You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@maven.apache.org by Henning Schmiedehausen <he...@schmiedehausen.org> on 2023/05/19 05:27:50 UTC
maven 3.9.x warnings
From maven 3.9.2:
[WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
[WARNING] Declared at location(s):
[WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line 145
[WARNING] Used in module(s):
[WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
[WARNING] Plugin issue(s):
[WARNING] * Plugin should declare these Maven artifacts in `*provided*`
scope: [
org.apache.maven:maven-artifact:3.8.4,
org.apache.maven:maven-settings-builder:3.8.4,
org.apache.maven:maven-repository-metadata:3.8.4,
org.apache.maven:maven-builder-support:3.8.4,
org.apache.maven:maven-core:3.8.4,
org.apache.maven:maven-resolver-provider:3.8.4,
org.apache.maven:maven-settings:3.8.4,
org.apache.maven:maven-plugin-api:3.8.4,
org.apache.maven:maven-model-builder:3.8.4,
org.apache.maven:maven-model:3.8.4]
From the plugin project itself, on the 1.0.1 tag:
❯ mvn dependency:list -pl :inline-maven-plugin | grep provided | sort
[...]
[INFO] org.apache.maven:maven-artifact:jar:3.8.4:*provided* -- module
maven.artifact (auto)
[INFO] org.apache.maven:maven-builder-support:jar:3.8.4:*provided* --
module maven.builder.support (auto)
[INFO] org.apache.maven:maven-core:jar:3.8.4:*provided* -- module
maven.core (auto)
[INFO] org.apache.maven:maven-model-builder:jar:3.8.4:*provided* --
module maven.model.builder (auto)
[INFO] org.apache.maven:maven-model:jar:3.8.4:*provided* -- module
maven.model (auto)
[INFO] org.apache.maven:maven-plugin-api:jar:3.8.4:*provided* -- module
maven.plugin.api (auto)
[INFO] org.apache.maven:maven-repository-metadata:jar:3.8.4:*provided*
-- module maven.repository.metadata (auto)
[INFO] org.apache.maven:maven-resolver-provider:jar:3.8.4:*provided* --
module maven.resolver.provider (auto)
[INFO] org.apache.maven:maven-settings-builder:jar:3.8.4:*provided* --
module maven.settings.builder (auto)
[INFO] org.apache.maven:maven-settings:jar:3.8.4:*provided* -- module
maven.settings (auto)
[...]
Sorry, folks, I got nothing.
Maven 3.9.2 complains that the inline plugin needs to declare
<dependencies> in *provided* scope. A build user might report that to their
build engineer or report it to the plugin author.
As the plugin author, my plugin in the version 1.0.1 *DOES* declare every
single dependency that maven warns about in *provided* scope.
There is literally *nothing* that I can do. Neither as build user, nor as
build engineer, nor as plugin author.
I don't get it. What *is* the point? Really interested to learn *why* the
maven team has chosen to go down this path.
-h
Re: maven 3.9.x warnings
Posted by Tamás Cservenák <ta...@cservenak.net>.
3rd PR:
https://github.com/apache/maven/pull/1114
On Fri, May 19, 2023 at 3:03 PM Jeremy Landis <je...@hotmail.com>
wrote:
> I think the warnings in general have thus far been a good thing. The
> level of plugins reacting now and people reporting issues is very clear.
> I'd suspect this to die down in next month or two as these flush themselves
> out and really maven 3.9.x is all about journey to maven 4 so this IMO is
> kind of expected noise for the most part. There are definitely some
> improvements to be had in general though.
>
> -----Original Message-----
> From: Tamás Cservenák <ta...@cservenak.net>
> Sent: Friday, May 19, 2023 5:44 AM
> To: Maven Developers List <de...@maven.apache.org>
> Subject: Re: maven 3.9.x warnings
>
> FTR, issue (and PR linked to it)
> https://issues.apache.org/jira/browse/MNG-7786
>
> On Fri, May 19, 2023 at 11:35 AM Tamás Cservenák <ta...@cservenak.net>
> wrote:
>
> > Howdy,
> >
> > So, have a small local change, probably to go with 3.9.3.
> >
> > changes:
> > - message modified, it is now clear that it is "plugin descriptor"
> > that contains unwanted artifacts
> > - added new check that "checks reality", the plugin resolved
> > dependencies
> >
> > So, now messages on JDBI project look like this (two examples):
> >
> > [WARNING] * org.asciidoctor:asciidoctor-maven-plugin:2.2.3
> > [WARNING] Declared at location(s):
> > [WARNING] * org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml) @ line
> > 270
> > [WARNING] Used in module(s):
> > [WARNING] * org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml)
> > [WARNING] Plugin issue(s):
> > [WARNING] * Plugin should declare these Maven artifacts in `provided`
> > scope: [org.apache.maven:maven-core:3.0.5,
> > org.apache.maven:maven-plugin-api:3.0.5]
> > [WARNING] * Plugin descriptor should not contain these Maven
> artifacts:
> > [org.apache.maven:maven-model-builder:3.0.5,
> > org.apache.maven:maven-core:3.0.5,
> > org.apache.maven:maven-plugin-api:3.0.5,
> > org.apache.maven:maven-model:3.0.5,
> > org.apache.maven:maven-settings:3.0.5,
> > org.apache.maven:maven-artifact:3.0.5,
> > org.apache.maven:maven-repository-metadata:3.0.5,
> > org.apache.maven:maven-aether-provider:3.0.5,
> > org.apache.maven:maven-settings-builder:3.0.5]
> > [WARNING] * Plugin depends on plexus-container-default, which is EOL
> > [WARNING]
> > [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> > [WARNING] Declared at location(s):
> > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
> > 145
> > [WARNING] Used in module(s):
> > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> > [WARNING] Plugin issue(s):
> > [WARNING] * Plugin descriptor should not contain these Maven
> artifacts:
> > [org.apache.maven:maven-artifact:3.8.4,
> > org.apache.maven:maven-settings-builder:3.8.4,
> > org.apache.maven:maven-repository-metadata:3.8.4,
> > org.apache.maven:maven-builder-support:3.8.4,
> > org.apache.maven:maven-core:3.8.4,
> > org.apache.maven:maven-resolver-provider:3.8.4,
> > org.apache.maven:maven-settings:3.8.4,
> > org.apache.maven:maven-plugin-api:3.8.4,
> > org.apache.maven:maven-model-builder:3.8.4,
> > org.apache.maven:maven-model:3.8.4]
> >
> > Problems of asciidoctor-maven-plugin:2.2.3:
> > 1. does not declare scopes properly:
> > https://githu/
> > b.com%2Fasciidoctor%2Fasciidoctor-maven-plugin%2Fblob%2Fasciidoctor-ma
> > ven-plugin-2.2.3%2Fpom.xml%23L108-L117&data=05%7C01%7C%7Cb5a8f5bb7b844
> > cd2570308db584da53f%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63820
> > 0862731215175%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu
> > MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SYt1ID9TOd8rW
> > z2wrFGoIroD37NUNbmJmla%2Fyjo6g1M%3D&reserved=0
> > 2. plugin descriptor (META-INF/maven/plugin.xml) really contains all
> > the listed artifacts, reason is problem in bullet 1: they are not in
> > provided, hence in descriptor full transitive hull is present
> >
> > Problems of inline-maven-plugin:1.0.1
> > 1. descriptor contains WAY TOO MANY artifacts (due MPLUGIN-382)
> >
> >
> > Thanks
> > T
> >
> > On Fri, May 19, 2023 at 10:22 AM Tamás Cservenák <ta...@cservenak.net>
> > wrote:
> >
> >> Henning, your do have open option to go:
> >>
> >> in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2
> >> (suffers from
> >> https://issues.apache.org/jira/browse/MPLUGIN-382) to a more recent
> one.
> >>
> >> OTOH, this issue revealed a validation issue:
> >> - it relies on pluginDescriptor/dependencies to perform validation
> >> (that contains wrong entries due MPLUGIN-382)
> >> - we may want to validate the "reality" (plugin POM directly, instead
> >> of derived plugin descriptor that is built out of plugin POM at build
> >> time by maven-plugin-plugin, that may have bug as in this case)
> >>
> >> So, in this case we have an interesting situation:
> >> - your inline project POM is good
> >> - what is not good is bug in used m-plugin-p 3.6.2 (produces wrong
> >> plugin
> >> descriptor)
> >> - Maven 3.9.2 detects this (well, unwanted artifacts in there) and
> >> reports "plugin as wrong"
> >>
> >> Your option is to upgrade m-plugin-p to (possibly latest) version and
> >> release.
> >>
> >> Our option for the next Maven is probably to reconsider the data set
> >> we validate from.
