This repository was archived by the owner on Jul 8, 2025. It is now read-only.
[pull] develop from eXist-db:develop#383
Open
pull[bot] wants to merge 1602 commits into
Open
Conversation
Litmus locks tests cond_put_corrupt_token and fail_cond_put_unlocked were returning 204 No Content when they should have returned 412 Precondition Failed: the If header asserted state-tokens that were not actually held by the resource (a corrupt opaquelocktoken in one case, the special <DAV:no-lock> guaranteed-no-match URI in the other). Jackrabbit's matchesIfHeader/isPreconditionValid path was permissive in these scenarios. Add an explicit pre-check (validateIfHeaderLockTokens) wired into PUT, PROPPATCH, DELETE, COPY and MOVE that parses the If-header per RFC 4918 §10.4 and rejects any positive state-token assertion whose URI is not in the union of locks held on the resource and on any deep-locked ancestor collection. The parser tracks paren depth so it distinguishes Tagged-list Resource-Tags (a <URI> outside parens that scopes the next list and is NOT an assertion) from State-tokens (a <URI> inside parens that asserts the resource holds that token). Negated assertions (Not <token>) are left for Jackrabbit's existing precondition path since they require the opposite check. ETag-form preconditions ([etag]) are unchanged. Litmus locks now passes 37/37 (was 35/37, with the failing pair returning 204 instead of 412). The other three suites remain at 100% (basic 16/16, copymove 13/13, props 28/28). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The jackrabbit-webdav fork now lives at eXist-db/jackrabbit-webdav-jakarta and publishes to maven.pkg.github.com via GitHub Actions on tag. Add the <repository> entry so the org.exist-db.thirdparty.org.apache.jackrabbit artifact resolves from there instead of the third-party Maven repo. Mirrors the existing github / github-xqts-runner precedent; releases AND snapshots enabled since we cut tagged releases on the new repo (unlike xqts-runner which is snapshot-only). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The new <repository id="github-jackrabbit-webdav-jakarta"> in exist-parent/pom.xml needs a matching <server> in CI's settings.xml so the GITHUB_TOKEN can authenticate to maven.pkg.github.com (which requires auth even for public packages). Without this, the build fails with 401 Unauthorized when resolving org.exist-db.thirdparty.org.apache.jackrabbit:jackrabbit-webdav:2.22.3-jakarta-ee10. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The maven-github-settings composite action (which writes ~/.m2/settings.xml with auth for the eXist-db org's GitHub Packages repos) was only invoked from the OWASP dependency-check job. The other jobs that run mvn — ci-test test job, ci-container, webdav-compliance — had no settings.xml at all and hit 401 Unauthorized resolving the new jackrabbit-webdav-jakarta artifact. Pre-PR these jobs ran fine without auth because nothing critical was fetched from GitHub Packages (the existing github-xqts-runner reference only triggered harmless metadata warnings). The new jackrabbit dep is the first artifact eXist actually consumes from GitHub Packages, so all mvn jobs now need auth. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Three issues flagged on PR #6364: 1. Unnecessary fully qualified name 'jakarta.servlet.ServletException' (already imported) 2. Nested if statements that could be combined (extractStateTokens, "Not" prefix detection) 3. NPath complexity 320 in attachSession (threshold 200) While addressing (3), decomposed attachSession into tryBasicAuth and tryContainerPrincipal helpers, dropping the method to a linear flow with NPath well under threshold. Lifted the write-methods set to a static constant. Additional sweep cleaned up other FQNs (java.io.IOException across the doXxx overrides, java.util.Base64, java.security.Principal, org.exist.security.AuthenticationException) and moved WRITE_METHODS above the constructor per PMD's FieldDeclarationsShouldBeAtStartOfClass. Codacy now reports zero findings on the file. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…-webdav-onto-develop
… 1080 → under threshold) Codacy flagged createLock() at NPath 1080 (#6364 review by @duncdrum). Extract three private helpers — validateLockRequest, checkExistingLockCompatibility, storeLockEntry — and reduce createLock to a 7-line orchestrator. Behavior unchanged. The five other NPath warnings Codacy reports on this PR's diff scope (ExistCollection.createFile, .resourceCopyMove; ExistDocument.lock, .resourceCopyMove, .refreshLock) are pre-existing on develop and not introduced by this PR — left for separate refactoring work. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces .github/workflows/webdav-compliance.yml with a new bats spec exist-docker/src/test/bats/04-webdav-litmus.bats. Addresses @duncdrum's architectural review on #6364: 1. No more duplicate container build — the bats spec runs against the exist-ci container that ci-container.yml already builds and starts, not a second one. 2. WebDAV checks are now part of the bats suite, runnable locally via `bats --tap exist-docker/src/test/bats/*.bats` against any running exist-ci container. 