Fix inputsource jdk26 #11603
Closed
Fix inputsource jdk26 #11603
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Updated all module versions from 4.0.0-rc-4-SNAPSHOT to 4.0.0-SNAPSHOT - Updated 41 pom.xml files including root and all submodules - Fixed MavenITmng3991ValidDependencyScopeTest by changing version range from [4.0,) to [5.0,) - This disables the test for Maven 4.x due to behavior change where invalid dependency scopes generate warnings instead of errors - Maintains backward compatibility with extensions using custom scopes
Bumps `resolverVersion` from 2.0.9 to 2.0.10. Updates `org.apache.maven.resolver:maven-resolver-api` from 2.0.9 to 2.0.10 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](apache/maven-resolver@maven-resolver-2.0.9...maven-resolver-2.0.10) Updates `org.apache.maven.resolver:maven-resolver-spi` from 2.0.9 to 2.0.10 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](apache/maven-resolver@maven-resolver-2.0.9...maven-resolver-2.0.10) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.8.1 to 2.0.10 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](apache/maven-resolver@maven-resolver-1.8.1...maven-resolver-2.0.10) Updates `org.apache.maven.resolver:maven-resolver-util` from 2.0.9 to 2.0.10 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](apache/maven-resolver@maven-resolver-2.0.9...maven-resolver-2.0.10) Updates `org.apache.maven.resolver:maven-resolver-named-locks` from 2.0.9 to 2.0.10 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](apache/maven-resolver@maven-resolver-2.0.9...maven-resolver-2.0.10) Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 2.0.9 to 2.0.10 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](apache/maven-resolver@maven-resolver-2.0.9...maven-resolver-2.0.10) Updates `org.apache.maven.resolver:maven-resolver-transport-file` from 2.0.9 to 2.0.10 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](apache/maven-resolver@maven-resolver-2.0.9...maven-resolver-2.0.10) Updates `org.apache.maven.resolver:maven-resolver-transport-apache` from 2.0.9 to 2.0.10 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](apache/maven-resolver@maven-resolver-2.0.9...maven-resolver-2.0.10) Updates `org.apache.maven.resolver:maven-resolver-transport-jdk` from 2.0.9 to 2.0.10 Updates `org.apache.maven.resolver:maven-resolver-transport-wagon` from 2.0.9 to 2.0.10 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](apache/maven-resolver@maven-resolver-2.0.9...maven-resolver-2.0.10) Updates `org.apache.maven.resolver:maven-resolver-tools` from 2.0.9 to 2.0.10 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](apache/maven-resolver@maven-resolver-2.0.9...maven-resolver-2.0.10) --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-api dependency-version: 2.0.10 dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-spi dependency-version: 2.0.10 dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 2.0.10 dependency-type: direct:development update-type: version-update:semver-major - dependency-name: org.apache.maven.resolver:maven-resolver-util dependency-version: 2.0.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-named-locks dependency-version: 2.0.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 2.0.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-file dependency-version: 2.0.10 dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-apache dependency-version: 2.0.10 dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-jdk dependency-version: 2.0.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-wagon dependency-version: 2.0.10 dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-tools dependency-version: 2.0.10 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps `xmlunitVersion` from 2.10.2 to 2.10.3. Updates `org.xmlunit:xmlunit-assertj` from 2.10.2 to 2.10.3 - [Release notes](https://github.com/xmlunit/xmlunit/releases) - [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md) - [Commits](xmlunit/xmlunit@v2.10.2...v2.10.3) Updates `org.xmlunit:xmlunit-core` from 2.10.2 to 2.10.3 - [Release notes](https://github.com/xmlunit/xmlunit/releases) - [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md) - [Commits](xmlunit/xmlunit@v2.10.2...v2.10.3) Updates `org.xmlunit:xmlunit-matchers` from 2.10.2 to 2.10.3 - [Release notes](https://github.com/xmlunit/xmlunit/releases) - [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md) - [Commits](xmlunit/xmlunit@v2.10.2...v2.10.3) --- updated-dependencies: - dependency-name: org.xmlunit:xmlunit-assertj dependency-version: 2.10.