> >>
> >> Thanks
> >> T
> >>
> >>
> >>
> >> On Fri, May 19, 2023 at 7:28 AM Henning Schmiedehausen <
> >> henning@schmiedehausen.org> wrote:
> >>
> >>> From maven 3.9.2:
> >>>
> >>> [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> >>> [WARNING] Declared at location(s):
> >>> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @
> line
> >>> 145
> >>> [WARNING] Used in module(s):
> >>> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> >>> [WARNING] Plugin issue(s):
> >>> [WARNING] * Plugin should declare these Maven artifacts in
> >>> `*provided*`
> >>> scope: [
> >>> org.apache.maven:maven-artifact:3.8.4,
> >>> org.apache.maven:maven-settings-builder:3.8.4,
> >>> org.apache.maven:maven-repository-metadata:3.8.4,
> >>> org.apache.maven:maven-builder-support:3.8.4,
> >>> org.apache.maven:maven-core:3.8.4,
> >>> org.apache.maven:maven-resolver-provider:3.8.4,
> >>> org.apache.maven:maven-settings:3.8.4,
> >>> org.apache.maven:maven-plugin-api:3.8.4,
> >>> org.apache.maven:maven-model-builder:3.8.4,
> >>> org.apache.maven:maven-model:3.8.4]
> >>>
> >>>
> >>> From the plugin project itself, on the 1.0.1 tag:
> >>>
> >>> ❯ mvn dependency:list -pl :inline-maven-plugin | grep provided |
> >>> sort [...]
> >>> [INFO] org.apache.maven:maven-artifact:jar:3.8.4:*provided* --
> module
> >>> maven.artifact (auto)
> >>> [INFO] org.apache.maven:maven-builder-support:jar:3.8.4:*provided*
> --
> >>> module maven.builder.support (auto)
> >>> [INFO] org.apache.maven:maven-core:jar:3.8.4:*provided* -- module
> >>> maven.core (auto)
> >>> [INFO] org.apache.maven:maven-model-builder:jar:3.8.4:*provided* --
> >>> module maven.model.builder (auto)
> >>> [INFO] org.apache.maven:maven-model:jar:3.8.4:*provided* -- module
> >>> maven.model (auto)
> >>> [INFO] org.apache.maven:maven-plugin-api:jar:3.8.4:*provided* --
> >>> module
> >>> maven.plugin.api (auto)
> >>> [INFO]
> org.apache.maven:maven-repository-metadata:jar:3.8.4:*provided*
> >>> -- module maven.repository.metadata (auto)
> >>> [INFO] org.apache.maven:maven-resolver-provider:jar:3.8.4:*provided*
> >>> --
> >>> module maven.resolver.provider (auto)
> >>> [INFO] org.apache.maven:maven-settings-builder:jar:3.8.4:*provided*
> --
> >>> module maven.settings.builder (auto)
> >>> [INFO] org.apache.maven:maven-settings:jar:3.8.4:*provided* --
> module
> >>> maven.settings (auto)
> >>> [...]
> >>>
> >>> Sorry, folks, I got nothing.
> >>>
> >>> Maven 3.9.2 complains that the inline plugin needs to declare
> >>> <dependencies> in *provided* scope. A build user might report that
> >>> to their build engineer or report it to the plugin author.
> >>>
> >>> As the plugin author, my plugin in the version 1.0.1 *DOES* declare
> >>> every single dependency that maven warns about in *provided* scope.
> >>>
> >>> There is literally *nothing* that I can do. Neither as build user,
> >>> nor as build engineer, nor as plugin author.
> >>>
> >>> I don't get it. What *is* the point? Really interested to learn
> >>> *why* the maven team has chosen to go down this path.
> >>>
> >>> -h
> >>>
> >>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
RE: maven 3.9.x warnings
Posted by Jeremy Landis <je...@hotmail.com>.
I think the warnings in general have thus far been a good thing. The level of plugins reacting now and people reporting issues is very clear. I'd suspect this to die down in next month or two as these flush themselves out and really maven 3.9.x is all about journey to maven 4 so this IMO is kind of expected noise for the most part. There are definitely some improvements to be had in general though.
-----Original Message-----
From: Tamás Cservenák <ta...@cservenak.net>
Sent: Friday, May 19, 2023 5:44 AM
To: Maven Developers List <de...@maven.apache.org>
Subject: Re: maven 3.9.x warnings
FTR, issue (and PR linked to it)
https://issues.apache.org/jira/browse/MNG-7786
On Fri, May 19, 2023 at 11:35 AM Tamás Cservenák <ta...@cservenak.net>
wrote:
> Howdy,
>
> So, have a small local change, probably to go with 3.9.3.
>
> changes:
> - message modified, it is now clear that it is "plugin descriptor"
> that contains unwanted artifacts
> - added new check that "checks reality", the plugin resolved
> dependencies
>
> So, now messages on JDBI project look like this (two examples):
>
> [WARNING] * org.asciidoctor:asciidoctor-maven-plugin:2.2.3
> [WARNING] Declared at location(s):
> [WARNING] * org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml) @ line
> 270
> [WARNING] Used in module(s):
> [WARNING] * org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml)
> [WARNING] Plugin issue(s):
> [WARNING] * Plugin should declare these Maven artifacts in `provided`
> scope: [org.apache.maven:maven-core:3.0.5,
> org.apache.maven:maven-plugin-api:3.0.5]
> [WARNING] * Plugin descriptor should not contain these Maven artifacts:
> [org.apache.maven:maven-model-builder:3.0.5,
> org.apache.maven:maven-core:3.0.5,
> org.apache.maven:maven-plugin-api:3.0.5,
> org.apache.maven:maven-model:3.0.5,
> org.apache.maven:maven-settings:3.0.5,
> org.apache.maven:maven-artifact:3.0.5,
> org.apache.maven:maven-repository-metadata:3.0.5,
> org.apache.maven:maven-aether-provider:3.0.5,
> org.apache.maven:maven-settings-builder:3.0.5]
> [WARNING] * Plugin depends on plexus-container-default, which is EOL
> [WARNING]
> [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> [WARNING] Declared at location(s):
> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
> 145
> [WARNING] Used in module(s):
> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> [WARNING] Plugin issue(s):
> [WARNING] * Plugin descriptor should not contain these Maven artifacts:
> [org.apache.maven:maven-artifact:3.8.4,
> org.apache.maven:maven-settings-builder:3.8.4,
> org.apache.maven:maven-repository-metadata:3.8.4,
> org.apache.maven:maven-builder-support:3.8.4,
> org.apache.maven:maven-core:3.8.4,
> org.apache.maven:maven-resolver-provider:3.8.4,
> org.apache.maven:maven-settings:3.8.4,
> org.apache.maven:maven-plugin-api:3.8.4,
> org.apache.maven:maven-model-builder:3.8.4,
> org.apache.maven:maven-model:3.8.4]
>
> Problems of asciidoctor-maven-plugin:2.2.3:
> 1. does not declare scopes properly:
> https://githu/
> b.com%2Fasciidoctor%2Fasciidoctor-maven-plugin%2Fblob%2Fasciidoctor-ma
> ven-plugin-2.2.3%2Fpom.xml%23L108-L117&data=05%7C01%7C%7Cb5a8f5bb7b844
> cd2570308db584da53f%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63820
> 0862731215175%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu
> MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SYt1ID9TOd8rW
> z2wrFGoIroD37NUNbmJmla%2Fyjo6g1M%3D&reserved=0
> 2. plugin descriptor (META-INF/maven/plugin.xml) really contains all
> the listed artifacts, reason is problem in bullet 1: they are not in
> provided, hence in descriptor full transitive hull is present
>
> Problems of inline-maven-plugin:1.0.1
> 1. descriptor contains WAY TOO MANY artifacts (due MPLUGIN-382)
>
>
> Thanks
> T
>
> On Fri, May 19, 2023 at 10:22 AM Tamás Cservenák <ta...@cservenak.net>
> wrote:
>
>> Henning, your do have open option to go:
>>
>> in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2
>> (suffers from
>> https://issues.apache.org/jira/browse/MPLUGIN-382) to a more recent one.
>>
>> OTOH, this issue revealed a validation issue:
>> - it relies on pluginDescriptor/dependencies to perform validation
>> (that contains wrong entries due MPLUGIN-382)
>> - we may want to validate the "reality" (plugin POM directly, instead
>> of derived plugin descriptor that is built out of plugin POM at build
>> time by maven-plugin-plugin, that may have bug as in this case)
>>
>> So, in this case we have an interesting situation:
>> - your inline project POM is good
>> - what is not good is bug in used m-plugin-p 3.6.2 (produces wrong
>> plugin
>> descriptor)
>> - Maven 3.9.2 detects this (well, unwanted artifacts in there) and
>> reports "plugin as wrong"
>>
>> Your option is to upgrade m-plugin-p to (possibly latest) version and
>> release.
>>
>> Our option for the next Maven is probably to reconsider the data set
>> we validate from.