3. Trigger scope widens — bats runs on every ci-container invocation (Jetty bumps, develop pushes, etc.), not only when extensions/webdav files change. 4. Local-runnable: per (2). macOS contributors can install litmus via MacPorts; Linux contributors via apt. 5. Litmus caching — replaced the source build (autoreconf, neon submodule, autogen.sh) with `apt-get install litmus`. Ubuntu packages a stable release, decoupling us from upstream litmus master instability and using apt's built-in caching. 6. Decoupled from unstable upstream — apt's stable-release packaging plays the same role a separate fork/repo would (Duncan's #6 ask), without the maintenance overhead of a new repo. The litmus-baseline.txt + litmus-check.sh stay in extensions/webdav/src/test/resources/ and are invoked by the bats spec. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
[bugfix] Preserve static context in union-step distribution
…empty-termMap scans Closes #5738 util:expand with match-highlighting on full-text hits was several orders of magnitude slower than util:expand with highlighting off, even on small result sets. The reporter's bench showed ~1052 ms vs ~2.7 ms for a single hit and the gap widened to several seconds for batch util:expand($hits) over a wildcard-matched corpus. LuceneMatchListener.reset() runs once per node passed through the serializer chain. Two costs were repeated unnecessarily on every reset(): 1. getTerms() reopened the IndexReader and re-rewrote each query's terms, even when the prior reset() had just done the same work. For wildcard and prefix queries on large indexes, term enumeration dominates. 2. scanMatches() walked the entry's XML stream and tokenized its text even when termMap was empty - the typical case for named-field queries like `lemma:Aachen` after PR #3467's configured-field exclusion. Every token lookup returned null but the work was done anyway. Fix: - Cache rewritten rawTerms per Lucene Query identity in a bounded LRU (max 32 entries). Lucene Query.equals is content-based, so semantically equal queries share a cache slot. Batch util:expand($hits) where every hit shares one ft:query now pays the term-rewrite cost once, not per hit. - After getTerms() builds termMap, short-circuit reset() and startElement() when termMap is empty. No token can match, nodesWithMatch will stay empty, and characters() always passes through unchanged - so the SAX events flow without any deep scanning work. Measured on an isolated reproducer (5000 TEI-style entries, lemma:a* wildcard returning ~2500 hits): - batch util:expand($hits): 1441 ms -> 312 ms (~4.6x) Single-hit subsequence($hits, 1, 1) cases remain fast in the embedded reproducer; the larger gains the issue reports come from the batch serialization path and from skipping scanMatches when the configured-field exclusion would have produced an empty termMap anyway. Tests: - UtilExpandHighlightingPerformanceTest covers correctness (PR #3467 field-exclusion preserved, batch expand matches per-hit for-loop) and perf-threshold regression guards (single-hit ratio < 20x, batch ratio < 15x). - All existing LuceneMatchListenerTest, LuceneIndexTest, SerializeAttrMatchesTest, ExpandTest, and ngram tests pass. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…emoization Per review on PR #6318: replace the bounded LinkedHashMap LRU with a Caffeine cache. Caffeine is already in the eXist dep graph; using it gives configurable size, statistics, proper concurrency, and eviction policies, instead of the hand-rolled LRU. Same 32-entry bound as before. Behavior unchanged: a Lucene Query's rewritten terms are computed once per query identity within the listener's lifetime. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ncan review) Per @duncdrum's review of #6318: - The correctness checks fit xqsuite better than surefire (in-DB query shape, no need for Java-side BrokerPool setup or ENTRY_COUNT scale). - The two perf-ratio tests (singleHit < 20x, batch < 15x) belong in JMH, not surefire — perf assertions are inherently flaky on shared CI runners and the index-extension reactor doesn't have a benchmark module yet. Filed as follow-up issue; deferring out of this PR. Replaces UtilExpandHighlightingPerformanceTest.java (5 @test methods) with extensions/indexes/lucene/src/test/xquery/lucene/ft-expand-highlight.xqm (3 xqsuite tests). The xqsuite spec runs via the existing xquery.lucene.LuceneTests launcher. The 3 retained tests map 1:1 to the 3 original correctness checks: - named-field-query-produces-no-highlights — PR #3467 invariant (the empty-termMap short-circuit's safety property) - implicit-field-query-still-highlights — sanity check that the short-circuit doesn't over-suppress - batch-expand-matches-per-hit-for-loop — the path the term-rewrite cache exercises The TEI-flavored test corpus is gone — replaced with a generic dict/entry shape using only the minimal element vocabulary needed (entry, form, orth, sense, def) and no XML namespaces, addressing Duncan's "boilerplate without testing value" comment. Verified: 633/0/0 in xquery.lucene.LuceneTests on Java 21 (was 630 before this commit; +3 from the new spec). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…recate functionsOrdered flag Closes #6378 The functionsOrdered=true constructor flag opted modules into binary search at the cost of an unenforced precondition: callers had to pass a FunctionDef[] already sorted by FunctionId order. Five first-party modules learned to satisfy the contract via boilerplate static blocks (`static { Arrays.sort(functions, new FunctionComparator()); }`). Third-party modules unaware of the convention (e.g. existdb-openapi's cursor module, see #6376) silently lost function-lookup reachability when their declaration order happened to violate the binary-search contract. Per duncdrum's preference on #6378, the broken-when-unsorted behavior is removed. Per line-o's review of #6384, the 3-arg constructor is retained as @deprecated rather than removed outright, so external modules continue to compile against eXist 7 without source changes — just a deprecation warning. Changes to AbstractInternalModule.java: - 2-arg constructor (FunctionDef[], Map) now defensive-copies + sorts the array. The caller's static final array is left intact. - 3-arg constructor (FunctionDef[], Map, boolean) marked @deprecated (since="7.0.0", forRemoval=true). The boolean parameter is ignored; the constructor delegates to the 2-arg form. - Remove the `ordered` field and the `if (ordered)` branch in getFunctionDef(); binary search is now unconditional. - Reorder field declarations above the FunctionComparator inner class per PMD FieldDeclarationsShouldBeAtStartOfClass. Sort cost: O(N log N) once per module instance construction; trivial at typical module sizes (eXist's largest is FnModule with ~500 functions, sorted in microseconds). Tests (AbstractInternalModuleSortTest): - unsortedDeclarationOrderStillFindsAllFunctions — the #6376 reproducer, now safe by construction - callerArrayIsNotMutated — verifies the defensive copy - alreadySortedArrayFindsAllFunctions — common-case sanity - sameQnameDifferentAritiesAllFound — secondary sort key honored - deprecatedThreeArgConstructorStillWorks — backwards-compat: an external module compiled against pre-#6378 eXist that still uses super(functions, parameters, true|false) compiles and produces a functioning module via the @deprecated delegating constructor Caller updates and removal of redundant static-sort blocks ship in the follow-up commit in the same PR. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…uctors Follow-up to the AbstractInternalModule deprecation (#6378). The boolean third argument has no effect — the base class always sorts. 20 callers switch to the cleaner 2-arg form so the codebase doesn't keep emitting deprecation warnings against itself, and the 5 modules that carried a `static { Arrays.sort(functions, new FunctionComparator()); }` block no longer need it (the base class does this work); remove the blocks and the now-unused java.util.Arrays imports. Callers updated (20 files): - exist-core: BackupModule, FnModule, InspectionModule, RequestModule, UtilModule, XMLDBModule, ArrayModule, MapModule, WebSocketModule, ConsoleCompatModule. - extensions: ContentExtractionModule, ExiftoolModule, XQDocModule, CounterModule, ProcessModule, VectorModule, LuceneModule, SortModule, NGramModule, RangeIndexModule. Static-sort blocks removed (5 modules): XMLDBModule, UtilModule, RequestModule, FnModule, CounterModule. External modules compiled against pre-#6378 eXist that still use the deprecated 3-arg constructor will continue to compile against eXist 7 with a deprecation warning, no source changes required. Net: -34 lines of boilerplate across the codebase. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bumps the maven-plugins-apache group with 1 update in the / directory: [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer). Updates `org.apache.maven.plugins:maven-enforcer-plugin` from 3.6.2 to 3.6.3 - [Release notes](https://github.com/apache/maven-enforcer/releases) - [Commits](apache/maven-enforcer@enforcer-3.6.2...enforcer-3.6.3) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-enforcer-plugin dependency-version: 3.6.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: maven-plugins-apache ... Signed-off-by: dependabot[bot] <support@github.com>
[refactor] Always sort internal-module FunctionDef[]; drop functionsOrdered flag (#6378)
…-apache-92c47fc95f Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3 in the maven-plugins-apache group across 1 directory
[bugfix] following::* axis position-dependence (#2129)