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.xmlunit:xmlunit-core dependency-version: 2.10.3 dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.xmlunit:xmlunit-matchers dependency-version: 2.10.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.17.5 to 1.17.6. - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](raphw/byte-buddy@byte-buddy-1.17.5...byte-buddy-1.17.6) --- updated-dependencies: - dependency-name: net.bytebuddy:byte-buddy dependency-version: 1.17.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit c2e1a91) Co-authored-by: XenoAmess <[email protected]>
Bumps [org.junit:junit-bom](https://github.com/junit-team/junit-framework) from 5.13.1 to 5.13.2. - [Release notes](https://github.com/junit-team/junit-framework/releases) - [Commits](junit-team/junit-framework@r5.13.1...r5.13.2) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-version: 5.13.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [net.sourceforge.pmd:pmd-core](https://github.com/pmd/pmd) from 7.14.0 to 7.15.0. - [Release notes](https://github.com/pmd/pmd/releases) - [Changelog](https://github.com/pmd/pmd/blob/main/docs/render_release_notes.rb) - [Commits](pmd/pmd@pmd_releases/7.14.0...pmd_releases/7.15.0) --- updated-dependencies: - dependency-name: net.sourceforge.pmd:pmd-core dependency-version: 7.15.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump org.apache.maven:maven-parent from 44 to 45 Bumps [org.apache.maven:maven-parent](https://github.com/apache/maven-parent) from 44 to 45. - [Release notes](https://github.com/apache/maven-parent/releases) - [Commits](https://github.com/apache/maven-parent/commits) --- updated-dependencies: - dependency-name: org.apache.maven:maven-parent dependency-version: '45' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Code format --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Guillaume Nodet <[email protected]>
Co-authored-by: Tamas Cservenak <[email protected]>
#2556) * bug: fix duplicate dependency in effective model (fixes #2532) * Add integration test for #2532 duplicate dependency effective model fix - Add MavenITgh2532DuplicateDependencyEffectiveModelTest to verify the fix - Test reproduces the scenario where property placeholders in dependency coordinates caused duplicate dependency errors after interpolation - Verifies that deduplication now happens after interpolation as expected - Add test to TestSuiteOrdering for proper execution order (cherry picked from commit 7ac568b)
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit-framework) from 5.13.1 to 5.13.2. - [Release notes](https://github.com/junit-team/junit-framework/releases) - [Commits](junit-team/junit-framework@r5.13.1...r5.13.2) --- updated-dependencies: - dependency-name: org.junit.jupiter:junit-jupiter dependency-version: 5.13.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Slawomir Jaranowski <[email protected]>
* Fix MavenProject#getPlugin(String) performances * Fix Plugin connection: ensure getPlugin() returns connected Plugin objects The Plugin objects returned by MavenProject.getPlugin() were disconnected from the project model because they were created with new Plugin(plugin) without a parent BaseObject. This fix passes getBuild() as the parent to the Plugin constructor, ensuring that modifications to Plugin objects (setVersion, setConfiguration, etc.) persist in the project model. The change maintains the performance improvement from the original PR while fixing the connection issue, similar to how ConnectedResource works for Resource objects. * Do not use var keyword * Add pointer (cherry picked from commit 0b29d8f)
