search

sbmlteam / jsbml

JSBML is a community-driven project to create a free, open-source, pure Java™ library for reading, writing, and manipulating SBML files (the Systems Biology Markup Language) and data streams. It is an alternative to the mixed Java/native code-based interface provided in libSBML.
https://sbml.org/software/jsbml/
GNU Lesser General Public License v2.1
37 stars 24 forks source link

no update on maven #232

Closed lcottret closed 2 years ago

lcottret commented 2 years ago

Dear Jsbml team,

Thanks for updating log4j on the master ! But, the problem is that the package in maven has not changed since 2020. Do you plan to update the maven package so that it includes all the vulnerability fixes ?

Regards, Ludo Cottret

lcottret commented 2 years ago

Another idea, already mentioned in the issues : use another library then log4j that causes a lot of problems when we integrate it in other packages...

draeger commented 2 years ago

Yes, that is correct. We should create a new release very soon! Thanks for pointing that out.

draeger commented 2 years ago

A new snapshot release is available from Maven now. A new stable release will follow.

draeger commented 2 years ago

To use the current snapshot, please use

<dependency>
  <groupId>org.sbml.jsbml</groupId>
  <artifactId>jsbml</artifactId>
  <version>1.6-SNAPSHOT</version>
</dependency>
lcottret commented 2 years ago

Great ! Thanks.

lcottret commented 2 years ago

Note : I had to add this to my pom.xml to find the dependency :

`

dependency-snapshots-repo https://oss.sonatype.org/content/repositories/snapshots false true 
</repositories>`
lcottret commented 2 years ago

I hope that the stable release will follow soon : we can't publish our package in maven central with non released dependencies. Maybe for Christmas day :-) ?

lcottret commented 2 years ago

Hi, Happy new year ! I repeat my request: could you publish the current release to the maven central repository please ?

niko-rodrigue commented 2 years ago

Hi, Happy new year ! I repeat my request: could you publish the current release to the maven central repository please ?

Happy new year, yes we are doing that at the moment. Trying to setup @draeger so that he can do the full release cycle and knows all the steps. There is currently an error when uploading to maven central that is not present when doing snapshot, we are looking into it. Hopefully, the release should be done this week. We will update the ticket as soon as it is ready to try.

draeger commented 2 years ago

@lcottret I am working on it. There was an error message that we could not solve yet. The problem is in one of the many SBML extension packages that could not successfully be uploaded to Maven (we don't know yet why that is happening) but since the processs is transactional it can only be completed when the entire package is successfully submitted. In other words, one package crashes everything. We are looking for the error as we speak.

lcottret commented 2 years ago

Thanks @niko-rodrigue and @draeger . I sympathize with you, publishing in maven central is often a nightmare !

draeger commented 2 years ago

This is now solved with release 1.6.1.

lcottret commented 2 years ago

Thanks for this new release !