Skip to content

Push to atr 4.0.x#12447

Closed
hboutemy wants to merge 447 commits into
masterfrom
push-to-atr-4.0.x
Closed

Push to atr 4.0.x#12447
hboutemy wants to merge 447 commits into
masterfrom
push-to-atr-4.0.x

Conversation

@hboutemy

@hboutemy hboutemy commented Jul 8, 2026

Copy link
Copy Markdown
Member

backport of #12441

dependabot Bot and others added 30 commits November 27, 2025 05:24
Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.18.1 to 1.18.2.
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](raphw/byte-buddy@byte-buddy-1.18.1...byte-buddy-1.18.2)

---
updated-dependencies:
- dependency-name: net.bytebuddy:byte-buddy
  dependency-version: 1.18.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [net.sourceforge.pmd:pmd-core](https://github.com/pmd/pmd) from 7.18.0 to 7.19.0.
- [Release notes](https://github.com/pmd/pmd/releases)
- [Commits](pmd/pmd@pmd_releases/7.18.0...pmd_releases/7.19.0)

---
updated-dependencies:
- dependency-name: net.sourceforge.pmd:pmd-core
  dependency-version: 7.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [org.codehaus.plexus:plexus-testing](https://github.com/codehaus-plexus/plexus-testing) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/codehaus-plexus/plexus-testing/releases)
- [Commits](codehaus-plexus/plexus-testing@plexus-testing-2.0.1...plexus-testing-2.0.2)

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-testing
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@1af3b93...8e8c483)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@dded088...f2beeb2)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ability

Message at the end of error line is not readable ... so add some new lines and tabs to make it more readable

chery pick from ec21f4b
Previously, ${project.basedir} was only allowed in activation.file.exists
and activation.file.missing. This change extends the same allowance to
activation.condition, which is a new Maven 4.0.0 feature that also needs
to reference the project base directory for its expressions.

This fixes a false positive warning when using expressions like
exists("${project.basedir}/src/main/java") in activation conditions.
…#11529)

When multiple model parsers are registered (e.g., for YAML or TOML POMs)
and all parsers fail to parse a POM file, the error message now provides
detailed information about each parser's failure.

Changes:
- Changed modelParsers from List to Map<String, ModelParser> to preserve
  parser names for better error messages
- Added buildDetailedErrorMessage() method that generates a comprehensive
  error report including:
  - The POM file path
  - The number of parsers attempted
  - Each parser's error with line/column information when available
  - The default XML reader's error
- Updated all call sites to use Map.of() instead of List.of()

This improves debugging when using alternative POM formats by showing
exactly why each parser failed, rather than just the final XML error.
Bumps `mockitoVersion` from 5.20.0 to 5.21.0.

Updates `org.mockito:mockito-bom` from 5.20.0 to 5.21.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.20.0...v5.21.0)

Updates `org.mockito:mockito-junit-jupiter` from 5.20.0 to 5.21.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.20.0...v5.21.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-bom
  dependency-version: 5.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.mockito:mockito-junit-jupiter
  dependency-version: 5.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump eu.maveniverse.maven.mimir:testing from 0.10.4 to 0.10.5

Bumps [eu.maveniverse.maven.mimir:testing](https://github.com/maveniverse/mimir) from 0.10.4 to 0.10.5.
- [Release notes](https://github.com/maveniverse/mimir/releases)
- [Commits](maveniverse/mimir@release-0.10.4...release-0.10.5)

---
updated-dependencies:
- dependency-name: eu.maveniverse.maven.mimir:testing
  dependency-version: 0.10.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Also upgrade mimir version used in GH workflow

* Apply suggestion from @cstamas

* Apply suggestion from @cstamas

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Guillaume Nodet <gnodet@gmail.com>
Co-authored-by: Tamas Cservenak <tamas@cservenak.net>
…11485 and #11486) (#11365) (#11537)

Replace shell-based jvm.config parsing with a Java-based parser to fix issues
with special characters (pipes, @, quotes) that cause shell command errors.

