Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Uses deprecated maven components #589

Closed
Bananeweizen opened this issue May 18, 2023 · 8 comments
Closed

Uses deprecated maven components #589

Bananeweizen opened this issue May 18, 2023 · 8 comments

Comments

@Bananeweizen
Copy link

Use Maven 3.9.2. Run mvn help:help -Dmaven.plugin.validation=VERBOSE on any project using the spotbugs-maven-plugin to see these warnings:

[WARNING]  * com.github.spotbugs:spotbugs-maven-plugin:4.7.3.4
...
[WARNING]   Plugin issue(s):
[WARNING]    * Plugin depends on plexus-container-default, which is EOL

For reference, please check the last item of https://maven.apache.org/docs/3.9.2/release-notes.html#notable-new-features

@hazendaz
Copy link
Member

Thanks! I plan to look at this as soon as possible. If you or anyone reading this knows how to fix the issue, would love to get a PR :)

@basil
Copy link

basil commented May 29, 2023

Suggest the following patch:

diff --git a/pom.xml b/pom.xml
index b1d326b..4931f85 100644
--- a/pom.xml
+++ b/pom.xml
@@ -363,12 +363,6 @@
       <groupId>org.apache.maven.reporting</groupId>
       <artifactId>maven-reporting-impl</artifactId>
       <version>${mavenReportingVersion}</version>
-      <exclusions>
-        <exclusion>
-          <groupId>org.codehaus.plexus</groupId>
-          <artifactId>plexus-container-default</artifactId>
-        </exclusion>
-      </exclusions>
     </dependency>
 
     <dependency>
@@ -443,6 +437,10 @@
           <groupId>commons-logging</groupId>
           <artifactId>commons-logging</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.codehaus.plexus</groupId>
+          <artifactId>plexus-container-default</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
@@ -494,6 +492,12 @@
       <groupId>org.apache.maven.doxia</groupId>
       <artifactId>doxia-integration-tools</artifactId>
       <version>${doxiaSiteToolsVersion}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>org.codehaus.plexus</groupId>
+          <artifactId>plexus-container-default</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <!-- Commons -->
@@ -551,27 +555,10 @@
     </dependency>
 
     <!-- plexus -->
-    <dependency>
-      <groupId>org.codehaus.plexus</groupId>
-      <artifactId>plexus-container-default</artifactId>
-      <version>${plexusContainerVersion}</version>
-      <exclusions>
-          <exclusion>
-              <groupId>com.google.collections</groupId>
-              <artifactId>google-collections</artifactId>
-          </exclusion>
-      </exclusions>
-    </dependency>
     <dependency>
       <groupId>org.codehaus.plexus</groupId>
       <artifactId>plexus-resources</artifactId>
       <version>${plexusResourcesVersion}</version>
-      <exclusions>
-        <exclusion>
-          <groupId>org.codehaus.plexus</groupId>
-          <artifactId>plexus-container-default</artifactId>
-        </exclusion>
-      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.codehaus.plexus</groupId>
-- 
2.34.1

@acearth
Copy link

acearth commented Jun 17, 2023

Same warning message got , hope you can solve it ASAP

@hazendaz
Copy link
Member

its more complicated than expected. maven also has this same problem on many of their own plugins still. Its a warning for now and nothing to be overtly concerned on yet. It will only matter when maven 4.0 lands which I sort of doubt is this year. The warnings themselves will go away by default with maven 3.9.3 (at least current plan) so that users are not being hit with warnings they cannot do anything about. I think for the most part all the various plugins getting these issues already got notified.

If anyone wants to try to tackle this and raise PR great! If not, it may be a while as I don't have the time right now as I'm also restoring long dead plugins that are still in use to work with maven 4 as well as other project work and this isn't that critical.

@hazendaz
Copy link
Member

@basil If you think that works, please raise a PR to confirm. I doubt that will resolve the issue though given physical code actually has to change and that seems to be trying to rig it if the code doesn't matter. There is deprecated code in this from maven standpoint that actually has to change. You may get slightly newer items in use possibly that way but still...needs coding.

@basil
Copy link

basil commented Jun 17, 2023

I tested the suggested patch, and I know that it works. Sorry, but I am not interested in submitting a pull request.

@hazendaz
Copy link
Member

hazendaz commented Jun 19, 2023

@basil Suggested fix only allowed same library to be used. I've entirely removed it. I had nothing direct on it and after reviewing maven internals, it appears to all have come from the logging api and the logging api doesn't appear to use it at all and parts of doxia that do appear to inject to get a logger during tests. All integration tests without it seem to have no issues. I've also built an additional github actions to run maven 4. I have not merged this up yet but will be shortly and will close after done.

My other reference to deprecated items that need replaced while accurate, are from a separate problem. I've further cleaned up exclusions and fixed a number of CVEs since spotbugs has yet to release for some time. As long as all my builds go ok, I will be also shortly releasing this as it is for now. For the most part if doxia really needs the portion of code, version 4 would not and its possible more of this needs in a provided based scope but did so much here I think its worth getting out and see how this goes.

@hazendaz
Copy link
Member

resolved, closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants