v1.11.0

What's Changed

New features

• Reproducible Builds #213

Bug Fixes

• Reproducible build - sorted javax.inject.Named #221

Maintenance

• Tests cleanup and improvement #212
• RoundRobinRouterPlaner IT to Unit test #223
• pom cleanup, coverage badge #224

Dependency updates

• Bump mockito-testng from 0.1.1 to 0.2.0 #209
• Bump mockito-testng from 0.2.0 to 0.2.2 #210
• Bump guava from 30.0-jre to 30.1-jre #211
• Bump bcpg-jdk15on from 1.67 to 1.68 #214
• Bump parent from 2.7.1 to 2.9.0 #217
• Bump maven-artifact-transfer from 0.12.0 to 0.13.1 #215
• Bump parent from 2.9.0 to 2.10.0 #218
• Bump mockito-testng from 0.2.2 to 0.2.3 #219
• Bump slf4j-mock from 2.0.0 to 2.1.0 #220
• Bump mockito-core from 3.6.28 to 3.7.0 #222

Thanks

Many thanks for collaboration on this release for: @slawekjaranowski

v1.10.1

What's Changed

Bug Fixes

• Fix zero padded key validation. #200 #201
• Broken key file in cache should be refreshed #203
• Broken key file from server should be refreshed #204

Maintenance

• Include invalid key in error message. #206

Dependency updates

• Bump mockito-core from 3.6.0 to 3.6.28 #197
• Bump slf4j-mock from 1.0.4 to 2.0.0 #198
• Bump jackson.version from 2.11.3 to 2.12.0 #199

Thanks

Many thanks for collaboration on this release for: @pavelhoral

v1.10.0

What's Changed

New features

• PGPShowMojo - Show information about artifact signature. #178

Maintenance

• JSR-330 #174
• Addressing Sonar issues #180
• Fix Sonar issues #185
• Build by Github Action #189
• Use Maven Site configuration from parent project #195

Dependency updates

• Bump mockito-core from 3.3.3 to 3.4.0 #137
• Bump mockito-core from 3.4.0 to 3.4.4 #140
• Bump commons-lang3 from 3.10 to 3.11 #138
• Bump bcpg-jdk15on from 1.65 to 1.66 #133
• Bump mockserver-netty from 5.10 to 5.11.1 #142
• Bump snakeyaml from 1.24 to 1.26 #143
• Bump jackson.version from 2.10.2 to 2.11.1 #144
• Bump mockito-core from 3.4.4 to 3.4.6 #145
• Bump jackson.version from 2.11.1 to 2.11.2 #147
• Bump actions/checkout from v2.3.1 to v2.3.2 #148
• Bump mockito-core from 3.4.6 to 3.5.2 #150
• Bump assertj-core from 3.16.1 to 3.17.0 #151
• Bump mockito-core from 3.5.2 to 3.5.7 #154
• Bump assertj-core from 3.17.0 to 3.17.1 #155
• Bump mockito-core from 3.5.7 to 3.5.10 #158
• Bump snakeyaml from 1.26 to 1.27 #162
• Bump assertj-core from 3.17.1 to 3.17.2 #160
• Bump s4u/maven-settings-action from v2.1.0 to v2.1.1 #159
• Bump mockito-core from 3.5.10 to 3.5.11 #163
• Bump actions/checkout from v2.3.2 to v2.3.3 #164
• Bump httpclient from 4.5.12 to 4.5.13 #167
• Bump resilience4j-retry from 1.5.0 to 1.6.0 #168
• Bump commons-codec from 1.14 to 1.15 #170
• Bump commons-io from 2.7 to 2.8.0 #171
• Bump resilience4j-retry from 1.6.0 to 1.6.1 #172
• Bump mockito-core from 3.5.11 to 3.5.13 #165
• Bump jackson.version from 2.11.2 to 2.11.3 #166
• Bump slf4j-mock from 1.0.2 to 1.0.3 #173
• Bump s4u/maven-settings-action from v2.1.1 to v2.2.0 #175
• Bump mockito-core from 3.5.13 to 3.5.15 #177
• Bump guava from 29.0-jre to 30.0-jre #176
• Bump assertj-core from 3.17.2 to 3.18.0 #181
• Bump lombok from 1.18.12 to 1.18.16 #183
• Bump mockito-core from 3.5.15 to 3.6.0 #184
• Bump parent from 2.6.0 to 2.6.1 #182
• Bump actions/checkout from v2.3.3 to v2.3.4 #187
• Bump bcpg-jdk15on from 1.66 to 1.67 #186
• Bump parent from 2.6.1 to 2.7.0 #190
• Bump assertj-core from 3.18.0 to 3.18.1 #191
• Bump slf4j-mock from 1.0.3 to 1.0.4 #192
• Bump mockserver-netty from 5.11.1 to 5.11.2 #188
• Bump parent from 2.7.0 to 2.7.1 #193
• Bump jakarta.xml.bind-api from 2.3.3 to 3.0.0 #194