Problems fixed:
- MNG-11363: Pipe symbols (|) in jvm.config cause shell parsing errors
- GH-11485: @ character in paths (common in Jenkins workspaces like
  project_PR-350@2) causes sed failures
- MNG-11486: POSIX compliance issues with xargs -0 on AIX, FreeBSD, etc.

Solution:
Add JvmConfigParser.java that runs via Java source-launch mode (JDK 11+) to
parse jvm.config files. This avoids all shell parsing complexities and works
consistently across Unix and Windows platforms.

Changes:
- Add apache-maven/bin/JvmConfigParser.java: Java parser that handles quoted
  arguments, comments, line continuations, and ${MAVEN_PROJECTBASEDIR}
  substitution
- Update mvn (Unix): Use JvmConfigParser instead of tr/sed/xargs pipeline
- Update mvn.cmd (Windows): Use JvmConfigParser with direct file output to
  avoid Windows file locking issues with shell redirection
- Add MAVEN_DEBUG_SCRIPT environment variable for debug logging in both
  scripts to aid troubleshooting
- Add integration tests for pipe symbols and @ character handling
- Improve Verifier to save stdout/stderr to separate files for debugging

The parser outputs arguments as quoted strings, preserving special characters
that would otherwise be interpreted by the shell.

(cherry picked from commit da5f27e)
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.21 to 1.5.22.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.21...v_1.5.22)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…for 4.0.0-rc-6 (#11538)

This commit addresses API compatibility issues introduced in commit 731700a on master (4.1.0-SNAPSHOT), which made InputLocation constructors package-private and added static factory methods. Since Maven 4.0 hasn't been released yet, we're backporting these changes in a backward-compatible way.

Changes:
- Added static factory methods of(...) to InputLocation and InputSource classes
- Deprecated all constructors with 'since 4.0.0-rc-6' message
- Made both InputLocation and InputSource classes final to prevent extension
- Updated internal Maven code to use factory methods instead of constructors
- Applied changes to both hand-written files and Modello templates

The constructors remain public (just deprecated) to maintain compatibility with extensions like mason, while the final modifier prevents subclassing which would break in 4.1.0 anyway.

This ensures consistency between 4.0.0-rc-6 and 4.1.0-SNAPSHOT while maintaining backward compatibility for existing code.
Bumps [actions/cache](https://github.com/actions/cache) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@0057852...a783357)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@018cc2c...37930b1)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@a783357...9255dc7)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@330a01c...b7c566a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Convert "**/" to "{**/,}" after escaping special chars (including braces)
- Treat user braces literally in Maven-style patterns; alternation remains with explicit glob:
- Add tests for literal braces and explicit glob alternation

Fixes #11110
…11551)

* Brace expansion must be applied also to the "/**" path suffix.
* Detection of "match all" pattern must take brace expansion in account.
* Optimization for excluding whole directories should be more conservative.
* Create the directory matchers only if requested and return a more direct `PathMatcher` for directories.
Changes:
* update to Resolver 2.0.14
* use per-request metadata nature in version range requests
* apply required code changes
* use new TrackingFileManager in maven-compat upgrade check manager

Backport of #11473
Bumps org.ow2.asm:asm from 9.9 to 9.9.1.

---
updated-dependencies:
- dependency-name: org.ow2.asm:asm
  dependency-version: 9.9.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#11548)

Opportunistically tune the formatting of `JavaPathType`.
…of copying the files (#11550)

If the hard link cannot be created, fallback on a copy as before.
…rom the project's artifactId (#11573)

This is a backport of #11549.
The intend is to support multi-module project where more than one artifact may be produced.
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.22 to 1.5.23.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.22...v_1.5.23)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [org.codehaus.mojo:exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) from 3.6.2 to 3.6.3.
- [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases)
- [Commits](mojohaus/exec-maven-plugin@3.6.2...3.6.3)