#2565) When plugin developers tried to modify project resources using: project.getResources().get(0).addInclude(\test\); The addInclude() call had no effect because Resource objects were disconnected from the underlying project model. This fix implements a ConnectedResource pattern: 1. Created ConnectedResource class that extends Resource and maintains references to the original SourceRoot, ProjectScope, and MavenProject 2. Override modification methods (addInclude/removeInclude/setIncludes/ setExcludes) to update both the Resource and underlying project model 3. Preserve SourceRoot ordering by replacing at the same index position 4. Modified getResources() to return ConnectedResource instances Key benefits: - Fixes the original issue: addInclude() now works correctly - Preserves SourceRoot ordering during modifications - Backward compatible: existing code continues to work - Comprehensive: handles all modification methods - Well-tested: includes tests for functionality and ordering Files changed: - MavenProject.java: Core fix implementation, made sources field package-private - ConnectedResource.java: New class extracted to meet file length limits - ResourceIncludeTest.java: Comprehensive test suite Closes #2486 (cherry picked from commit 0d7b61a)
Bumps [org.junit:junit-bom](https://github.com/junit-team/junit-framework) from 5.13.2 to 5.13.3. - [Release notes](https://github.com/junit-team/junit-framework/releases) - [Commits](junit-team/junit-framework@r5.13.2...r5.13.3) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-version: 5.13.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit-framework) from 5.13.2 to 5.13.3. - [Release notes](https://github.com/junit-team/junit-framework/releases) - [Commits](junit-team/junit-framework@r5.13.2...r5.13.3) --- updated-dependencies: - dependency-name: org.junit.jupiter:junit-jupiter dependency-version: 5.13.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Ability to control which repositories to be queried to resolve ranges. Introduced new property: (#2575) Ability to control which repositories to be queried to resolve ranges. Introduced new property: `maven.versionRangeResolver.natureOverride` that is used in VersionRangeResolver, and means: * not set; behave as before (default) * "auto" string; will check lower and upper bounds, and if any is snapshot, will querty snapshot reposes otherwise not * any valid value of resolver Metadata.Nature enum; then will use that Fixes: #2558 Backport of master 37b0699
From security reason we should use a hash for GitHub action versions (cherry picked from commit f57cbd6)
Bumps [com.google.jimfs:jimfs](https://github.com/google/jimfs) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/google/jimfs/releases) - [Commits](google/jimfs@v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: com.google.jimfs:jimfs dependency-version: 1.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 0a28912)
This reverts commit c5b83bf.
…ability Message at the end of error line is not readable ... so add some new lines and tabs to make it more readable chery pick from ec21f4b
Previously, ${project.basedir} was only allowed in activation.file.exists
and activation.file.missing. This change extends the same allowance to
activation.condition, which is a new Maven 4.0.0 feature that also needs
to reference the project base directory for its expressions.
This fixes a false positive warning when using expressions like
exists("${project.basedir}/src/main/java") in activation conditions.
…#11529) When multiple model parsers are registered (e.g., for YAML or TOML POMs) and all parsers fail to parse a POM file, the error message now provides detailed information about each parser's failure. Changes: - Changed modelParsers from List to Map<String, ModelParser> to preserve parser names for better error messages - Added buildDetailedErrorMessage() method that generates a comprehensive error report including: - The POM file path - The number of parsers attempted - Each parser's error with line/column information when available - The default XML reader's error - Updated all call sites to use Map.of() instead of List.of() This improves debugging when using alternative POM formats by showing exactly why each parser failed, rather than just the final XML error.
