Bump commons-io from 2.10.0 to 2.11.0 by dependabot[bot] · Pull Request #303 · s4u/pgpverify-maven-plugin (original) (raw)

Bumps commons-io from 2.10.0 to 2.11.0.

updated-dependencies:

• dependency-name: commons-io:commons-io dependency-type: direct:production update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] support@github.com

Bot added the dependencies

Pull requests that update a dependency file

label

Jul 14, 2021

pzygielo pushed a commit to pzygielo/pgpverify-maven-plugin that referenced this pull request

May 31, 2024

…#303)

This class currently gives away same names for artifact and metadata locks, that causes MRESOLVER-373 where artifact and metadata resolver together attempt illegal "lock upgrade", as both operate on same named lock.

This is wrong, as all other name mappers distinguish among them, also in case of snapshots, there are cases when shared lock is enough for artifact but metadata MAY need refresh, hence exclusive.

Important note: changing "naming" implies, that Maven carrying resolver with this change will be UNABLE to properly "share" local repository with older Mavens (so if this gets into Maven 3.9.3, it will properly share local repository other Maven 3.9.3+ instances, but not with 3.9.2, 3.9.1 or 3.9.0!)

https://issues.apache.org/jira/browse/MRESOLVER-373

This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters

[ Show hidden characters]({{ revealButtonHref }})