---
updated-dependencies:
- dependency-name: org.codehaus.mojo:exec-maven-plugin
  dependency-version: 3.6.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [com.github.siom79.japicmp:japicmp-maven-plugin](https://github.com/siom79/japicmp) from 0.25.0 to 0.25.1.
- [Release notes](https://github.com/siom79/japicmp/releases)
- [Changelog](https://github.com/siom79/japicmp/blob/master/release.py)
- [Commits](siom79/japicmp@japicmp-base-0.25.0...japicmp-base-0.25.1)

---
updated-dependencies:
- dependency-name: com.github.siom79.japicmp:japicmp-maven-plugin
  dependency-version: 0.25.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.18.2 to 1.18.3.
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](raphw/byte-buddy@byte-buddy-1.18.2...byte-buddy-1.18.3)

---
updated-dependencies:
- dependency-name: net.bytebuddy:byte-buddy
  dependency-version: 1.18.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
gnodet and others added 26 commits June 25, 2026 15:17
jaxb2-maven-plugin versions before 3.2.0 depend on jaxb-parent:3.0.0
which contains `<Xlint:all />` — an element with an undeclared namespace
prefix. Maven 4's namespace-aware StAX parser rejects this invalid XML,
causing transitive dependencies (jaxb-core, jaxb-impl) to be lost from
the plugin classrealm, resulting in ClassNotFoundException at runtime.

jaxb-parent:3.0.2 (used by jaxb2-maven-plugin 3.2.0+) fixed this by
using `<compilerArgument>-Xlint:all</compilerArgument>` instead.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…lements (#12357)

* Add mvnup SourceStrategy for migrating to <source> elements

Adds a new mvnup upgrade strategy that migrates legacy source
configuration to Maven 4.1.0+ <source> elements. Handles four
migration phases:

- Compiler properties (maven.compiler.release, source/target)
  to <source><targetVersion>
- Compiler plugin configuration (<release>, <source>/<target>)
  to <source><targetVersion>
- Custom source/test directories to <source><directory>
- Resource/testResource sections to <source> with lang=resources

Applies when --model-version is 4.1.0+ or --all is set.
Runs at @priority(20), after all other strategies.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Use domtrip path() API in SourceStrategy tests

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Fix review issues in SourceStrategy

- Check groupId in findCompilerPlugin (not just artifactId)
- Clean up compiler plugin config when properties already provide
  targetVersion (previously left stale release/source/target elements)
- Clean up empty pluginManagement after plugin removal
- Clean up empty build element after all children removed
- Add test for pluginManagement compiler plugin migration

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Extract copyPatternList to deduplicate includes/excludes handling

Address review feedback from desruisseaux: extract shared logic
from copyIncludesExcludes into a static copyPatternList method.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Address Copilot review comments on SourceStrategy

- Reuse existing main/java <source> element when adding targetVersion
  instead of always creating a new one (avoids duplicate source elements)
- Only remove compiler plugin config (release/source/target) when values
  match the migrated property value (preserves intentional overrides)
- Add tests for both edge cases

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…2347)

* Forward-port #11985: remove redundant required MDO attrs (#11979)

Remove <required>true</required> from 13 metadata/defaulted fields in maven.mdo
(forward-port of PR #11985 from maven-3.10.x).
Update Model.name description to document artifactId fallback.
Add minimal POM validation tests.

* Address Copilot review comments

- Fix <name> field description in maven.mdo to not claim the model field
  defaults to artifactId (the fallback is a runtime behavior in
  MavenProject#getName(), not a model-level default)
- Remove unused test POM resources minimal-with-parent.xml and
  minimal-without-parent.xml from impl/maven-impl (only referenced in
  compat/maven-model-builder tests which have their own copies)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.34 to 1.5.35.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.34...v_1.5.35)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.35
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 5.3.0 to 5.4.0.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@ad2b381...1bcf9fb)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-version: 5.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Replace 'for /f' with 'set /p' + input redirect to read the
JvmConfigParser temp file. 'for /f' silently produces no output
when the file is briefly locked by Windows Defender real-time
scanning, leaving JVM_CONFIG_MAVEN_OPTS empty and causing
MavenITmng4559 tests to fail intermittently on Windows CI runners.