>>
>> Thanks
>> T
>>
>>
>>
>> On Fri, May 19, 2023 at 7:28 AM Henning Schmiedehausen <
>> henning@schmiedehausen.org> wrote:
>>
>>> From maven 3.9.2:
>>>
>>> [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
>>> [WARNING] Declared at location(s):
>>> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
>>> 145
>>> [WARNING] Used in module(s):
>>> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
>>> [WARNING] Plugin issue(s):
>>> [WARNING] * Plugin should declare these Maven artifacts in
>>> `*provided*`
>>> scope: [
>>> org.apache.maven:maven-artifact:3.8.4,
>>> org.apache.maven:maven-settings-builder:3.8.4,
>>> org.apache.maven:maven-repository-metadata:3.8.4,
>>> org.apache.maven:maven-builder-support:3.8.4,
>>> org.apache.maven:maven-core:3.8.4,
>>> org.apache.maven:maven-resolver-provider:3.8.4,
>>> org.apache.maven:maven-settings:3.8.4,
>>> org.apache.maven:maven-plugin-api:3.8.4,
>>> org.apache.maven:maven-model-builder:3.8.4,
>>> org.apache.maven:maven-model:3.8.4]
>>>
>>>
>>> From the plugin project itself, on the 1.0.1 tag:
>>>
>>> ❯ mvn dependency:list -pl :inline-maven-plugin | grep provided |
>>> sort [...]
>>> [INFO] org.apache.maven:maven-artifact:jar:3.8.4:*provided* -- module
>>> maven.artifact (auto)
>>> [INFO] org.apache.maven:maven-builder-support:jar:3.8.4:*provided* --
>>> module maven.builder.support (auto)
>>> [INFO] org.apache.maven:maven-core:jar:3.8.4:*provided* -- module
>>> maven.core (auto)
>>> [INFO] org.apache.maven:maven-model-builder:jar:3.8.4:*provided* --
>>> module maven.model.builder (auto)
>>> [INFO] org.apache.maven:maven-model:jar:3.8.4:*provided* -- module
>>> maven.model (auto)
>>> [INFO] org.apache.maven:maven-plugin-api:jar:3.8.4:*provided* --
>>> module
>>> maven.plugin.api (auto)
>>> [INFO] org.apache.maven:maven-repository-metadata:jar:3.8.4:*provided*
>>> -- module maven.repository.metadata (auto)
>>> [INFO] org.apache.maven:maven-resolver-provider:jar:3.8.4:*provided*
>>> --
>>> module maven.resolver.provider (auto)
>>> [INFO] org.apache.maven:maven-settings-builder:jar:3.8.4:*provided* --
>>> module maven.settings.builder (auto)
>>> [INFO] org.apache.maven:maven-settings:jar:3.8.4:*provided* -- module
>>> maven.settings (auto)
>>> [...]
>>>
>>> Sorry, folks, I got nothing.
>>>
>>> Maven 3.9.2 complains that the inline plugin needs to declare
>>> <dependencies> in *provided* scope. A build user might report that
>>> to their build engineer or report it to the plugin author.
>>>
>>> As the plugin author, my plugin in the version 1.0.1 *DOES* declare
>>> every single dependency that maven warns about in *provided* scope.
>>>
>>> There is literally *nothing* that I can do. Neither as build user,
>>> nor as build engineer, nor as plugin author.
>>>
>>> I don't get it. What *is* the point? Really interested to learn
>>> *why* the maven team has chosen to go down this path.
>>>
>>> -h
>>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: maven 3.9.x warnings
Posted by Tamás Cservenák <ta...@cservenak.net>.
FTR, issue (and PR linked to it)
https://issues.apache.org/jira/browse/MNG-7786
On Fri, May 19, 2023 at 11:35 AM Tamás Cservenák <ta...@cservenak.net>
wrote:
> Howdy,
>
> So, have a small local change, probably to go with 3.9.3.
>
> changes:
> - message modified, it is now clear that it is "plugin descriptor" that
> contains unwanted artifacts
> - added new check that "checks reality", the plugin resolved dependencies
>
> So, now messages on JDBI project look like this (two examples):
>
> [WARNING] * org.asciidoctor:asciidoctor-maven-plugin:2.2.3
> [WARNING] Declared at location(s):
> [WARNING] * org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml) @ line
> 270
> [WARNING] Used in module(s):
> [WARNING] * org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml)
> [WARNING] Plugin issue(s):
> [WARNING] * Plugin should declare these Maven artifacts in `provided`
> scope: [org.apache.maven:maven-core:3.0.5,
> org.apache.maven:maven-plugin-api:3.0.5]
> [WARNING] * Plugin descriptor should not contain these Maven artifacts:
> [org.apache.maven:maven-model-builder:3.0.5,
> org.apache.maven:maven-core:3.0.5, org.apache.maven:maven-plugin-api:3.0.5,
> org.apache.maven:maven-model:3.0.5, org.apache.maven:maven-settings:3.0.5,
> org.apache.maven:maven-artifact:3.0.5,
> org.apache.maven:maven-repository-metadata:3.0.5,
> org.apache.maven:maven-aether-provider:3.0.5,
> org.apache.maven:maven-settings-builder:3.0.5]
> [WARNING] * Plugin depends on plexus-container-default, which is EOL
> [WARNING]
> [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> [WARNING] Declared at location(s):
> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
> 145
> [WARNING] Used in module(s):
> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> [WARNING] Plugin issue(s):
> [WARNING] * Plugin descriptor should not contain these Maven artifacts:
> [org.apache.maven:maven-artifact:3.8.4,
> org.apache.maven:maven-settings-builder:3.8.4,
> org.apache.maven:maven-repository-metadata:3.8.4,
> org.apache.maven:maven-builder-support:3.8.4,
> org.apache.maven:maven-core:3.8.4,
> org.apache.maven:maven-resolver-provider:3.8.4,
> org.apache.maven:maven-settings:3.8.4,
> org.apache.maven:maven-plugin-api:3.8.4,
> org.apache.maven:maven-model-builder:3.8.4,
> org.apache.maven:maven-model:3.8.4]
>
> Problems of asciidoctor-maven-plugin:2.2.3:
> 1. does not declare scopes properly:
> https://github.com/asciidoctor/asciidoctor-maven-plugin/blob/asciidoctor-maven-plugin-2.2.3/pom.xml#L108-L117
> 2. plugin descriptor (META-INF/maven/plugin.xml) really contains all the
> listed artifacts, reason is problem in bullet 1: they are not in provided,
> hence in descriptor full transitive hull is present
>
> Problems of inline-maven-plugin:1.0.1
> 1. descriptor contains WAY TOO MANY artifacts (due MPLUGIN-382)
>
>
> Thanks
> T
>
> On Fri, May 19, 2023 at 10:22 AM Tamás Cservenák <ta...@cservenak.net>
> wrote:
>
>> Henning, your do have open option to go:
>>
>> in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2
>> (suffers from https://issues.apache.org/jira/browse/MPLUGIN-382) to a
>> more recent one.
>>
>> OTOH, this issue revealed a validation issue:
>> - it relies on pluginDescriptor/dependencies to perform validation (that
>> contains wrong entries due MPLUGIN-382)
>> - we may want to validate the "reality" (plugin POM directly, instead of
>> derived plugin descriptor that is built out of plugin POM at build time by
>> maven-plugin-plugin, that may have bug as in this case)
>>
>> So, in this case we have an interesting situation:
>> - your inline project POM is good
>> - what is not good is bug in used m-plugin-p 3.6.2 (produces wrong plugin
>> descriptor)
>> - Maven 3.9.2 detects this (well, unwanted artifacts in there) and
>> reports "plugin as wrong"
>>
>> Your option is to upgrade m-plugin-p to (possibly latest) version and
>> release.
>>
>> Our option for the next Maven is probably to reconsider the data set we
>> validate from.
>>
>> Thanks
>> T
>>
>>
>>
>> On Fri, May 19, 2023 at 7:28 AM Henning Schmiedehausen <
>> henning@schmiedehausen.org> wrote:
>>
>>> From maven 3.9.2:
>>>
>>> [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
>>> [WARNING] Declared at location(s):
>>> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
>>> 145
>>> [WARNING] Used in module(s):
>>> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
>>> [WARNING] Plugin issue(s):
>>> [WARNING] * Plugin should declare these Maven artifacts in
>>> `*provided*`
>>> scope: [
>>> org.apache.maven:maven-artifact:3.8.4,
>>> org.apache.maven:maven-settings-builder:3.8.4,
>>> org.apache.maven:maven-repository-metadata:3.8.4,
>>> org.apache.maven:maven-builder-support:3.8.4,
>>> org.apache.maven:maven-core:3.8.4,
>>> org.apache.maven:maven-resolver-provider:3.8.4,
>>> org.apache.maven:maven-settings:3.8.4,
>>> org.apache.maven:maven-plugin-api:3.8.4,
>>> org.apache.maven:maven-model-builder:3.8.4,
>>> org.apache.maven:maven-model:3.8.4]
>>>
>>>
>>> From the plugin project itself, on the 1.0.1 tag:
>>>
>>> ❯ mvn dependency:list -pl :inline-maven-plugin | grep provided | sort
>>> [...]
