a commit to branch master
> > in repository https://gitbox.apache.org/repos/asf/commons-lang.git
> >
> > commit b9f3b72c15508057d93ad2ed9399a18400d1b2d0
> > Author: Bruno P. Kinoshita 
> > AuthorDate: Sat May 21 10:44:37 2022 +1200
> >
> > Add Spotbugs exclusions after dependabot update (no code
> modification)
> > ---
> >  src/conf/spotbugs-exclude-filter.xml | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/src/conf/spotbugs-exclude-filter.xml
> b/src/conf/spotbugs-exclude-filter.xml
> > index 7cbba7a97..2d4cf12f3 100644
> > --- a/src/conf/spotbugs-exclude-filter.xml
> > +++ b/src/conf/spotbugs-exclude-filter.xml
> > @@ -30,6 +30,9 @@
> >
> >
> >
> > +  
> > +  
> > +  
> >  
> >
> >
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
> For additional commands, e-mail: dev-h...@commons.apache.org
>
>

Re: [text] Hexadecimal characters in decimal numeric entities

2022-05-21 Thread Richard BUNEL 
Hi Bruno,

Yeah sorry for being impatient, hope I didn't bother anyone, it was not the
point.
I'm not familiar with how such projects are maintained, but happy to learn
more about it every day.
Thanks for the answer by the way.

Both solutions you mention seem right to me too.
I understand the need for a strict spec-following version to be the default
one.
However, I indeed support the semicolon-less alternative to be available
for developers wishing to use this option.

Let's take the time to discuss it ;-)

Best regards,
Richard



Le sam. 21 mai 2022 à 06:25, Bruno Kinoshita  a écrit :

> Hi Richard,
>
> Thanks for the explanation and patience. Being a team of volunteers means
> that for some discussions and issues like this one we may take a while to
> find a solution/decision.
>
> I think the pull request/issue is valid since the code allows symbols
> without the semicolon to be escaped, but it is failing to do so with hex
> characters (which is what the PR is trying to fix), as Richard explained
> here and in the pull request.
>
> I would be +1 for deprecating the code and/or refactoring it too if others
> prefer it. Having a more strict version that follows a specification might
> be easier to maintain, or to have multiple solutions (one strict, another
> that doesn't require semicolon, etc), as was suggested in the PR review.
> Both sound like valid alternatives that are worth thinking about.
>
> However, I don't think we need to block that pull request until we have
> made a decision on that. I think we could fix this issue with no-semicolon
> and hex chars with the code from that pull request, and create a follow-up
> issue to discuss what to do about this code.
>
> Cheers
> -Bruno
>
> On Thu, 19 May 2022 at 04:19, Richard BUNEL  wrote:
>
> > Hello,
> >
> > Given the absence of answers, I thought I might add another argument to
> my
> > point.
> >
> > While I didn't mention it in my first post, please consider that the
> > semiColonOptional
> > <
> >
> https://github.com/apache/commons-text/blob/master/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java#L48
> > >
> > option
> > is never activated by default.
> > The constructor
> > <
> >
> https://github.com/apache/commons-text/blob/master/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java#L79
> > >
> > of
> > the NumericEntityUnescaper class uses by default the DEFAULT_OPTION
> > <
> >
> https://github.com/apache/commons-text/blob/master/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java#L57
> > >
> > which
> > is set to the semiColonRequired
> > <
> >
> https://github.com/apache/commons-text/blob/master/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java#L43
> > >
> >  value.
> >
> > Then, the UNESCAPE_HTML4
> > <
> >
> https://github.com/apache/commons-text/blob/master/src/main/java/org/apache/commons/text/StringEscapeUtils.java#L440
> > >
> > translator
> > in the StringEscapeUtils class, which is in turn used by the
> unescapeHtml4
> > <
> >
> https://github.com/apache/commons-text/blob/master/src/main/java/org/apache/commons/text/StringEscapeUtils.java#L791
> > >
> > method,
> > indeed calls the aforementioned constructor.
> > All of this is consistent with the fact that, by default, the Commons
> Text
> > library requires semicolons to be used after numeric HTML entities, and
> as
> > such follows strictly the HTML specification.
> >
> > However, the semiColonOptional
> > <
> >
> https://github.com/apache/commons-text/blob/master/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java#L48
> > >
> > option
> > does exist and may be used in certain ways. Therefore, I think we can
> > expect it to work correctly if used with decimal entities.
> > That's the point of my commit, nothing more than that.
> > I hope this little explanation might help you make your opinion.
> >
> > Thanks in advance,
> > Richard
> >
> > Le mar. 10 mai 2022 à 09:48, Richard BUNEL  a écrit
> :
> >
> > > Hi everyone,
> > >
> > > We're having a debate (in the comment section of this PR
> > > ) on the legitimacy
> of
> > > unescaping semicolon-less numerical character entities in Commons-Text.
> > >
> > > The possibility to unescape such entities has long been part of the
> > > library, via the semiColonOptional
> > > <
> >
> https://github.com/apache/commons-text/blob/master/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java#L48
> >
> > option
> > > in the NumericEntityUnescaper class.
> > >
> > > While testing this option, I discovered a small bug which allows to
> > bypass
> > > the unescaper.
> > > A string like this: ** is
> > > ignored by the unescaper, because even though this entity is a decimal
> > one,
> > > the algorithm searches for hexidecimal characters in all cases and
> > includes
> > > the "a" after the "6".
> > > This prompted me to fix it in this commit
> > > <
>