'set /p <file' uses a transient input-redirect open with different
sharing flags, making it far less susceptible to lock contention.
If the file IS locked, it emits a visible error to stderr rather
than failing silently. A single retry with a brief delay is added
as a safety net.

Direct stdout capture ('for /f ... in (`command`)') was tried
previously (343b518) and reverted (7685323) because cmd.exe's
child shell interprets special characters (pipes, ampersands) in
the captured output, breaking jvm.config values like
-Dhttp.nonProxyHosts=de|*.de.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.35 to 1.5.36.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.35...v_1.5.36)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.36
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…POMs

In DefaultModelBuilder.doReadFileModel(), the CI-friendly version
interpolation for non-build requests (dependency/parent POM reads)
was guarded by `else if (modelSource.getPath() != null)`.
Since ResolvedPathSource.getPath() always returns null for
repository-resolved POMs, the ${revision} replacement never executed.

Changed to unconditional else so getEnhancedProperties() and
replaceCiFriendlyVersion() always run for non-build requests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…gh Maven logging

Adds the jul-to-slf4j bridge so that libraries using java.util.logging
(JUL) have their log output routed through SLF4J and Maven's logging
system, instead of writing directly to stderr.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Avoid redundantly removing handlers and reinstalling the
SLF4JBridgeHandler on every activateLogging() call, which matters
in embedded/resident-mode scenarios where Maven is invoked multiple
times in the same JVM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cover the JUL bridge behavior introduced in GH-11683:
- Bridge is installed during activateLogging()
- isInstalled() guard prevents redundant reinstallation
- JUL messages are routed through SLF4J after bridge setup

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bumps [org.apache.maven:maven-parent](https://github.com/apache/maven-parent) from 48 to 49.
- [Release notes](https://github.com/apache/maven-parent/releases)
- [Commits](https://github.com/apache/maven-parent/commits)

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-parent
  dependency-version: '49'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.36 to 1.5.37.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.36...v_1.5.37)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.37
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [org.apache:apache](https://github.com/apache/maven-apache-parent) from 38 to 39.
- [Release notes](https://github.com/apache/maven-apache-parent/releases)
- [Commits](https://github.com/apache/maven-apache-parent/commits)

---
updated-dependencies:
- dependency-name: org.apache:apache
  dependency-version: '39'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/cache/save](https://github.com/actions/cache) from 6.0.0 to 6.1.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@2c8a9bd...55cc834)

---
updated-dependencies:
- dependency-name: actions/cache/save
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/cache/restore](https://github.com/actions/cache) from 6.0.0 to 6.1.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@2c8a9bd...55cc834)

---
updated-dependencies:
- dependency-name: actions/cache/restore
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [net.sourceforge.pmd:pmd-core](https://github.com/pmd/pmd) from 7.25.0 to 7.26.0.
- [Release notes](https://github.com/pmd/pmd/releases)
- [Commits](pmd/pmd@pmd_releases/7.25.0...pmd_releases/7.26.0)

---
updated-dependencies:
- dependency-name: net.sourceforge.pmd:pmd-core
  dependency-version: 7.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps `jlineVersion` from 4.2.1 to 4.3.1.

Updates `org.jline:jline-reader` from 4.2.1 to 4.3.1
- [Release notes](https://github.com/jline/jline3/releases)
- [Commits](jline/jline3@4.2.1...4.3.1)

Updates `org.jline:jline-style` from 4.2.1 to 4.3.1
- [Release notes](https://github.com/jline/jline3/releases)
- [Commits](jline/jline3@4.2.1...4.3.1)

Updates `org.jline:jline-builtins` from 4.2.1 to 4.3.1
- [Release notes](https://github.com/jline/jline3/releases)
- [Commits](jline/jline3@4.2.1...4.3.1)

Updates `org.jline:jline-console` from 4.2.1 to 4.3.1
- [Release notes](https://github.com/jline/jline3/releases)
- [Commits](jline/jline3@4.2.1...4.3.1)

Updates `org.jline:jline-console-ui` from 4.2.1 to 4.3.1
- [Release notes](https://github.com/jline/jline3/releases)
- [Commits](jline/jline3@4.2.1...4.3.1)

Updates `org.jline:jline-terminal` from 4.2.1 to 4.3.1
- [Release notes](https://github.com/jline/jline3/releases)
- [Commits](jline/jline3@4.2.1...4.3.1)

Updates `org.jline:jline-terminal-ffm` from 4.2.1 to 4.3.1
- [Release notes](https://github.com/jline/jline3/releases)
- [Commits](jline/jline3@4.2.1...4.3.1)

Updates `org.jline:jline-terminal-jni` from 4.2.1 to 4.3.1
- [Release notes](https://github.com/jline/jline3/releases)
- [Commits](jline/jline3@4.2.1...4.3.1)

Updates `org.jline:jline-native` from 4.2.1 to 4.3.1
- [Release notes](https://github.com/jline/jline3/releases)
- [Commits](jline/jline3@4.2.1...4.3.1)

Updates `org.jline:jansi-core` from 4.2.1 to 4.3.1
- [Release notes](https://github.com/jline/jline3/releases)
- [Commits](jline/jline3@4.2.1...4.3.1)

---
updated-dependencies:
- dependency-name: org.jline:jline-reader
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.jline:jline-style
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.jline:jline-builtins
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.jline:jline-console
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.jline:jline-console-ui
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.jline:jline-terminal
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.jline:jline-terminal-ffm
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.jline:jline-terminal-jni
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.jline:jline-native
  dependency-version: 4.3.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
- dependency-name: org.jline:jansi-core
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.18.10 to 1.18.11.
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](raphw/byte-buddy@byte-buddy-1.18.10...byte-buddy-1.18.11)

---
updated-dependencies:
- dependency-name: net.bytebuddy:byte-buddy
  dependency-version: 1.18.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This collection is modified by multiple threads, e.g. the FastTerminal
setup thread calling context.closeables.add(out::flush). This can result
in closeables being lost and can make subsequent builds with the embedded
runner fail.

Signed-off-by: Stefan Oehme <st.oehme@gmail.com>
Co-authored-by: Stefan Oehme <st.oehme@gmail.com>
…tend to failsafe plugin (#12369) (#12415)

* [MNG-11449] Fix Mockito agent: use late binding @{} interpolation and extend to failsafe plugin

The mockito profile activated by dependency:properties used Maven property
interpolation (\) which resolves at POM parse time - before the
dependency:properties goal runs and sets the org.mockito:mockito-core:jar
property. This caused the javaagent path to remain unresolved.

Fix: use Surefire/Failsafe late-binding property interpolation (@{...})
which resolves the property at test execution time, after dependency:properties
has already set it.

Also:
- Restore @{jacocoArgLine} placeholder (was dropped in previous attempt)
- Extend the profile to cover maven-failsafe-plugin as well

Fixes: https://issues.apache.org/jira/browse/MNG-11449

* [MNG-11449] Fix Mockito agent profile collision with JaCoCo profile

When both jacoco and mockito profiles were active, the jacoco profile's surefire configuration overrode the mockito profile's surefire pluginManagement configuration. This caused the mockito javaagent to be silently dropped for unit tests.

Fix: Refactor the surefire and failsafe argLine to be composed dynamically via properties:
- Define argLine.xmx (default: -Xmx256m) and argLine.mockito (default: empty) in the root POM properties.
- Update default pluginManagement configuration for surefire/failsafe to: \ @{jacocoArgLine} \
- Modify the mockito profile to only set argLine.mockito property to the mockito javaagent.
- Modify the jacoco profile to only override argLine.xmx property to -Xmx1G and remove the direct surefire argLine override.