>>> [INFO] org.apache.maven:maven-artifact:jar:3.8.4:*provided* -- module
>>> maven.artifact (auto)
>>> [INFO] org.apache.maven:maven-builder-support:jar:3.8.4:*provided* --
>>> module maven.builder.support (auto)
>>> [INFO] org.apache.maven:maven-core:jar:3.8.4:*provided* -- module
>>> maven.core (auto)
>>> [INFO] org.apache.maven:maven-model-builder:jar:3.8.4:*provided* --
>>> module maven.model.builder (auto)
>>> [INFO] org.apache.maven:maven-model:jar:3.8.4:*provided* -- module
>>> maven.model (auto)
>>> [INFO] org.apache.maven:maven-plugin-api:jar:3.8.4:*provided* --
>>> module
>>> maven.plugin.api (auto)
>>> [INFO] org.apache.maven:maven-repository-metadata:jar:3.8.4:*provided*
>>> -- module maven.repository.metadata (auto)
>>> [INFO] org.apache.maven:maven-resolver-provider:jar:3.8.4:*provided*
>>> --
>>> module maven.resolver.provider (auto)
>>> [INFO] org.apache.maven:maven-settings-builder:jar:3.8.4:*provided* --
>>> module maven.settings.builder (auto)
>>> [INFO] org.apache.maven:maven-settings:jar:3.8.4:*provided* -- module
>>> maven.settings (auto)
>>> [...]
>>>
>>> Sorry, folks, I got nothing.
>>>
>>> Maven 3.9.2 complains that the inline plugin needs to declare
>>> <dependencies> in *provided* scope. A build user might report that to
>>> their
>>> build engineer or report it to the plugin author.
>>>
>>> As the plugin author, my plugin in the version 1.0.1 *DOES* declare every
>>> single dependency that maven warns about in *provided* scope.
>>>
>>> There is literally *nothing* that I can do. Neither as build user, nor as
>>> build engineer, nor as plugin author.
>>>
>>> I don't get it. What *is* the point? Really interested to learn *why* the
>>> maven team has chosen to go down this path.
>>>
>>> -h
>>>
>>
Re: maven 3.9.x warnings
Posted by Michael Osipov <mi...@apache.org>.
Am 2023-05-19 um 20:15 schrieb Henning Schmiedehausen:
> Hi Tamas,
> You need to write documentation that helps your users. All the error
> messages and warnings and "this is wrong, fix it" messages to users do not
> help.
>
> This passive-aggressive attempt to surface problems in an obscure way to
> the end user and hope that "they file bugs with the plugin authors" is a
> terrible way to instigate change.
+1
> I understand that there is limited developer time on Maven and this looks
> tempting as the "simplest path" but all you have accomplished is reduce
> trust. "maven suddenly reports problems that were not there before. Were
> those always there? Are my builds still good? Do my older projects still
> build?"
>
> Surfacing non-actionable warnings or errors to a non-audience is a no-no
> for any user experience; this is UX 101.
> You need to turn all of these warnings *OFF* and document the existence of
> the switch *and* give developer documentation what you expect plugin users
> *to do*. And then evangelize that. That will get your allies (which are the
> plugin authors that will *want* to fix the problems) to help you. Not
> throw out another release with slightly tweaked warnings.
I agree with these as well.
> Calling "maven 3.9 is about the journey to 4.0" is ridiculous. Maven 3.9 is
> a, by definition, fully backwards compatible release of Apache Maven 3.x.
> If you need a journey, then release Maven 4.0.0 as that stepping stone and
> then 5.0 as a backwards incompatible version. Maven 4 has been in
> development for many years and developer uptake will take a long time,
> especially if all old builds break left and right. You may even end up
> having to call it "mvn4" and not "mvn" to not break build scripts in
> countless organizations.
Therefore, I stay on Maven 3.8.x for now.
M
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: maven 3.9.x warnings
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Le sam. 20 mai 2023 à 10:22, Slawomir Jaranowski <s....@gmail.com> a
écrit :
> Hi,
>
> We have two kinds of causes which can emit warnings:
> 1. wrong using of plugin by user like use deprecated or unexisting
> parameters, using deprecated goals
> 2. wrong implementation in plugin, eg scope, EOL components
>
> First group should be displayed - because the end user can fix their own
> build
> Second should be mentioned in brief mode.
>
> So I think we should split notification for such two groups and figure out
> - discuss how to best inform each group separately.
>
Idea is interesting but when intended user should be able to switch some
warning off without killing others (following the logic) so means a logger
per plugin-goal (maven 4 enabling to tune these levels easily) or a prop
per plugon-goal.
Still think it doesnt belong to maven core but help plugin and should be
enabled explicitly or not be.
> pt., 19 maj 2023 o 21:32 Romain Manni-Bucau <rm...@gmail.com>
> napisał(a):
>
> > +1 to make NONE the default, know it defeats the purpose but this feature
> > makes end user builds nasty whereas it should help them.
> >
> > I would also be +1 to make it a help:check-state goal rather than having
> it
> > in maven core where it is quite pointless IMHO as explained in earlier
> > threads.
> >
> > Le ven. 19 mai 2023 à 21:17, Henning Schmiedehausen <
> > henning@schmiedehausen.org> a écrit :
> >
> > > Hi Gary,
> > >
> > > Seems we both work in similar places. :-) Looking at
> > >
> > >
> >
> https://github.com/apache/maven/commit/11d97e64e7e3fbed23d8e98abdd8c015a957ee82
> > > ,
> > > it seems that 3.9.3 (whenever that comes) will improve things; the
> > default
> > > logging is still not great but at least I can add
> > > `<maven.plugin.validation>NONE</maven.plugin.validation>` to all my
> > > projects get back to the pre-3.9.x state. @michaelo might like that as
> > > well.
> > >
> > > @tamas I would have preferred if we did not add a "NONE" setting but
> made
> > > the "DEFAULT" value having no logging and replaced what is "DEFAULT" in
> > > 3.9.2 with "SUMMARY" or "NORMAL" or something else. That way, the
> default
> > > state would be the same as it was with maven 3.8.x (which is IMHO the
> > right
> > > thing to call "default") and everyone who wants to actually log
> warnings
> > > can turn it on.
> > >
> > > Adding the property above to my poms is a stop-gap, as it emits a
> warning
> > > on pre-3.9.3 maven versions, something that I can not fix because older
> > > versions of the build tool are "out there". I could put the property
> > under
> > > a profile but at that point it feels like fighting the tool.
> > >
> > > -h
> > >
> > > (pro-tip: Never call the value for a default setting "default".
> "default"
> > > is a state, not a value. If you want to change the "default" state, you
> > are
> > > now stuck with a value called "default")
> > >
> > >
> > >
> > > On Fri, May 19, 2023 at 11:47 AM Gary Gregory <ga...@gmail.com>
> > > wrote:
> > >
> > > > From this user's POV, I feel these warning force me to spin my
> wheels:
> > > If I
> > > > have old plugins I can update their versions, and then I still get
> the
> > > > warnings, none of which I can do anything about. I can do something
> > about
> > > > compiler warnings, I can do nothing about these.
> > > >
> > > > I am left to explain up and down the food chain with hand handwaving
> > why
> > > > these warnings are "ok" :-(
> > > >
> > > > Gary
> > > >
> > > >
> > > > On Fri, May 19, 2023, 14:15 Henning Schmiedehausen <
> > > > henning@schmiedehausen.org> wrote:
> > > >
> > > > > Hi Tamas,
> > > > >
> > > > > Thanks for the quick response.
> > > > >
> > > > > On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák <
> tamas@cservenak.net
> > >
> > > > > wrote:
> > > > >
> > > > > > Howdy,
> > > > > >
> > > > > > So, have a small local change, probably to go with 3.9.3.
> > > > > >
> > > > >
> > > > > [...]
> > > > >
> > > > >
> > > > > > [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> > > > > > [WARNING] Declared at location(s):
> > > > > > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT
> (core/pom.xml) @
> > > > line
> > > > > > 145
> > > > > > [WARNING] Used in module(s):
> > > > > > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> > > > > > [WARNING] Plugin issue(s):
> > > > > > [WARNING] * Plugin descriptor should not contain these Maven
> > > > > artifacts:
> > > > > > [org.apache.maven:maven-artifact:3.8.4,
> > > > > > org.apache.maven:maven-settings-builder:3.8.4,
> > > > > > org.apache.maven:maven-repository-metadata:3.8.4,
> > > > > > org.apache.maven:maven-builder-support:3.8.4,
> > > > > > org.apache.maven:maven-core:3.8.4,
> > > > > > org.apache.maven:maven-resolver-provider:3.8.4,
> > > > > > org.apache.maven:maven-settings:3.8.4,
> > > > > > org.apache.maven:maven-plugin-api:3.8.4,
> > > > > > org.apache.maven:maven-model-builder:3.8.4,
> > > > > > org.apache.maven:maven-model:3.8.4]
> > > > > >
> > > > >
> > > > > This has *zero* meaning to the person running the build. And it
> still
> > > > does
> > > > > not help the plugin author either. Because they (I) used the maven
> > tool
> > > > > chain that was current at the point in time the plugin was created.
> > > There
> > > > > is still no actionable advice in here and there is no link to any
> > > > > documentation that tells a plugin author what the root cause is and
> > > what
> > > > to
> > > > > do. Developers can now either do the "update everything and pray",
> an
> > > > > approach that worked exceedingly well with maven dependencies (look
> > at
> > > > all
> > > > > the incompatibilities with the 4.0.0-M<x> components) or turn
> around
> > to
> > > > the
> > > > > maven mailing list asking "what should I do".
