> AFAICT the same problem does not apply to VFS, which is a multi-module
project.
because vfs has its all modules snapshot on snapshot repository (
https://repository.apache.org/content/groups/snapshots/org/apache/commons/)
(though might be older version content but version number is correct)
but w
will have a look when I have time.
sebb 于2025年2月13日周四 07:47写道:
> On Wed, 12 Feb 2025 at 22:20, Gary Gregory wrote:
> >
> > On Wed, Feb 12, 2025, 17:16 Gary Gregory wrote:
> >
> > >
> > >
> > > On Wed, Feb 12, 2025, 09:57 sebb wrote:
> > >
> > >> On Wed, 12 Feb 2025 at 14:07, Gary Gregory
> >
On Wed, 12 Feb 2025 at 22:20, Gary Gregory wrote:
>
> On Wed, Feb 12, 2025, 17:16 Gary Gregory wrote:
>
> >
> >
> > On Wed, Feb 12, 2025, 09:57 sebb wrote:
> >
> >> On Wed, 12 Feb 2025 at 14:07, Gary Gregory
> >> wrote:
> >> >
> >> > Hi All,
> >> >
> >> > I always use dependency:tree, that alwa
On Wed, Feb 12, 2025, 17:16 Gary Gregory wrote:
>
>
> On Wed, Feb 12, 2025, 09:57 sebb wrote:
>
>> On Wed, 12 Feb 2025 at 14:07, Gary Gregory
>> wrote:
>> >
>> > Hi All,
>> >
>> > I always use dependency:tree, that always works for me.
>>
>> But have you tried it on weaver?
>> (without previous
On Wed, Feb 12, 2025, 09:57 sebb wrote:
> On Wed, 12 Feb 2025 at 14:07, Gary Gregory wrote:
> >
> > Hi All,
> >
> > I always use dependency:tree, that always works for me.
>
> But have you tried it on weaver?
> (without previously doing an install)
>
C
>
> > At some point someone set up Jenkin
Hi folks,
after long & careful consideration I decided to become an emeritus member. The
good news is, that it has nothing to with the ASF itself (and all of the
lengthy email threads). Having said that, I have nothing ASF-related to do at
work, less and less spare time due to my aging parents
On Wed, Feb 12, 2025 at 10:10 AM sebb wrote:
>
> On Wed, 12 Feb 2025 at 14:53, Volodymyr Siedlecki wrote:
> >
> > Hello,
> >
> > I don't see it explicitly on the commons website, but is 3.2.2 end of Life?
> > I'm assuming so (as there are no releases in 10 years), but I would like to
> > double c
On Wed, 12 Feb 2025 at 15:22, Volodymyr Siedlecki wrote:
>
> We are looking at collections4 as a possibility, but haven't determined if we
> can upgrade yet.
>
> The main issue is COLLECTIONS-701which is flagged by security scanners:
>
> ```
> The framework Apache Commons Collections before 4.3 i
Le mer. 12 févr. 2025 à 15:57, sebb a écrit :
>> [...]
> >
> > It's possible to setup GH to push snapshots but that requires setting up
> > secrets and makes the workflows more complex. I think infra might need to
> > get involved for the secrets part, not aure.
>
> My point is that it should not
We are looking at collections4 as a possibility, but haven't determined if we
can upgrade yet.
The main issue is COLLECTIONS-701which is flagged by security scanners:
```
The framework Apache Commons Collections before 4.3 is vulnerable to Stack
Overflow. The function add() in the file list/S
On Wed, 12 Feb 2025 at 14:53, Volodymyr Siedlecki wrote:
>
> Hello,
>
> I don't see it explicitly on the commons website, but is 3.2.2 end of Life?
> I'm assuming so (as there are no releases in 10 years), but I would like to
> double check?
Collections3 is no longer advertised on the download pa
Hi.
Le mer. 12 févr. 2025 à 15:10, Gary Gregory a écrit :
>
> Hi All,
>
> I always use dependency:tree, that always works for me.
>
> At some point someone set up Jenkins jobs for some of the Commons
> components to publish snapshots, but I never look at Jenkins, I find it
> unreliable with the r
On Wed, 12 Feb 2025 at 14:07, Gary Gregory wrote:
>
> Hi All,
>
> I always use dependency:tree, that always works for me.
But have you tried it on weaver?
(without previously doing an install)
> At some point someone set up Jenkins jobs for some of the Commons
> components to publish snapshots,
Hello,
I don't see it explicitly on the commons website, but is 3.2.2 end of Life?
I'm assuming so (as there are no releases in 10 years), but I would like to
double check?
I ask since my team would like to backport a few fixes if there's any
possibility for a 3.2.3 release.
Thanks!
Volodymyr
Hi All,
I always use dependency:tree, that always works for me.
At some point someone set up Jenkins jobs for some of the Commons
components to publish snapshots, but I never look at Jenkins, I find it
unreliable with the regular git errors it seems to throw. I rely on GitHub,
that's rock solid.
On Wed, 12 Feb 2025 at 13:26, Elliotte Rusty Harold wrote:
>
> On Wed, Feb 12, 2025 at 12:27 AM sebb wrote:
>
> > org.apache.commons:commons-weaver-processor:jar:2.1-SNAPSHOT
> >
> > Note that the component is currently at version 2.1-SNAPSHOT.
> >
> > Surely it should not be necessary to build a
Assume any snapshot version of any artifact is not available in any
repo unless it's your local repo and you put it there yourself.
Snapshots are for development, not for publication.
On Wed, Feb 12, 2025 at 1:37 PM Eric Bresie wrote:
>
> Is this saying that not every commons artifact (1) is ava
Is this saying that not every commons artifact (1) is available in the snapshot
repo (2)?
Why would some be in the snapshot repo and others not? Are each of the given
just not setup to publish snapshots?
1. https://repo1.maven.org/maven2/org/apache/commons/
2. https://repository.apache.
On Wed, Feb 12, 2025 at 12:27 AM sebb wrote:
> org.apache.commons:commons-weaver-processor:jar:2.1-SNAPSHOT
>
> Note that the component is currently at version 2.1-SNAPSHOT.
>
> Surely it should not be necessary to build and install the component
> in order to list its dependencies?
> Or am I mis
19 matches
Mail list logo