This ensures both profiles can be active simultaneously without overriding each other's configurations.

Co-authored-by: B V HITESH SAI <hiteshsaibv.24cs@saividya.ac.in>
…12424)

This introduces no behaviour change between Maven 3 and 4, merely the labels for "source" of profiles got different.

Fixes #12405

Backport of 923106a
Bumps `resolverVersion` from 2.0.18 to 2.0.20.

Updates `org.apache.maven.resolver:maven-resolver-api` from 2.0.18 to 2.0.20
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](apache/maven-resolver@maven-resolver-2.0.18...maven-resolver-2.0.20)

Updates `org.apache.maven.resolver:maven-resolver-spi` from 2.0.18 to 2.0.20
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](apache/maven-resolver@maven-resolver-2.0.18...maven-resolver-2.0.20)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 2.0.18 to 2.0.20
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](apache/maven-resolver@maven-resolver-2.0.18...maven-resolver-2.0.20)

Updates `org.apache.maven.resolver:maven-resolver-util` from 2.0.18 to 2.0.20
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](apache/maven-resolver@maven-resolver-2.0.18...maven-resolver-2.0.20)

Updates `org.apache.maven.resolver:maven-resolver-named-locks` from 2.0.18 to 2.0.20
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](apache/maven-resolver@maven-resolver-2.0.18...maven-resolver-2.0.20)

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 2.0.18 to 2.0.20
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](apache/maven-resolver@maven-resolver-2.0.18...maven-resolver-2.0.20)

Updates `org.apache.maven.resolver:maven-resolver-transport-file` from 2.0.18 to 2.0.20
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](apache/maven-resolver@maven-resolver-2.0.18...maven-resolver-2.0.20)

Updates `org.apache.maven.resolver:maven-resolver-transport-apache` from 2.0.18 to 2.0.20
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](apache/maven-resolver@maven-resolver-2.0.18...maven-resolver-2.0.20)

Updates `org.apache.maven.resolver:maven-resolver-transport-jdk` from 2.0.18 to 2.0.20

Updates `org.apache.maven.resolver:maven-resolver-transport-wagon` from 2.0.18 to 2.0.20
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](apache/maven-resolver@maven-resolver-2.0.18...maven-resolver-2.0.20)

Updates `org.apache.maven.resolver:maven-resolver-tools` from 2.0.18 to 2.0.20
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](apache/maven-resolver@maven-resolver-2.0.18...maven-resolver-2.0.20)

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-api
  dependency-version: 2.0.20
  dependency-type: direct:development
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-spi
  dependency-version: 2.0.20
  dependency-type: direct:development
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 2.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-util
  dependency-version: 2.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-named-locks
  dependency-version: 2.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 2.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-file
  dependency-version: 2.0.20
  dependency-type: direct:development
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-apache
  dependency-version: 2.0.20
  dependency-type: direct:development
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-jdk
  dependency-version: 2.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-wagon
  dependency-version: 2.0.20
  dependency-type: direct:development
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-tools
  dependency-version: 2.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The backported NPE fix for DefaultLookup.lookupOptional (#12340) —
switching Optional.of to Optional.ofNullable so a null component lookup
returns an empty Optional instead of throwing NullPointerException —
shipped without a regression test.

Add DefaultLookupTest in maven-core covering both lookupOptional overloads
across four scenarios: null component -> empty Optional (the guarded NPE
case), present component -> value, ComponentLookupException caused by
NoSuchElementException -> empty, and any other cause -> rethrown as
LookupException.

Co-authored-by: Gerd Aschemann <ascheman@apache.org>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@hboutemy hboutemy closed this Jul 8, 2026
@hboutemy hboutemy deleted the push-to-atr-4.0.x branch July 8, 2026 21:40
@hboutemy hboutemy restored the push-to-atr-4.0.x branch July 8, 2026 21:41
@hboutemy hboutemy deleted the push-to-atr-4.0.x branch July 8, 2026 21:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.