> > > > >
> > > > > You need to write documentation that helps your users. All the
> error
> > > > > messages and warnings and "this is wrong, fix it" messages to users
> > do
> > > > not
> > > > > help.
> > > > >
> > > > > This passive-aggressive attempt to surface problems in an obscure
> way
> > > to
> > > > > the end user and hope that "they file bugs with the plugin authors"
> > is
> > > a
> > > > > terrible way to instigate change.
> > > > >
> > > > > I understand that there is limited developer time on Maven and this
> > > looks
> > > > > tempting as the "simplest path" but all you have accomplished is
> > reduce
> > > > > trust. "maven suddenly reports problems that were not there before.
> > > Were
> > > > > those always there? Are my builds still good? Do my older projects
> > > still
> > > > > build?"
> > > > >
> > > > > Surfacing non-actionable warnings or errors to a non-audience is a
> > > no-no
> > > > > for any user experience; this is UX 101.
> > > > >
> > > > > For Jdbi, I still get complaints
> > > > > about org.apache.maven.plugins:maven-pmd-plugin,
> > > > > org.apache.maven.plugins:maven-javadoc-plugin,
> > > > > org.apache.maven.plugins:maven-source-plugin,
> > > > > org.apache.maven.plugins:maven-dependency-plugin.
> > > > > So even the official maven plugins have not gotten this right. Of
> > > course
> > > > > you can say "time heals all wounds". That is not true, because
> there
> > is
> > > > > attrition by people switching tools. Heck, the ASF is now running a
> > > > gradle
> > > > > enterprise server.
> > > > >
> > > > > You need to turn all of these warnings *OFF* and document the
> > existence
> > > > of
> > > > > the switch *and* give developer documentation what you expect
> plugin
> > > > users
> > > > > *to do*. And then evangelize that. That will get your allies (which
> > are
> > > > the
> > > > > plugin authors that will *want* to fix the problems) to help you.
> > Not
> > > > > throw out another release with slightly tweaked warnings.
> > > > >
> > > > > Calling "maven 3.9 is about the journey to 4.0" is ridiculous.
> Maven
> > > 3.9
> > > > is
> > > > > a, by definition, fully backwards compatible release of Apache
> Maven
> > > 3.x.
> > > > > If you need a journey, then release Maven 4.0.0 as that stepping
> > stone
> > > > and
> > > > > then 5.0 as a backwards incompatible version. Maven 4 has been in
> > > > > development for many years and developer uptake will take a long
> > time,
> > > > > especially if all old builds break left and right. You may even end
> > up
> > > > > having to call it "mvn4" and not "mvn" to not break build scripts
> in
> > > > > countless organizations.
> > > > >
> > > > > -h
> > > > >
> > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
>
> --
> Sławomir Jaranowski
>
Re: maven 3.9.x warnings
Posted by Slawomir Jaranowski <s....@gmail.com>.
Hi,
We have two kinds of causes which can emit warnings:
1. wrong using of plugin by user like use deprecated or unexisting
parameters, using deprecated goals
2. wrong implementation in plugin, eg scope, EOL components
First group should be displayed - because the end user can fix their own
build
Second should be mentioned in brief mode.
So I think we should split notification for such two groups and figure out
- discuss how to best inform each group separately.
pt., 19 maj 2023 o 21:32 Romain Manni-Bucau <rm...@gmail.com>
napisał(a):
> +1 to make NONE the default, know it defeats the purpose but this feature
> makes end user builds nasty whereas it should help them.
>
> I would also be +1 to make it a help:check-state goal rather than having it
> in maven core where it is quite pointless IMHO as explained in earlier
> threads.
>
> Le ven. 19 mai 2023 à 21:17, Henning Schmiedehausen <
> henning@schmiedehausen.org> a écrit :
>
> > Hi Gary,
> >
> > Seems we both work in similar places. :-) Looking at
> >
> >
> https://github.com/apache/maven/commit/11d97e64e7e3fbed23d8e98abdd8c015a957ee82
> > ,
> > it seems that 3.9.3 (whenever that comes) will improve things; the
> default
> > logging is still not great but at least I can add
> > `<maven.plugin.validation>NONE</maven.plugin.validation>` to all my
> > projects get back to the pre-3.9.x state. @michaelo might like that as
> > well.
> >
> > @tamas I would have preferred if we did not add a "NONE" setting but made
> > the "DEFAULT" value having no logging and replaced what is "DEFAULT" in
> > 3.9.2 with "SUMMARY" or "NORMAL" or something else. That way, the default
> > state would be the same as it was with maven 3.8.x (which is IMHO the
> right
> > thing to call "default") and everyone who wants to actually log warnings
> > can turn it on.
> >
> > Adding the property above to my poms is a stop-gap, as it emits a warning
> > on pre-3.9.3 maven versions, something that I can not fix because older
> > versions of the build tool are "out there". I could put the property
> under
> > a profile but at that point it feels like fighting the tool.
> >
> > -h
> >
> > (pro-tip: Never call the value for a default setting "default". "default"
> > is a state, not a value. If you want to change the "default" state, you
> are
> > now stuck with a value called "default")
> >
> >
> >
> > On Fri, May 19, 2023 at 11:47 AM Gary Gregory <ga...@gmail.com>
> > wrote:
> >
> > > From this user's POV, I feel these warning force me to spin my wheels:
> > If I
> > > have old plugins I can update their versions, and then I still get the
> > > warnings, none of which I can do anything about. I can do something
> about
> > > compiler warnings, I can do nothing about these.
> > >
> > > I am left to explain up and down the food chain with hand handwaving
> why
> > > these warnings are "ok" :-(
> > >
> > > Gary
> > >
> > >
> > > On Fri, May 19, 2023, 14:15 Henning Schmiedehausen <
> > > henning@schmiedehausen.org> wrote:
> > >
> > > > Hi Tamas,
> > > >
> > > > Thanks for the quick response.
> > > >
> > > > On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák <tamas@cservenak.net
> >
> > > > wrote:
> > > >
> > > > > Howdy,
> > > > >
> > > > > So, have a small local change, probably to go with 3.9.3.
> > > > >
> > > >
> > > > [...]
> > > >
> > > >
> > > > > [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> > > > > [WARNING] Declared at location(s):
> > > > > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @
> > > line
> > > > > 145
> > > > > [WARNING] Used in module(s):
> > > > > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> > > > > [WARNING] Plugin issue(s):
> > > > > [WARNING] * Plugin descriptor should not contain these Maven
> > > > artifacts:
> > > > > [org.apache.maven:maven-artifact:3.8.4,
> > > > > org.apache.maven:maven-settings-builder:3.8.4,
> > > > > org.apache.maven:maven-repository-metadata:3.8.4,
> > > > > org.apache.maven:maven-builder-support:3.8.4,
> > > > > org.apache.maven:maven-core:3.8.4,
> > > > > org.apache.maven:maven-resolver-provider:3.8.4,
> > > > > org.apache.maven:maven-settings:3.8.4,
> > > > > org.apache.maven:maven-plugin-api:3.8.4,
> > > > > org.apache.maven:maven-model-builder:3.8.4,
> > > > > org.apache.maven:maven-model:3.8.4]
> > > > >
> > > >
> > > > This has *zero* meaning to the person running the build. And it still
> > > does
> > > > not help the plugin author either. Because they (I) used the maven
> tool
> > > > chain that was current at the point in time the plugin was created.
> > There
> > > > is still no actionable advice in here and there is no link to any
> > > > documentation that tells a plugin author what the root cause is and
> > what
> > > to
> > > > do. Developers can now either do the "update everything and pray", an
> > > > approach that worked exceedingly well with maven dependencies (look
> at
> > > all
> > > > the incompatibilities with the 4.0.0-M<x> components) or turn around
> to
> > > the
> > > > maven mailing list asking "what should I do".
> > > >
> > > > You need to write documentation that helps your users. All the error
> > > > messages and warnings and "this is wrong, fix it" messages to users
> do
> > > not
> > > > help.
> > > >
> > > > This passive-aggressive attempt to surface problems in an obscure way
> > to
> > > > the end user and hope that "they file bugs with the plugin authors"
> is
> > a
> > > > terrible way to instigate change.
> > > >
> > > > I understand that there is limited developer time on Maven and this
> > looks
> > > > tempting as the "simplest path" but all you have accomplished is
> reduce
> > > > trust. "maven suddenly reports problems that were not there before.
> > Were
> > > > those always there? Are my builds still good? Do my older projects
> > still
> > > > build?"
> > > >
> > > > Surfacing non-actionable warnings or errors to a non-audience is a
> > no-no
> > > > for any user experience; this is UX 101.
> > > >
> > > > For Jdbi, I still get complaints
> > > > about org.apache.maven.plugins:maven-pmd-plugin,
> > > > org.apache.maven.plugins:maven-javadoc-plugin,
> > > > org.apache.maven.plugins:maven-source-plugin,
> > > > org.apache.maven.plugins:maven-dependency-plugin.
