Community
Participate
Working Groups
log4j 1.2.15 is problematic because of CVEs. Orbit now has reload4j (currently version 1.2.19) which is a drop in replacement as long as nothing too tightly constrains versions to 1.2.15. The org.eclipse.xtend.dependencies_2.2.0.v201605260315.jar includes log4j 1.2.15 which causes it to be pulled into SimRel.
this is the old "xpand" xtend
xpand is dead there is ci nor anything that would allow to create new releases.
(In reply to Christian Dietrich from comment #2) > xpand is dead > there is ci nor anything that would allow to create new releases. OK. Thanks for the info. I see you have regularly touched it in SimRel to keep it alive there. Should it be still? If there is no CI it seems like a bad idea to be releasing it :-(
the current xtext release (2022-03) still has parts that (optionally) depend on it but i dont know if this optional is really optional
Thanks - I will bring the question of what to do to the planning council to see what is a way forward.
the question is: can single plugins be added to simrel too
xpand has Require-Bundle: org.eclipse.xtend, xtend has: Require-Bundle: org.eclipse.emf.mwe.core;visibility:=reexport, org.antlr.runtime;bundle-version="[3.2.0,3.2.1)", org.eclipse.emf.common, com.ibm.icu;bundle-version="4.0.0";resolution:=optional;visibility:=reexport;x-installation:=greedy so the dependencies feature does not seem to needed for the plugins only
@jonah is there a way to produce a simrel "branch" repo where things can be tested against
Created attachment 288112 [details] xtext.generator deps to xpand/xtend(1)
New Gerrit change created: https://git.eclipse.org/r/c/simrel/org.eclipse.simrel.build/+/191151
(In reply to Christian Dietrich from comment #8) > @jonah is there a way to produce a simrel "branch" repo where things can be > tested against I do such tests locally myself. "mvn clean verify -Pbuild" will build all simrel locally. It can take a while :-) I don't have a way to do that on Eclipse CI. (In reply to Christian Dietrich from comment #7) > so the dependencies feature does not seem to needed for the plugins only That makes sense - we would need to repackage the xpand p2 repo to exclude that feature and then contribute that p2 repo to simrel instead.
i saw there are aggrcon files with <bundles name="org.eclipse.wtp.jee.capabilities" versionRange="1.0.100.v201005102000"/>
(In reply to Christian Dietrich from comment #12) > i saw there are aggrcon files with > <bundles name="org.eclipse.wtp.jee.capabilities" > versionRange="1.0.100.v201005102000"/> Good idea - it may be easier to just list all the contents of the features and exclude the features themselves in the .aggrcon files.
experiment: https://git.eclipse.org/r/c/simrel/org.eclipse.simrel.build/+/191159
see also https://github.com/eclipse/xtext/issues/2042
Gerrit change https://git.eclipse.org/r/c/simrel/org.eclipse.simrel.build/+/191159 was merged to [master]. Commit: http://git.eclipse.org/c/simrel/org.eclipse.simrel.build.git/commit/?id=6a1ebbd396210d70733cee01845f99a9a4acc8ba
(In reply to Eclipse Genie from comment #16) > Gerrit change > https://git.eclipse.org/r/c/simrel/org.eclipse.simrel.build/+/191159 was > merged to [master]. > Commit: > http://git.eclipse.org/c/simrel/org.eclipse.simrel.build.git/commit/ > ?id=6a1ebbd396210d70733cee01845f99a9a4acc8ba Note that this commit does not fix the problem - it merely works around it for SimRel by keeping out the log4j dependency.