…egistered-modules() Previously, util:registered-modules() only returned namespace URIs from Java built-in modules and Java EXPath package modules. XQuery EXPath package modules and conf.xml-mapped XQuery modules were invisible. This expands util:registered-modules() to enumerate all four module sources with deduplication, and adds util:registered-modules-info() which returns a sequence of maps with keys "uri", "prefix", and "source" (one of "built-in", "package", or "mapped"). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…e modules The 0-arity util:registered-functions() previously only enumerated functions from already-loaded modules. This resolves Java EXPath package modules that haven't been imported yet, making their functions discoverable. Adds deduplication across all function sources. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace boolean %test:assertTrue assertions with more informative ones
that show what failed on failure:
- util-is-registered: %test:assertEquals("true") for clear expected value
- no-duplicates: %test:assertEquals(0) shows duplicate count on failure
- info-missing-keys: %test:assertEmpty returns offending maps on failure
- info-invalid-sources: %test:assertEmpty returns maps with bad sources
- info-uris-match-registered: split into two %test:assertEmpty tests
(registered-not-in-info, info-not-in-registered) showing mismatched URIs
- util-is-built-in: %test:assertEquals("built-in") for clear expected value
- mapped-modules-in-registered: kept %test:assertTrue (universal quantifier)
Uses map:get() instead of ?key lookup syntax for XQ 3.1 parser compat.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Per @line-o's review: use the mutable add(key, value) method instead of the immutable put() which returns a new MapType each time. Cleaner and avoids unnecessary object creation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Applies the five inline review comments from #6182 (2026-05-07): ExistRepository.java - Extract the EXPath namespace URI as a PKG_NAMESPACE constant (matches the existing pattern in AppRestoreUtils + Deployment). - Extract the expath-pkg.xml parsing out of getXQueryModules() into a new private getExpathPkgXQueryModules(Package) helper. Inverts the pkgDescriptor null/missing check so the common case stays at minimal indentation; also flattens the inner empty-namespace check with a continue. BuiltinFunctions.java - Rename addFunctionsFromModulesDedup -> addDistinctFunctionsFromModules (3 call sites updated). ModuleInfo.java - Extract the switch's default arm into a new private evalRegisteredModules() method, mirroring the already-extracted evalRegisteredModulesInfo() pattern. The switch expression now reads uniformly as one-line arrows. No behaviour changes. xquery.util.UtilTests passes 69/69 (includes the moduleDiscoveryTest.xql assertions that exercise registered-modules()). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bumps the jline group with 2 updates: [org.jline:jline](https://github.com/jline/jline3) and [org.jline:jansi](https://github.com/jline/jline3). Updates `org.jline:jline` from 4.1.0 to 4.1.2 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.0...4.1.2) Updates `org.jline:jansi` from 4.1.0 to 4.1.2 - [Release notes](https://github.com/jline/jline3/releases) - [Commits](jline/jline3@4.1.0...4.1.2) --- updated-dependencies: - dependency-name: org.jline:jline dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: jline - dependency-name: org.jline:jansi dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: jline ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the maven-plugins-apache group with 1 update: [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin). Updates `org.apache.maven.plugins:maven-site-plugin` from 3.21.0 to 3.22.0 - [Release notes](https://github.com/apache/maven-site-plugin/releases) - [Commits](apache/maven-site-plugin@maven-site-plugin-3.21.0...maven-site-plugin-3.22.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-site-plugin dependency-version: 3.22.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-plugins-apache ... Signed-off-by: dependabot[bot] <support@github.com>
XQueryContext.resolveInEXPathRepository computes the location of an imported module relative to the importing module's load path via Path.relativize(). When a client sends a synthetic load path that isn't a real collection URI -- e.g. eXide sends "xmldb:exist://__new__1" for unsaved in-memory buffers -- Path.relativize throws IllegalArgumentException, which surfaces to the user as an XPath compile error and prevents the query from importing any library module. Extract the relativize call into a small package-private helper (relativizeOrFallback) that catches IllegalArgumentException and falls back to the absolute source collection, matching the behaviour of the existing "." load-path case. Unit-tested in XQueryContextTest. Reported by @line-o in the eXist-db Slack #core-dev channel (thread 2026-05-21 14:14 EDT).