> > > > So even the official maven plugins have not gotten this right. Of
> > course
> > > > you can say "time heals all wounds". That is not true, because there
> is
> > > > attrition by people switching tools. Heck, the ASF is now running a
> > > gradle
> > > > enterprise server.
> > > >
> > > > You need to turn all of these warnings *OFF* and document the
> existence
> > > of
> > > > the switch *and* give developer documentation what you expect plugin
> > > users
> > > > *to do*. And then evangelize that. That will get your allies (which
> are
> > > the
> > > > plugin authors that will *want* to fix the problems) to help you.
> Not
> > > > throw out another release with slightly tweaked warnings.
> > > >
> > > > Calling "maven 3.9 is about the journey to 4.0" is ridiculous. Maven
> > 3.9
> > > is
> > > > a, by definition, fully backwards compatible release of Apache Maven
> > 3.x.
> > > > If you need a journey, then release Maven 4.0.0 as that stepping
> stone
> > > and
> > > > then 5.0 as a backwards incompatible version. Maven 4 has been in
> > > > development for many years and developer uptake will take a long
> time,
> > > > especially if all old builds break left and right. You may even end
> up
> > > > having to call it "mvn4" and not "mvn" to not break build scripts in
> > > > countless organizations.
> > > >
> > > > -h
> > > >
> > > >
> > > > >
> > > >
> > >
> >
>
--
Sławomir Jaranowski
Re: maven 3.9.x warnings
Posted by Olivier Lamy <ol...@apache.org>.
Can't we store the text warnings in a file target/mvn-warning.txt
(whatever the name is)
Then per default a single warning line telling the user there will be
potential issues with this build in maven 4.x (more details look at
target/mvn-warning.txt) and telling him the flags to have more details
On Sat, 20 May 2023 at 08:04, Henning Schmiedehausen
<he...@schmiedehausen.org> wrote:
>
> Thank you for speaking up. I would encourage others that feel the same way
> to speak up as well. I do not believe that the "we ram this through and
> hope that at some point all plugins are updated so the warnings die down"
> is a viable approach.
>
> This is what I wrote on the PR ("you/your" is @tamas here): *"I very much
> disagree with your "my way or the highway" approach. There is a lot of
> criticism with the approach to "the purpose". Of course, you can just ram
> your approach through and hope for the best. It will not work, as the
> changes will break older builds that people do not update and you cause
> continuing pain for developers. People will be stuck on 3.9 forever because
> "it is the last version that supports that unmaintained foo plugin that I
> need for my build and can not move off" and grind their teeth. The answer
> will be "we move off maven", not "we fix that plugin"."*
>
> Not going where the users are or actively snubbing your users is a good way
> to lose users. 3.9.x so far is a case study on focusing on the maven
> developers own needs and snubbing the maven users.
>
> -h
>
>
> On Fri, May 19, 2023 at 12:33 PM Romain Manni-Bucau <rm...@gmail.com>
> wrote:
>
> > +1 to make NONE the default, know it defeats the purpose but this feature
> > makes end user builds nasty whereas it should help them.
> >
> > I would also be +1 to make it a help:check-state goal rather than having it
> > in maven core where it is quite pointless IMHO as explained in earlier
> > threads.
> >
> > Le ven. 19 mai 2023 à 21:17, Henning Schmiedehausen <
> > henning@schmiedehausen.org> a écrit :
> >
> > > Hi Gary,
> > >
> > > Seems we both work in similar places. :-) Looking at
> > >
> > >
> > https://github.com/apache/maven/commit/11d97e64e7e3fbed23d8e98abdd8c015a957ee82
> > > ,
> > > it seems that 3.9.3 (whenever that comes) will improve things; the
> > default
> > > logging is still not great but at least I can add
> > > `<maven.plugin.validation>NONE</maven.plugin.validation>` to all my
> > > projects get back to the pre-3.9.x state. @michaelo might like that as
> > > well.
> > >
> > > @tamas I would have preferred if we did not add a "NONE" setting but made
> > > the "DEFAULT" value having no logging and replaced what is "DEFAULT" in
> > > 3.9.2 with "SUMMARY" or "NORMAL" or something else. That way, the default
> > > state would be the same as it was with maven 3.8.x (which is IMHO the
> > right
> > > thing to call "default") and everyone who wants to actually log warnings
> > > can turn it on.
> > >
> > > Adding the property above to my poms is a stop-gap, as it emits a warning
> > > on pre-3.9.3 maven versions, something that I can not fix because older
> > > versions of the build tool are "out there". I could put the property
> > under
> > > a profile but at that point it feels like fighting the tool.
> > >
> > > -h
> > >
> > > (pro-tip: Never call the value for a default setting "default". "default"
> > > is a state, not a value. If you want to change the "default" state, you
> > are
> > > now stuck with a value called "default")
> > >
> > >
> > >
> > > On Fri, May 19, 2023 at 11:47 AM Gary Gregory <ga...@gmail.com>
> > > wrote:
> > >
> > > > From this user's POV, I feel these warning force me to spin my wheels:
> > > If I
> > > > have old plugins I can update their versions, and then I still get the
> > > > warnings, none of which I can do anything about. I can do something
> > about
> > > > compiler warnings, I can do nothing about these.
> > > >
> > > > I am left to explain up and down the food chain with hand handwaving
> > why
> > > > these warnings are "ok" :-(
> > > >
> > > > Gary
> > > >
> > > >
> > > > On Fri, May 19, 2023, 14:15 Henning Schmiedehausen <
> > > > henning@schmiedehausen.org> wrote:
> > > >
> > > > > Hi Tamas,
> > > > >
> > > > > Thanks for the quick response.
> > > > >
> > > > > On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák <tamas@cservenak.net
> > >
> > > > > wrote:
> > > > >
> > > > > > Howdy,
> > > > > >
> > > > > > So, have a small local change, probably to go with 3.9.3.
> > > > > >
> > > > >
> > > > > [...]
> > > > >
> > > > >
> > > > > > [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> > > > > > [WARNING] Declared at location(s):
> > > > > > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @
> > > > line
> > > > > > 145
> > > > > > [WARNING] Used in module(s):
> > > > > > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> > > > > > [WARNING] Plugin issue(s):
> > > > > > [WARNING] * Plugin descriptor should not contain these Maven
> > > > > artifacts:
> > > > > > [org.apache.maven:maven-artifact:3.8.4,
> > > > > > org.apache.maven:maven-settings-builder:3.8.4,
> > > > > > org.apache.maven:maven-repository-metadata:3.8.4,
> > > > > > org.apache.maven:maven-builder-support:3.8.4,
> > > > > > org.apache.maven:maven-core:3.8.4,
> > > > > > org.apache.maven:maven-resolver-provider:3.8.4,
> > > > > > org.apache.maven:maven-settings:3.8.4,
> > > > > > org.apache.maven:maven-plugin-api:3.8.4,
> > > > > > org.apache.maven:maven-model-builder:3.8.4,
> > > > > > org.apache.maven:maven-model:3.8.4]
> > > > > >
> > > > >
> > > > > This has *zero* meaning to the person running the build. And it still
> > > > does
> > > > > not help the plugin author either. Because they (I) used the maven
> > tool
> > > > > chain that was current at the point in time the plugin was created.
> > > There
> > > > > is still no actionable advice in here and there is no link to any
> > > > > documentation that tells a plugin author what the root cause is and
> > > what
> > > > to
> > > > > do. Developers can now either do the "update everything and pray", an
> > > > > approach that worked exceedingly well with maven dependencies (look
> > at
> > > > all
> > > > > the incompatibilities with the 4.0.0-M<x> components) or turn around
> > to
> > > > the
> > > > > maven mailing list asking "what should I do".
> > > > >
> > > > > You need to write documentation that helps your users. All the error
> > > > > messages and warnings and "this is wrong, fix it" messages to users
> > do
> > > > not
> > > > > help.
> > > > >
> > > > > This passive-aggressive attempt to surface problems in an obscure way
> > > to
> > > > > the end user and hope that "they file bugs with the plugin authors"
> > is
> > > a
> > > > > terrible way to instigate change.
> > > > >
> > > > > I understand that there is limited developer time on Maven and this
> > > looks
> > > > > tempting as the "simplest path" but all you have accomplished is
> > reduce
> > > > > trust. "maven suddenly reports problems that were not there before.
> > > Were
> > > > > those always there? Are my builds still good? Do my older projects
> > > still
> > > > > build?"
> > > > >
> > > > > Surfacing non-actionable warnings or errors to a non-audience is a
> > > no-no
> > > > > for any user experience; this is UX 101.
> > > > >
> > > > > For Jdbi, I still get complaints
> > > > > about org.apache.maven.plugins:maven-pmd-plugin,
> > > > > org.apache.maven.plugins:maven-javadoc-plugin,
> > > > > org.apache.maven.plugins:maven-source-plugin,
> > > > > org.apache.maven.plugins:maven-dependency-plugin.
