Managed Dependencies · ben-manes/caffeine · Discussion #867 (original) (raw)

Yes, it was an accidental metadata leak which should be resolved in 396a940 and 7321a56. The security scanners were warning about test libraries and build plugin transitive dependencies, I suppose because exploits of CI/CD are becoming more common threats now. The dependency constraints leaked into the external metadata. I was hoping to do a final review of the changes and release this week.

You must be logged in to vote

4 replies

Thank you. BTW, do you know how long it usually takes to show up in maven repository?

It usually takes about 10 minutes to get into the repository and an hour to get indexed for the search ui. Sometimes search takes longer or I’ll have to file a ticket, but getting into the repository is always within 1-2 hours at worst.

Oh I meant central (maven.org), I don’t know about mvnrepository which is unrelated and often confused as if official. Probably a day or two.