Activate with `-Pizpack-rollback-5.2.4` to verify the IzPack 5.2.4 -> 5.2.5
upgrade caused the assembled installer JAR's console-mode regression:
java -jar exist-installer/target/exist-installer-*.jar -console
# Exception in thread "main" java.lang.NoClassDefFoundError:
# org/jsoup/nodes/Node
# at ... HTMLInfoConsolePanel construction
IzPack 5.2.5 rewrote AbstractTextConsolePanel's HTML extraction to use
jsoup (`Jsoup.parse` / `Document.selectFirst` / `Element.text` /
`Document.body`). izpack-installer-5.2.5.pom declares jsoup 1.18.3 as a
dependency, but the izpack-maven-plugin's installer-jar assembly does
not pull jsoup into the output. The 5.2.4 panel has no jsoup bytecode
references and is unaffected.
Building with this profile pins `izpack.version` to 5.2.4 and produces
an installer JAR that runs through the first HTMLInfoPanel cleanly
under both GUI and console modes. Verified locally.
Default behaviour stays on 5.2.5 (still broken in console mode) so this
PR does not unilaterally land a one-direction fix; the profile is the
A/B harness for confirming the rollback resolves the symptom (on
Windows + macOS + Linux) before deciding whether to roll back or wait
for an upstream izpack-maven-plugin fix.
Bumps `jetty.version` from 12.1.9 to 12.1.10. Updates `org.eclipse.jetty:jetty-server` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-xml` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-util` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-jmx` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-security` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-http` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty.ee10:jetty-ee10-annotations` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-deploy` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty.ee10:jetty-ee10-jndi` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty.ee10:jetty-ee10-plus` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty.ee10:jetty-ee10-servlet` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jakarta-server` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jakarta-client` from 12.1.9 to 12.1.10 --- updated-dependencies: - dependency-name: org.eclipse.jetty:jetty-server dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:jetty-xml dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:jetty-util dependency-version: 12.1.10 dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:jetty-jmx dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:jetty-security dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:jetty-http dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-annotations dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:jetty-deploy dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-jndi dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-plus dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-servlet dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jakarta-server dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jakarta-client dependency-version: 12.1.10 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
A/B confirmed via the profile in the previous commit: IzPack 5.2.5's new jsoup runtime dep is missing from the assembled installer JAR, so `java -jar exist-installer-*.jar -console` crashes on the first HTMLInfoPanel with NoClassDefFoundError: org.jsoup.nodes.Node. 5.2.4 has no jsoup bytecode in that path and runs cleanly. Per Patrick (Slack thread): a proper upstream fix would need a new IzPack release (5.2.6+) that updates the izpack-maven-plugin's assembly to bundle jsoup. Until that ships, this PR pins `izpack.version` directly to 5.2.4 as the unblocking change for the 7.0.0 release (which Duncan endorsed in the same thread). Drops the diagnostic profile added in the previous commit — once develop is on 5.2.4 there's nothing to A/B against. Net change versus develop is now a one-line property bump in exist-parent/pom.xml. Verified locally on macOS (Zulu 21): build clean, `java -jar … -console` renders the "Information / Welcome to the eXist-db Installer!" panel and waits for input.
Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.18.8 to 1.18.10. - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](raphw/byte-buddy@byte-buddy-1.18.8...byte-buddy-1.18.10) --- updated-dependencies: - dependency-name: net.bytebuddy:byte-buddy dependency-version: 1.18.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the actions group with 2 updates: [actions/download-artifact](https://github.com/actions/download-artifact) and [softprops/action-gh-release](https://github.com/softprops/action-gh-release). Updates `actions/download-artifact` from 7 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v7...v8) Updates `softprops/action-gh-release` from 2.6.2 to 3.0.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@3bb1273...b430933) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Patrick Reinhart <patrick@reini.net>
bugfix: Add missing class path entry
…ons-e15e9b9798
…-byte-buddy-1.18.10 Bump net.bytebuddy:byte-buddy from 1.18.8 to 1.18.10
[bugfix] repo:remove: throw with diagnostic info instead of swallowing exceptions
Signed-off-by: Patrick Reinhart <patrick@reini.net>