> > > > > So even the official maven plugins have not gotten this right. Of
> > > course
> > > > > you can say "time heals all wounds". That is not true, because there
> > is
> > > > > attrition by people switching tools. Heck, the ASF is now running a
> > > > gradle
> > > > > enterprise server.
> > > > >
> > > > > You need to turn all of these warnings *OFF* and document the
> > existence
> > > > of
> > > > > the switch *and* give developer documentation what you expect plugin
> > > > users
> > > > > *to do*. And then evangelize that. That will get your allies (which
> > are
> > > > the
> > > > > plugin authors that will *want* to fix the problems) to help you.
> > Not
> > > > > throw out another release with slightly tweaked warnings.
> > > > >
> > > > > Calling "maven 3.9 is about the journey to 4.0" is ridiculous. Maven
> > > 3.9
> > > > is
> > > > > a, by definition, fully backwards compatible release of Apache Maven
> > > 3.x.
> > > > > If you need a journey, then release Maven 4.0.0 as that stepping
> > stone
> > > > and
> > > > > then 5.0 as a backwards incompatible version. Maven 4 has been in
> > > > > development for many years and developer uptake will take a long
> > time,
> > > > > especially if all old builds break left and right. You may even end
> > up
> > > > > having to call it "mvn4" and not "mvn" to not break build scripts in
> > > > > countless organizations.
> > > > >
> > > > > -h
> > > > >
> > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: maven 3.9.x warnings
Posted by Henning Schmiedehausen <he...@schmiedehausen.org>.
Thank you for speaking up. I would encourage others that feel the same way
to speak up as well. I do not believe that the "we ram this through and
hope that at some point all plugins are updated so the warnings die down"
is a viable approach.
This is what I wrote on the PR ("you/your" is @tamas here): *"I very much
disagree with your "my way or the highway" approach. There is a lot of
criticism with the approach to "the purpose". Of course, you can just ram
your approach through and hope for the best. It will not work, as the
changes will break older builds that people do not update and you cause
continuing pain for developers. People will be stuck on 3.9 forever because
"it is the last version that supports that unmaintained foo plugin that I
need for my build and can not move off" and grind their teeth. The answer
will be "we move off maven", not "we fix that plugin"."*
Not going where the users are or actively snubbing your users is a good way
to lose users. 3.9.x so far is a case study on focusing on the maven
developers own needs and snubbing the maven users.
-h
On Fri, May 19, 2023 at 12:33 PM Romain Manni-Bucau <rm...@gmail.com>
wrote:
> +1 to make NONE the default, know it defeats the purpose but this feature
> makes end user builds nasty whereas it should help them.
>
> I would also be +1 to make it a help:check-state goal rather than having it
> in maven core where it is quite pointless IMHO as explained in earlier
> threads.
>
> Le ven. 19 mai 2023 à 21:17, Henning Schmiedehausen <
> henning@schmiedehausen.org> a écrit :
>
> > Hi Gary,
> >
> > Seems we both work in similar places. :-) Looking at
> >
> >
> https://github.com/apache/maven/commit/11d97e64e7e3fbed23d8e98abdd8c015a957ee82
> > ,
> > it seems that 3.9.3 (whenever that comes) will improve things; the
> default
> > logging is still not great but at least I can add
> > `<maven.plugin.validation>NONE</maven.plugin.validation>` to all my
> > projects get back to the pre-3.9.x state. @michaelo might like that as
> > well.
> >
> > @tamas I would have preferred if we did not add a "NONE" setting but made
> > the "DEFAULT" value having no logging and replaced what is "DEFAULT" in
> > 3.9.2 with "SUMMARY" or "NORMAL" or something else. That way, the default
> > state would be the same as it was with maven 3.8.x (which is IMHO the
> right
> > thing to call "default") and everyone who wants to actually log warnings
> > can turn it on.
> >
> > Adding the property above to my poms is a stop-gap, as it emits a warning
> > on pre-3.9.3 maven versions, something that I can not fix because older
> > versions of the build tool are "out there". I could put the property
> under
> > a profile but at that point it feels like fighting the tool.
> >
> > -h
> >
> > (pro-tip: Never call the value for a default setting "default". "default"
> > is a state, not a value. If you want to change the "default" state, you
> are
> > now stuck with a value called "default")
> >
> >
> >
> > On Fri, May 19, 2023 at 11:47 AM Gary Gregory <ga...@gmail.com>
> > wrote:
> >
> > > From this user's POV, I feel these warning force me to spin my wheels:
> > If I
> > > have old plugins I can update their versions, and then I still get the
> > > warnings, none of which I can do anything about. I can do something
> about
> > > compiler warnings, I can do nothing about these.
> > >
> > > I am left to explain up and down the food chain with hand handwaving
> why
> > > these warnings are "ok" :-(
> > >
> > > Gary
> > >
> > >
> > > On Fri, May 19, 2023, 14:15 Henning Schmiedehausen <
> > > henning@schmiedehausen.org> wrote:
> > >
> > > > Hi Tamas,
> > > >
> > > > Thanks for the quick response.
> > > >
> > > > On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák <tamas@cservenak.net
> >
> > > > wrote:
> > > >
> > > > > Howdy,
> > > > >
> > > > > So, have a small local change, probably to go with 3.9.3.
> > > > >
> > > >
> > > > [...]
> > > >
> > > >
> > > > > [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> > > > > [WARNING] Declared at location(s):
> > > > > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @
> > > line
> > > > > 145
> > > > > [WARNING] Used in module(s):
> > > > > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> > > > > [WARNING] Plugin issue(s):
> > > > > [WARNING] * Plugin descriptor should not contain these Maven
> > > > artifacts:
> > > > > [org.apache.maven:maven-artifact:3.8.4,
> > > > > org.apache.maven:maven-settings-builder:3.8.4,
> > > > > org.apache.maven:maven-repository-metadata:3.8.4,
> > > > > org.apache.maven:maven-builder-support:3.8.4,
> > > > > org.apache.maven:maven-core:3.8.4,
> > > > > org.apache.maven:maven-resolver-provider:3.8.4,
> > > > > org.apache.maven:maven-settings:3.8.4,
> > > > > org.apache.maven:maven-plugin-api:3.8.4,
> > > > > org.apache.maven:maven-model-builder:3.8.4,
> > > > > org.apache.maven:maven-model:3.8.4]
> > > > >
> > > >
> > > > This has *zero* meaning to the person running the build. And it still
> > > does
> > > > not help the plugin author either. Because they (I) used the maven
> tool
> > > > chain that was current at the point in time the plugin was created.
> > There
> > > > is still no actionable advice in here and there is no link to any
> > > > documentation that tells a plugin author what the root cause is and
> > what
> > > to
> > > > do. Developers can now either do the "update everything and pray", an
> > > > approach that worked exceedingly well with maven dependencies (look
> at
> > > all
> > > > the incompatibilities with the 4.0.0-M<x> components) or turn around
> to
> > > the
> > > > maven mailing list asking "what should I do".
> > > >
> > > > You need to write documentation that helps your users. All the error
> > > > messages and warnings and "this is wrong, fix it" messages to users
> do
> > > not
> > > > help.
> > > >
> > > > This passive-aggressive attempt to surface problems in an obscure way
> > to
> > > > the end user and hope that "they file bugs with the plugin authors"
> is
> > a
> > > > terrible way to instigate change.
> > > >
> > > > I understand that there is limited developer time on Maven and this
> > looks
> > > > tempting as the "simplest path" but all you have accomplished is
> reduce
> > > > trust. "maven suddenly reports problems that were not there before.
> > Were
> > > > those always there? Are my builds still good? Do my older projects
> > still
> > > > build?"
> > > >
> > > > Surfacing non-actionable warnings or errors to a non-audience is a
> > no-no
> > > > for any user experience; this is UX 101.
> > > >
> > > > For Jdbi, I still get complaints
> > > > about org.apache.maven.plugins:maven-pmd-plugin,
> > > > org.apache.maven.plugins:maven-javadoc-plugin,
> > > > org.apache.maven.plugins:maven-source-plugin,
> > > > org.apache.maven.plugins:maven-dependency-plugin.
> > > > So even the official maven plugins have not gotten this right. Of
> > course
> > > > you can say "time heals all wounds". That is not true, because there
> is
> > > > attrition by people switching tools. Heck, the ASF is now running a
> > > gradle
> > > > enterprise server.
> > > >
> > > > You need to turn all of these warnings *OFF* and document the
> existence
> > > of
> > > > the switch *and* give developer documentation what you expect plugin
> > > users
> > > > *to do*. And then evangelize that. That will get your allies (which
> are
> > > the
> > > > plugin authors that will *want* to fix the problems) to help you.
> Not
> > > > throw out another release with slightly tweaked warnings.
> > > >
> > > > Calling "maven 3.9 is about the journey to 4.0" is ridiculous. Maven
> > 3.9
> > > is
> > > > a, by definition, fully backwards compatible release of Apache Maven
> > 3.x.
> > > > If you need a journey, then release Maven 4.0.0 as that stepping
> stone
> > > and
> > > > then 5.0 as a backwards incompatible version. Maven 4 has been in
> > > > development for many years and developer uptake will take a long
> time,
> > > > especially if all old builds break left and right. You may even end
> up
> > > > having to call it "mvn4" and not "mvn" to not break build scripts in
> > > > countless organizations.
