Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
include Kotlin DSL sample for chapter publishing_ivy (customize-identity sample)

Signed-off-by: jnizet <jb@ninja-squad.com>

  1. … 11 more files in changeset.
Fix Java component publishing

When we introduced the `java-library` plugin, we made sure

the published POM reflects what a downstream project in the

same build would see: `api` dependencies are exposed, `implementation`

dependencies are hidden. The legacy `compile`/`runtime` dependencies

are exposed as well for backwards compatibility.

We forgot to adjust the tests for the existing `java` plugin,

leading to a confusing difference in behavior. The `java` plugin

was still hiding the legacy `compile` and `runtime` dependencies from

consumers. This was due to a bug in the implementation of `JavaLibrary`,

which was looking for the `api` configuration instead of the `apiElements`

configuration.

  1. … 24 more files in changeset.
Revert "Revert "Merge branch 'cc-java-library-plugin'""

This reverts commit c6cd884e1a8889fb25d26dfcfdfa79d896835e11.

  1. … 76 more files in changeset.
Revert "Merge branch 'cc-java-library-plugin'"

This reverts commit 0d442a55b445f537efbce65267ce9418fce2e7a8, reversing

changes made to 04647ab69fc8d19186cd2a78124ea74b8a89cc0f.

  1. … 76 more files in changeset.
Fix expectations on Ivy samples integration tests

  1. … 3 more files in changeset.
Upgrade Apache Commons Collections to v3.2.2

Version 3.2.1 has a CVSS 10.0 vulnerability. That's the worst kind of

vulnerability that exists. By merely existing on the classpath, this

library causes the Java serialization parser for the entire JVM process

to go from being a state machine to a turing machine. A turing machine

with an exec() function!

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8103

https://commons.apache.org/proper/commons-collections/security-reports.html

http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

  1. … 54 more files in changeset.
Project dependencies map to a single publication of the depended-on project - For single publication, use it - For multiple publications, fail unless all publications have the same coordinates - For no publications, use the project coordinates - Added ProjectDependencyPublicationResolver to do the work of determining the coordinates to use for a project dependency

  1. … 20 more files in changeset.
Improved ivy-publish sample for multiple publications, and added test

    • -0
    • +15
    ./project2-impl.ivy.xml
  1. … 5 more files in changeset.