Bumps `mockitoVersion` from 5.20.0 to 5.21.0. Updates `org.mockito:mockito-bom` from 5.20.0 to 5.21.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v5.20.0...v5.21.0) Updates `org.mockito:mockito-junit-jupiter` from 5.20.0 to 5.21.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v5.20.0...v5.21.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-bom dependency-version: 5.21.0 dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.mockito:mockito-junit-jupiter dependency-version: 5.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump eu.maveniverse.maven.mimir:testing from 0.10.4 to 0.10.5 Bumps [eu.maveniverse.maven.mimir:testing](https://github.com/maveniverse/mimir) from 0.10.4 to 0.10.5. - [Release notes](https://github.com/maveniverse/mimir/releases) - [Commits](maveniverse/mimir@release-0.10.4...release-0.10.5) --- updated-dependencies: - dependency-name: eu.maveniverse.maven.mimir:testing dependency-version: 0.10.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Also upgrade mimir version used in GH workflow * Apply suggestion from @cstamas * Apply suggestion from @cstamas --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Guillaume Nodet <[email protected]> Co-authored-by: Tamas Cservenak <[email protected]>
…11485 and #11486) (#11365) (#11537) Replace shell-based jvm.config parsing with a Java-based parser to fix issues with special characters (pipes, @, quotes) that cause shell command errors. Problems fixed: - MNG-11363: Pipe symbols (|) in jvm.config cause shell parsing errors - GH-11485: @ character in paths (common in Jenkins workspaces like project_PR-350@2) causes sed failures - MNG-11486: POSIX compliance issues with xargs -0 on AIX, FreeBSD, etc. Solution: Add JvmConfigParser.java that runs via Java source-launch mode (JDK 11+) to parse jvm.config files. This avoids all shell parsing complexities and works consistently across Unix and Windows platforms. Changes: - Add apache-maven/bin/JvmConfigParser.java: Java parser that handles quoted arguments, comments, line continuations, and ${MAVEN_PROJECTBASEDIR} substitution - Update mvn (Unix): Use JvmConfigParser instead of tr/sed/xargs pipeline - Update mvn.cmd (Windows): Use JvmConfigParser with direct file output to avoid Windows file locking issues with shell redirection - Add MAVEN_DEBUG_SCRIPT environment variable for debug logging in both scripts to aid troubleshooting - Add integration tests for pipe symbols and @ character handling - Improve Verifier to save stdout/stderr to separate files for debugging The parser outputs arguments as quoted strings, preserving special characters that would otherwise be interpreted by the shell. (cherry picked from commit da5f27e)
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.21 to 1.5.22. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.21...v_1.5.22) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…for 4.0.0-rc-6 (#11538) This commit addresses API compatibility issues introduced in commit 731700a on master (4.1.0-SNAPSHOT), which made InputLocation constructors package-private and added static factory methods. Since Maven 4.0 hasn't been released yet, we're backporting these changes in a backward-compatible way. Changes: - Added static factory methods of(...) to InputLocation and InputSource classes - Deprecated all constructors with 'since 4.0.0-rc-6' message - Made both InputLocation and InputSource classes final to prevent extension - Updated internal Maven code to use factory methods instead of constructors - Applied changes to both hand-written files and Modello templates The constructors remain public (just deprecated) to maintain compatibility with extensions like mason, while the final modifier prevents subclassing which would break in 4.1.0 anyway. This ensures consistency between 4.0.0-rc-6 and 4.1.0-SNAPSHOT while maintaining backward compatibility for existing code.
Bumps [actions/cache](https://github.com/actions/cache) from 4.3.0 to 5.0.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@0057852...a783357) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@018cc2c...37930b1) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@a783357...9255dc7) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5.0.0 to 6.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@330a01c...b7c566a) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Convert "**/" to "{**/,}" after escaping special chars (including braces)
- Treat user braces literally in Maven-style patterns; alternation remains with explicit glob:
- Add tests for literal braces and explicit glob alternation
Fixes #11110
…11551) * Brace expansion must be applied also to the "/**" path suffix. * Detection of "match all" pattern must take brace expansion in account. * Optimization for excluding whole directories should be more conservative. * Create the directory matchers only if requested and return a more direct `PathMatcher` for directories.
Changes: * update to Resolver 2.0.14 * use per-request metadata nature in version range requests * apply required code changes * use new TrackingFileManager in maven-compat upgrade check manager Backport of #11473
Bumps org.ow2.asm:asm from 9.9 to 9.9.1. --- updated-dependencies: - dependency-name: org.ow2.asm:asm dependency-version: 9.9.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#11548) Opportunistically tune the formatting of `JavaPathType`.
…of copying the files (#11550) If the hard link cannot be created, fallback on a copy as before.