Bumps the jetty group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | org.eclipse.jetty:jetty-server | `12.1.9` | `12.1.10` | | org.eclipse.jetty:jetty-xml | `12.1.9` | `12.1.10` | | org.eclipse.jetty:jetty-util | `12.1.9` | `12.1.10` | | org.eclipse.jetty:jetty-jmx | `12.1.9` | `12.1.10` | | org.eclipse.jetty:jetty-security | `12.1.9` | `12.1.10` | | org.eclipse.jetty:jetty-http | `12.1.9` | `12.1.10` | | org.eclipse.jetty:jetty-deploy | `12.1.9` | `12.1.10` | Updates `org.eclipse.jetty:jetty-server` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-xml` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-util` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-jmx` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-security` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-http` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-deploy` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-xml` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-util` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-jmx` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-security` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-http` from 12.1.9 to 12.1.10 Updates `org.eclipse.jetty:jetty-deploy` from 12.1.9 to 12.1.10 --- updated-dependencies: - dependency-name: org.eclipse.jetty:jetty-deploy dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: jetty - dependency-name: org.eclipse.jetty:jetty-deploy dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: jetty - dependency-name: org.eclipse.jetty:jetty-http dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: jetty - dependency-name: org.eclipse.jetty:jetty-http dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: jetty - dependency-name: org.eclipse.jetty:jetty-jmx dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: jetty - dependency-name: org.eclipse.jetty:jetty-jmx dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: jetty - dependency-name: org.eclipse.jetty:jetty-security dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: jetty - dependency-name: org.eclipse.jetty:jetty-security dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: jetty - dependency-name: org.eclipse.jetty:jetty-server dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: jetty - dependency-name: org.eclipse.jetty:jetty-util dependency-version: 12.1.10 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: jetty - dependency-name: org.eclipse.jetty:jetty-util dependency-version: 12.1.10 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: jetty - dependency-name: org.eclipse.jetty:jetty-xml dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: jetty - dependency-name: org.eclipse.jetty:jetty-xml dependency-version: 12.1.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: jetty ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the maven-plugins-tools group with 1 update: [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco). Updates `org.jacoco:jacoco-maven-plugin` from 0.8.14 to 0.8.15 - [Release notes](https://github.com/jacoco/jacoco/releases) - [Commits](jacoco/jacoco@v0.8.14...v0.8.15) --- updated-dependencies: - dependency-name: org.jacoco:jacoco-maven-plugin dependency-version: 0.8.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: maven-plugins-tools ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [com.fifesoft:rsyntaxtextarea](https://github.com/bobbylight/rsyntaxtextarea) from 3.6.2 to 3.6.3. - [Release notes](https://github.com/bobbylight/rsyntaxtextarea/releases) - [Commits](bobbylight/RSyntaxTextArea@3.6.2...3.6.3) --- updated-dependencies: - dependency-name: com.fifesoft:rsyntaxtextarea dependency-version: 3.6.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…rsyntaxtextarea-3.6.3 Bump com.fifesoft:rsyntaxtextarea from 3.6.2 to 3.6.3
…-tools-a950eb37a6 Bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 in the maven-plugins-tools group
…n-commons-daemon-1.6.0
Bump the jetty group across 1 directory with 7 updates
The autodeploy directory system property was set with Unix-style variable
syntax in the Windows batch template:
-Dexist.autodeploy.dir="$BASEDIR\autodeploy"
In a .bat script $BASEDIR is not expanded, so exist.autodeploy.dir pointed at
a literal "$BASEDIR\autodeploy" path that does not exist. eXist therefore found
no autodeploy directory and installed none of the bundled packages on Windows
(empty apps collection, dashboard and eXide returning 404). Every other system
property in the template already uses Windows-style %BASEDIR%; this line was the
only Unix-style reference, introduced when the autodeploy.dir property was added
in PR #6267. Use %BASEDIR% to match.
Closes #6456
Bumps the jackson group with 2 updates in the / directory: [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) and [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson). Updates `com.fasterxml.jackson.core:jackson-core` from 2.21.3 to 2.22.0 - [Commits](FasterXML/jackson-core@jackson-core-2.21.3...jackson-core-2.22.0) Updates `com.fasterxml.jackson.core:jackson-databind` from 2.21.3 to 2.22.0 - [Commits](https://github.com/FasterXML/jackson/commits) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-version: 2.21.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: jackson - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-version: 2.22.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: jackson ... Signed-off-by: dependabot[bot] <support@github.com>
…192c4 Bump the jackson group across 1 directory with 2 updates
`ExistWebServer` probed for a free port by opening and immediately closing a ServerSocket, then passed that port number to Jetty. Between the probe and Jetty's `bind()` another fork JVM (forkCount=2C) could claim the same port, producing sporadic "Failed to bind" failures in the WebDAV test suite and anywhere else ExistWebServer is used. Fix seems almost too simply just set port to `0` and let the OS handle it.
[bugfix] eliminate port-binding TOCTOU race in test servers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.1)
Can you help keep this open source service alive? 💖 Please sponsor : )