chore(deps): bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3#3
Closed
dependabot[bot] wants to merge 63 commits into
Closed
Conversation
Bulk rename of all Java packages, directory structure, pom.xml groupIds, module-info.java module names, Gradle configs, and documentation references from com.dylibso.chicory to run.endive as part of the Chicory -> Endive fork transition for the Bytecode Alliance. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update META-INF/services/javax.annotation.processing.Processor and approval test golden files from com.dylibso.chicory to run.endive. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
NOTICE credits Chicory by Dylibso as the original project. CODE_OF_CONDUCT.md links to the Bytecode Alliance Code of Conduct. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add Bytecode Alliance hosted project branding - Add fork attribution to Chicory/Dylibso (Pekko-style) - Rephrase goals: position as default JVM Wasm runtime, remove hedging language and non-goals section - Update all links to endive.run - Consolidate roadmap into completed/ongoing sections - Keep press and adopters sections as historical record Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- SECURITY.md: reference Endive and bytecodealliance/endive - CONTRIBUTING.md: rename Chicory references to Endive - CODEOWNERS: add automatic reviewer assignment - ADOPTERS.md: extract adopter list from README Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Root pom.xml: update organization to Bytecode Alliance, SCM to bytecodealliance/endive, developer info, URLs - All child poms: update parent artifactId from chicory to endive - Rename module display names from Chicory to Endive - Rename chicory-compiler-maven-plugin to endive-compiler-maven-plugin - Rename chicory.test/chicory.testing packages to endive.test/endive.testing - Update goal prefix, CLI program names, and system properties Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- release.yaml: update bot identity to Endive BOT - perf.yaml: update nightly.link URLs to bytecodealliance/endive - nightly.yaml, zig-testsuite.yaml: update repository_owner checks - scripts/build-jmh-main.sh: update clone URL - scripts/build-zig-testsuite.sh: update source parameter - scripts/compile-resources.sh: update container image name - wasm-corpus/run.sh: update docker image name Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add all Endive logo variants to logos/ directory - Create transparent-background versions of all logos - Add endive.png for README and docs - Remove old chicory1.png logo files - Update AGENT.md from Chicory to Endive Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- docusaurus.config.ts: update title, tagline, URL (endive.run), org (bytecodealliance), project name, social card, navbar, footer - docs/docs/*.md: rename Chicory to Endive throughout usage docs - docs/src: update homepage features and logo reference - docs/docs/experimental/cli.md: update GitHub API URL Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Rename ChicoryCompilerGenMojo to EndiveCompilerGenMojo - Update Android gradle libs.versions.toml aliases - Update system properties: chicory.* -> endive.* - Update logger names from chicory to endive - Update CLI program names in Picocli annotations - Update default generated-sources/resources paths - Rename fuzz TestResult field from chicoryResult to endiveResult Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- android-tests/README.md: rename Chicory to Endive throughout - jmh/README.md: update project name and docker image - wasi/README.md: update docs link to endive.run Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Point to bytecodealliance.zulipchat.com #endive stream instead of the old chicory.zulipchat.com instance. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Rename the base exception class to WasmEngineException to make the distinction explicit: WasmEngineException is for errors raised by the engine itself, while WasmException (unchanged) represents Wasm-level tagged exceptions from the exception-handling proposal. Also rename ChicoryInterruptedException -> WasmInterruptedException. Add Javadoc comments to all exception classes documenting their semantics and whether they correspond to Wasm spec error categories: - MalformedException: Wasm spec parsing error - InvalidException: Wasm spec validation error - UnlinkableException: Wasm spec linking error - UninstantiableException: Wasm spec instantiation error - TrapException: Wasm spec runtime trap - WasmRuntimeException: engine-specific compiled code error - WasmInterruptedException: host-initiated interruption - ExecutionCompletedException: WASI proc_exit(0) signal - WasiExitException: WASI proc_exit with exit code Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Rename ChicoryRunner to DefaultRunner (internal fuzz test runner) - Rename getChicoryResult() -> getEngineResult() for clarity - Rename endiveResult field -> engineResult for consistency Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- CLI header: "Chicory build-time compiler" -> "Endive build-time compiler" - CompilerInterpreterMachine debug output: "Chicory:" -> "Endive:" - ci.yaml step name: "Build Chicory" -> "Build Endive" - WASI approval test: "Hello, Chicory!" -> "Hello, Endive!" - cli/README.md and fuzz/README.md: Chicory -> Endive Zero remaining Chicory references in Java source code. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Document all breaking changes for users migrating from Chicory: Maven coordinates, package names, exception class renames, Maven plugin changes, system properties, CLI binaries, and logger name. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…e Team Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Follow the same pattern as Wasmtime: reference the BA security policy for disclosure procedures and notifications, provide a direct link to the vulnerability reporting form, and mention the CVE request process. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Validate that all dependencies use licenses allowed by the Bytecode Alliance (Apache-2.0, MIT, BSD-2/3-Clause, ISC, MPL-2.0, etc.). Runs during the validate phase and fails the build on violations. Skipped in dev and quickly profiles. Required by BA governance: "All projects must automatically ensure that licensing requirements of dependencies are met in CI." Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Scan dependencies for known CVEs nightly. Fails on CVSS >= 7. Reports uploaded as build artifacts for 30 days. Required by BA governance: "All projects must follow a well-documented process for updating dependencies and auditing them for malicious supply-chain attacks." Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Color scheme: olive green (#4a6b2a light, #8bb86a dark) matching the Endive logo palette. Dark footer (#1a2e1a) - Logos: transparent hex logos for navbar, trimmed hero images with CSS filter for dark mode (invert + hue-rotate), new favicon cropped to cup+leaves icon only - Front page: ThemedImage hero with light/dark variants, subtitle, Get Started + GitHub buttons - Feature icons: custom SVGs (package box, shield, puzzle piece) using currentColor for theme adaptation - Docusaurus config: dark logo variant, updated redirects for restructured docs, Bytecode Alliance footer Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Reorganize the flat usage/ directory into focused sections: - getting-started/: installation guide (from bom.md) - core/: host-functions, memory, linking, execution-modes - execution/: runtime-compiler, build-time-compiler, compiler-cache - wasi/: promoted to top-level (from usage/wasi.md) - annotations/: promoted to top-level (from usage/annotations.md) - advanced/: cpu-limits, simd, tools, logging, memory-customization Update all internal cross-references, writeResult paths, and approval test files to match new directory structure. Add client-side redirects for all old paths. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New security section based on threat model analysis (chicory#1118): - security/overview.md: Wasm sandbox model, trust boundary diagram, known limitations - security/best-practices.md: host function safety, WASI sandboxing, resource limits, compiler security, supply chain Inline security callouts added to: - wasi: path traversal warning - host-functions: sandbox boundary warning - cpu-limits: infinite loop DoS warning - runtime-compiler: verification + resource limits - build-time-compiler: trust warning - compiler-cache: cache poisoning warning - cli: insecure defaults warning Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Blog: update authors (remove Dylibso affiliations), add endive tag, mark all Chicory-era posts as unlisted, add missing tags - Migration: add docs/migration/from-chicory.md documenting all breaking changes (coordinates, packages, exceptions, properties, plugin, CLI, logger). Remove root MIGRATING.md - README: link to ADOPTERS.md, remove Meet the Team, replace AOT with build-time in roadmap Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- compiler template: update com/dylibso/chicory to run/endive in ApprovalTest.verifyLotsOfArgs.approved.template - android-tests: rename CHICORY_REPO env var to ENDIVE_REPO Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use long arithmetic in checkBounds to prevent signed integer overflow when addr + size exceeds Integer.MAX_VALUE. Without this fix, the bounds check silently passes and subsequent operations throw unhandled NullPointerException or ArrayIndexOutOfBoundsException. Affects both ByteArrayMemory and ByteBufferMemory. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Both copy branches read the Instance from destination indices instead of source indices. Forward branch read src.instance(d) instead of src.instance(s). Backward branch read src.instance(d+i) instead of src.instance(s+i). This corrupts table entries and can cause ArrayIndexOutOfBoundsException when d+i >= src.size(). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use long arithmetic for offset + size to prevent silent overflow. When offset + size exceeds Integer.MAX_VALUE, the bounds check now correctly traps instead of silently succeeding as a no-op. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Front page: - Use logo_plus_text hero images with dark/light variants - Trim all logos to remove excess whitespace - Remove hero--primary class, use clean background - Add GitHub button alongside Get Started - Better meta title and description Features section: - "Zero Native Dependencies" — no JNI, single JAR - "Sandboxed by Default" — isolated execution - "Drop-in Integration" — single Maven dependency - Replace old SVG icons with emoji icons Footer: - Override dark footer background to match green theme (#1a2e1a) Blog: - Mark all Chicory-era blog posts as unlisted (hidden from listing but still accessible via direct link) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The dark logo variants don't survive background removal (text and leaf interiors were the dark background color). Use the light logo for both themes instead. Add a subtle white backdrop behind the hero image in dark mode for contrast. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use Docusaurus ThemedImage to swap between light and dark hero logos. The dark variant keeps its original dark background (blends with the dark theme page) and has white text that's actually readable. Remove the rgba backdrop hack. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The dark logo source was square (1254x1254) causing a large box. Crop to 60% height and trim to match the light hero's horizontal layout (now 1254x752 vs 878x363). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New SVG icons matching the logo's line-art style: - Zero Dependencies: cup with leaves and "0" badge - Sandboxed: locked pot with leaves - Drop-in Integration: cup + plant with arrow - SVGs use currentColor for automatic theme adaptation - Dark mode hero: use CSS filter (brightness/contrast) on the light logo instead of a separate dark image with opaque background - Remove old generic SVG icons (zero-deps, wrench, helmet) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Zero Dependencies: package box with checkmark - Sandboxed by Default: shield with checkmark - Drop-in Integration: puzzle pieces connecting Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace CSS filter hack with a proper dark hero image. The logo background color is replaced with the exact Docusaurus dark theme background (#1b1b1d) so it blends seamlessly. Green text and gold cup are clearly visible. Horizontal crop matches light variant. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The hero section uses --ifm-background-surface-color (#242526) in dark mode, not --ifm-background-color (#1b1b1d). Updated the dark hero image background to #242526 so it blends seamlessly. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Resize dark hero to exact same 878x363 as light. Replace all background pixels with #1b1b1d (--ifm-background-color in dark mode) so there are no visible edges. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Trim and scale dark hero content to fill the same 878x363 canvas edge-to-edge, matching the light variant's content size. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use the same transparent light hero image for both themes. Apply CSS filter: invert(0.85) hue-rotate(180deg) in dark mode to adapt colors automatically. This guarantees identical layout and sizing between light and dark modes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- compiler template: update com/dylibso/chicory to run/endive in ApprovalTest.verifyLotsOfArgs.approved.template - android-tests: rename CHICORY_REPO env var to ENDIVE_REPO - security/overview.md: fix trust boundary diagram alignment, replace AOT with build-time - README: replace AOT with build-time in roadmap Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Move .result files to match new directory structure - Rename approval .approved.txt files to match new doc paths - Update all writeResult() paths in embedded Java snippets - Add writeResult snippets to new pages (security, migration) - Create approval files for new pages - Mark illustrative code in best-practices.md with title attribute so jbang doesn't try to compile them - Clean up stale docs/usage/ directory All 22 tests pass. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add deploy-docs workflow that builds the Docusaurus site and deploys to GitHub Pages on push to main. Add CNAME file for custom domain. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Merge the initial BA template commit, adopting the full Contributor Covenant Code of Conduct. All other files (LICENSE, CONTRIBUTING, README, SECURITY, .gitignore) retain existing Endive-specific content. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bumps [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) from 3.6.2 to 3.6.3. - [Release notes](https://github.com/apache/maven-enforcer/releases) - [Commits](apache/maven-enforcer@enforcer-3.6.2...enforcer-3.6.3) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-enforcer-plugin dependency-version: 3.6.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
Contributor
Author
|
Looks like org.apache.maven.plugins:maven-enforcer-plugin is up-to-date now, so this is no longer needed. |
dependabot
Bot
deleted the
dependabot/maven/org.apache.maven.plugins-maven-enforcer-plugin-3.6.3
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3.
Release notes
Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.
Commits
c7daff3[maven-release-plugin] prepare release enforcer-3.6.3ee46e78Make bannedDependencies report root and transitive dependency in case both ar...0806924Document the banMavenDefaults option for the requirePluginVersions rule. (#936)8e4f5b9Add better enforceBytecodeVersion rule based on mojohaus (#968)fd4b148Add fix for 21.0.10.0.1 issue (#967)f32d597Deps: Parent POM 48 and align deps (#979)df0f2a6Bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#976)2da7a68Add null checks for modelId in PluginWrapper91eb4d9Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#975)b622245Bump mavenVersion from 3.9.14 to 3.9.15 (#973)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)