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.22 to 1.5.23. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.22...v_1.5.23) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [org.codehaus.mojo:exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) from 3.6.2 to 3.6.3. - [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases) - [Commits](mojohaus/exec-maven-plugin@3.6.2...3.6.3) --- updated-dependencies: - dependency-name: org.codehaus.mojo:exec-maven-plugin dependency-version: 3.6.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [com.github.siom79.japicmp:japicmp-maven-plugin](https://github.com/siom79/japicmp) from 0.25.0 to 0.25.1. - [Release notes](https://github.com/siom79/japicmp/releases) - [Changelog](https://github.com/siom79/japicmp/blob/master/release.py) - [Commits](siom79/japicmp@japicmp-base-0.25.0...japicmp-base-0.25.1) --- updated-dependencies: - dependency-name: com.github.siom79.japicmp:japicmp-maven-plugin dependency-version: 0.25.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.18.2 to 1.18.3. - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](raphw/byte-buddy@byte-buddy-1.18.2...byte-buddy-1.18.3) --- updated-dependencies: - dependency-name: net.bytebuddy:byte-buddy dependency-version: 1.18.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…11598) Bumps [eu.maveniverse.maven.plugins:bom-builder3](https://github.com/maveniverse/bom-builder-maven-plugin) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/maveniverse/bom-builder-maven-plugin/releases) - [Commits](maveniverse/bom-builder-maven-plugin@release-1.3.1...release-1.3.2) --- updated-dependencies: - dependency-name: eu.maveniverse.maven.plugins:bom-builder3 dependency-version: 1.3.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [org.apache.maven:maven-archiver](https://github.com/apache/maven-archiver) from 3.6.5 to 3.6.6. - [Release notes](https://github.com/apache/maven-archiver/releases) - [Commits](apache/maven-archiver@maven-archiver-3.6.5...maven-archiver-3.6.6) --- updated-dependencies: - dependency-name: org.apache.maven:maven-archiver dependency-version: 3.6.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Contributor
|
Presumably replaced by #11604. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request
Fixes #11581
Title
Remove reflective mutation of InputSource.modelId to comply with JDK 26 (JEP 500)
Description
What this PR does
This pull request removes reflective mutation of the modelId field on
org.apache.maven.api.model.InputSource from DefaultModelBuilder.
The removed code used reflection (setAccessible(true)) to mutate a final
field on a public Maven API model object.
Why this change is needed
Running Maven 4.0.0-rc5 on JDK 26 triggers the following warning even for simple
invocations such as mvn clean:
Final field modelId in class org.apache.maven.api.model.InputSource
has been mutated reflectively
This warning is produced due to JEP 500, which tightens restrictions around
reflective mutation of final fields and will block such behavior in a future
Java release.
Key points:
org.apache.maven.api.model.InputSource is part of Maven’s public API
API model objects are immutable by design
maven-impl must not mutate API objects
Legacy model classes (org.apache.maven.model.*) are intentionally not
accessible from maven-impl
Reflective mutation violates both Maven 4 architecture and upcoming JVM rules
How the issue is resolved
The reflective mutation block in DefaultModelBuilder is removed entirely.
The modelId value is diagnostic metadata and is not required for build
correctness. Removing the mutation:
Preserves API immutability
Removes illegal reflective access
Eliminates JDK 26 warnings
Keeps runtime behavior unchanged for users
There is no valid alternative implementation at this layer that respects both
Maven’s module boundaries and Java’s strong encapsulation.
Scope of the change
Addresses one issue only: illegal reflective mutation of InputSource
No refactoring beyond the affected code block
No API changes
No behavior changes
Checklist Compliance
This pull request addresses a single issue only
Description explains what, how, and why clearly
Commit has a meaningful subject and body
Unit tests
Not added: this change removes illegal reflective access and does not alter
externally observable behavior. There is no reliable unit-test hook to assert
JVM-level reflective warnings.
mvn verify executed locally (with -DskipTests)
Core ITs
Not executed locally due to environment constraints; CI will validate
Change is under ~20 LOC
Verification
Executed locally:
mvn -DskipTests verify
mvn clean
Results:
Build succeeds
JDK 26 reflective mutation warning is no longer emitted
License Declaration
I hereby declare this contribution to be licensed under the
Apache License Version 2.0, January 2004