Thanks

Many thanks for collaboration on this release for: @singloon

v1.9.0

New features

• Report duration of artifact resolution, download and signature validation phases. #111
• Dependabot on GitHub #115
• Extract signature form pgp message #120
• Checksumming #119
• Add hkps://keyserver.ubuntu.com to default key servers #122
• Use Issuer Fingerprint signature subpacket to obtain key fingerprint #86

Deprecated feature

• deprecates strictNoSignature #129

Improvements / bug fixes

• Key not found - shouldn't break verification #113
• Show, fix and start failing on compiler warnings. #109
• Broken signature - shouldn't break verification #114
• Separate weak-algorithm logic into utility and private method. #112
• Misc small improvements and simplifications #121
• Multiple key servers brake noKey feature #126
• verifyPluginDependencies should enable verifyPlugins #128

Dependency updates

• Bump vavr from 0.10.2 to 0.10.3 #108
• Bump plexus-classworlds from 2.5.2 to 2.6.0 #107
• Bump s4u/maven-settings-action from v2 to v2.1.0 #117
• Bump actions/cache from v1 to v2 #116
• Bump resilience4j-retry from 1.4.0 to 1.5.0 #118
• Bump actions/checkout from v2 to v2.3.1 #123, #124
• Bump parent from 2.5.0 to 2.6.0 #125
• Bump slf4j-mock from 1.0.1 to 1.0.2 #127

Thanks

Many thanks for collaboration on this release for: @cobratbq

v1.8.0

New features

• Add packaging to GAV in key map #82
• Extend key map for special case with signature #83
• Inherit proxy configuration from Maven #24, #93
• Validate transitive closure of dependencies of build plug-ins and atypical dependencies #59, #80
• Detect maven-surefire-plugin dynamic dependency loading #106

Improvements / bug fixes

• Verify build and running on jdk 8, 11, 14 - remove jdk 13
• Rename pom in IT tests - in order to prevent scanning test pom by automatic tools
• Concurrent cache access on windows #92, #110
• Emit warning for missing keysmap #99
• Fix control flow error and use catch-syntax for instance checking #101

Dependency updates

• httpclient from 4.5.11 to 4.5.12
• mockito-core from 3.3.0 to 3.3.3
• guice from 4.2.2 to 4.2.3
• mockserver-netty from 5.9.0 to 5.10
• commons-lang3 from 3.9 to 3.10
• parent pom from 2.4.4 to 2.5.0
• bcpg-jdk15on from 1.64 to 1.65
• guava from 28.2-jre to 29.0-jre
• resilience4j-retry from 1.3.1 to 1.4.0
• assertj-core from 3.15.0 to 3.16.1
• upate maven-fluido-skin from 1.8 to 1.9

Thanks

Many thanks for collaboration on this release for: @cobratbq, @fabianfrz, @pzygielo

v1.7.0

New features

• Add reporting plugins to artifact validation list when 'verifyPlugins' #79
• Support for multiple keyserver #78

Improvements / bug fixes

• Invalid UTF-8 chars in pgp uid #61
• Recommends master key for adding instead of subkey #60
• Improve verification of subkey signature #72, #73, #74
• Verify build and running on linux, win, mac, jdk 8, 11, 13

Dependency updates

• mockito-core from 3.2.0 to 3.2.4
• guava from 20.0 to 28.2-jre
• slf4j from 1.7.29 to 1.7.30
• resilience4j-retry from 1.2.0 to 1.3.1
• httpclient from 4.5.10 to 4.5.11
• guice from 4.1.0 to 4.2.2
• mockito-core from 3.2.4 to 3.3.0
• testng from 7.0.0 to 7.1.0

Thanks

Many thanks for collaboration on this release for: @cobratbq @pzygielo @ruud-de-jong

v1.6.0

• #53 warning during artifact signature download
• #54 Validate dependencies of build plug-ins
• #56 Add all build plug-in dependencies to the artifacts list whenever build plugins are validated
• #57 Remove excessive newline for error log entry
• #58 Validate annotation processors in maven-compiler-plugin
• #30 Can't specify master key fingerprint in keys map file if sub key is used for signing
• confirm working on java 13
• confirm working ECDSA key

v1.5.1

• improvement of retry mechanism for pgp keys download
• ignore checksum during pgp signature resolving

v1.5.0

• required maven 3.5 or newer
• moved build from travis.org to travis.com
• #44 Add parameter 'strictNoSignature' to make missing signatures explicit in keys map
• #43 Make pgpverify-maven-plugin thread-safe
• #5 Also verify the pgp signatures of maven plugins
• support multiline in keys map
• support maven version range syntax in keys map

https://github.com/s4u/pgpverify-maven-plugin/milestone/4?closed=1

v1.4.0

• #40 "quiet" flag to reduce noise on successful builds
• sonarcloud.io for static code analysis
• build and run on Java 11
• required minimum Java 8 for build and run