> > > >
> > > > -h
> > > >
> > > >
> > > > >
> > > >
> > >
> >
>
Re: maven 3.9.x warnings
Posted by Romain Manni-Bucau <rm...@gmail.com>.
+1 to make NONE the default, know it defeats the purpose but this feature
makes end user builds nasty whereas it should help them.
I would also be +1 to make it a help:check-state goal rather than having it
in maven core where it is quite pointless IMHO as explained in earlier
threads.
Le ven. 19 mai 2023 à 21:17, Henning Schmiedehausen <
henning@schmiedehausen.org> a écrit :
> Hi Gary,
>
> Seems we both work in similar places. :-) Looking at
>
> https://github.com/apache/maven/commit/11d97e64e7e3fbed23d8e98abdd8c015a957ee82
> ,
> it seems that 3.9.3 (whenever that comes) will improve things; the default
> logging is still not great but at least I can add
> `<maven.plugin.validation>NONE</maven.plugin.validation>` to all my
> projects get back to the pre-3.9.x state. @michaelo might like that as
> well.
>
> @tamas I would have preferred if we did not add a "NONE" setting but made
> the "DEFAULT" value having no logging and replaced what is "DEFAULT" in
> 3.9.2 with "SUMMARY" or "NORMAL" or something else. That way, the default
> state would be the same as it was with maven 3.8.x (which is IMHO the right
> thing to call "default") and everyone who wants to actually log warnings
> can turn it on.
>
> Adding the property above to my poms is a stop-gap, as it emits a warning
> on pre-3.9.3 maven versions, something that I can not fix because older
> versions of the build tool are "out there". I could put the property under
> a profile but at that point it feels like fighting the tool.
>
> -h
>
> (pro-tip: Never call the value for a default setting "default". "default"
> is a state, not a value. If you want to change the "default" state, you are
> now stuck with a value called "default")
>
>
>
> On Fri, May 19, 2023 at 11:47 AM Gary Gregory <ga...@gmail.com>
> wrote:
>
> > From this user's POV, I feel these warning force me to spin my wheels:
> If I
> > have old plugins I can update their versions, and then I still get the
> > warnings, none of which I can do anything about. I can do something about
> > compiler warnings, I can do nothing about these.
> >
> > I am left to explain up and down the food chain with hand handwaving why
> > these warnings are "ok" :-(
> >
> > Gary
> >
> >
> > On Fri, May 19, 2023, 14:15 Henning Schmiedehausen <
> > henning@schmiedehausen.org> wrote:
> >
> > > Hi Tamas,
> > >
> > > Thanks for the quick response.
> > >
> > > On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák <ta...@cservenak.net>
> > > wrote:
> > >
> > > > Howdy,
> > > >
> > > > So, have a small local change, probably to go with 3.9.3.
> > > >
> > >
> > > [...]
> > >
> > >
> > > > [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> > > > [WARNING] Declared at location(s):
> > > > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @
> > line
> > > > 145
> > > > [WARNING] Used in module(s):
> > > > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> > > > [WARNING] Plugin issue(s):
> > > > [WARNING] * Plugin descriptor should not contain these Maven
> > > artifacts:
> > > > [org.apache.maven:maven-artifact:3.8.4,
> > > > org.apache.maven:maven-settings-builder:3.8.4,
> > > > org.apache.maven:maven-repository-metadata:3.8.4,
> > > > org.apache.maven:maven-builder-support:3.8.4,
> > > > org.apache.maven:maven-core:3.8.4,
> > > > org.apache.maven:maven-resolver-provider:3.8.4,
> > > > org.apache.maven:maven-settings:3.8.4,
> > > > org.apache.maven:maven-plugin-api:3.8.4,
> > > > org.apache.maven:maven-model-builder:3.8.4,
> > > > org.apache.maven:maven-model:3.8.4]
> > > >
> > >
> > > This has *zero* meaning to the person running the build. And it still
> > does
> > > not help the plugin author either. Because they (I) used the maven tool
> > > chain that was current at the point in time the plugin was created.
> There
> > > is still no actionable advice in here and there is no link to any
> > > documentation that tells a plugin author what the root cause is and
> what
> > to
> > > do. Developers can now either do the "update everything and pray", an
> > > approach that worked exceedingly well with maven dependencies (look at
> > all
> > > the incompatibilities with the 4.0.0-M<x> components) or turn around to
> > the
> > > maven mailing list asking "what should I do".
> > >
> > > You need to write documentation that helps your users. All the error
> > > messages and warnings and "this is wrong, fix it" messages to users do
> > not
> > > help.
> > >
> > > This passive-aggressive attempt to surface problems in an obscure way
> to
> > > the end user and hope that "they file bugs with the plugin authors" is
> a
> > > terrible way to instigate change.
> > >
> > > I understand that there is limited developer time on Maven and this
> looks
> > > tempting as the "simplest path" but all you have accomplished is reduce
> > > trust. "maven suddenly reports problems that were not there before.
> Were
> > > those always there? Are my builds still good? Do my older projects
> still
> > > build?"
> > >
> > > Surfacing non-actionable warnings or errors to a non-audience is a
> no-no
> > > for any user experience; this is UX 101.
> > >
> > > For Jdbi, I still get complaints
> > > about org.apache.maven.plugins:maven-pmd-plugin,
> > > org.apache.maven.plugins:maven-javadoc-plugin,
> > > org.apache.maven.plugins:maven-source-plugin,
> > > org.apache.maven.plugins:maven-dependency-plugin.
> > > So even the official maven plugins have not gotten this right. Of
> course
> > > you can say "time heals all wounds". That is not true, because there is
> > > attrition by people switching tools. Heck, the ASF is now running a
> > gradle
> > > enterprise server.
> > >
> > > You need to turn all of these warnings *OFF* and document the existence
> > of
> > > the switch *and* give developer documentation what you expect plugin
> > users
> > > *to do*. And then evangelize that. That will get your allies (which are
> > the
> > > plugin authors that will *want* to fix the problems) to help you. Not
> > > throw out another release with slightly tweaked warnings.
> > >
> > > Calling "maven 3.9 is about the journey to 4.0" is ridiculous. Maven
> 3.9
> > is
> > > a, by definition, fully backwards compatible release of Apache Maven
> 3.x.
> > > If you need a journey, then release Maven 4.0.0 as that stepping stone
> > and
> > > then 5.0 as a backwards incompatible version. Maven 4 has been in
> > > development for many years and developer uptake will take a long time,
> > > especially if all old builds break left and right. You may even end up
> > > having to call it "mvn4" and not "mvn" to not break build scripts in
> > > countless organizations.
> > >
> > > -h
> > >
> > >
> > > >
> > >
> >
>
Re: maven 3.9.x warnings
Posted by Henning Schmiedehausen <he...@schmiedehausen.org>.
I put https://github.com/apache/maven/pull/1116 together which does exactly
that. It is literally three lines of code.
-h
On Fri, May 19, 2023 at 12:17 PM Henning Schmiedehausen <
henning@schmiedehausen.org> wrote:
> Hi Gary,
>
> Seems we both work in similar places. :-) Looking at
> https://github.com/apache/maven/commit/11d97e64e7e3fbed23d8e98abdd8c015a957ee82,
> it seems that 3.9.3 (whenever that comes) will improve things; the default
> logging is still not great but at least I can add
> `<maven.plugin.validation>NONE</maven.plugin.validation>` to all my
> projects get back to the pre-3.9.x state. @michaelo might like that as well.
>
> @tamas I would have preferred if we did not add a "NONE" setting but made
> the "DEFAULT" value having no logging and replaced what is "DEFAULT" in
> 3.9.2 with "SUMMARY" or "NORMAL" or something else. That way, the default
> state would be the same as it was with maven 3.8.x (which is IMHO the right
> thing to call "default") and everyone who wants to actually log warnings
> can turn it on.
>
> Adding the property above to my poms is a stop-gap, as it emits a warning
> on pre-3.9.3 maven versions, something that I can not fix because older
> versions of the build tool are "out there". I could put the property under
> a profile but at that point it feels like fighting the tool.
>
> -h
>
> (pro-tip: Never call the value for a default setting "default". "default"
> is a state, not a value. If you want to change the "default" state, you are
> now stuck with a value called "default")
>
>
>
> On Fri, May 19, 2023 at 11:47 AM Gary Gregory <ga...@gmail.com>
> wrote:
>
>> From this user's POV, I feel these warning force me to spin my wheels: If
>> I
>> have old plugins I can update their versions, and then I still get the
>> warnings, none of which I can do anything about. I can do something about
>> compiler warnings, I can do nothing about these.
>>
>> I am left to explain up and down the food chain with hand handwaving why
>> these warnings are "ok" :-(
>>
>> Gary
>>
>>
>> On Fri, May 19, 2023, 14:15 Henning Schmiedehausen <
>> henning@schmiedehausen.org> wrote:
>>
>> > Hi Tamas,
>> >
>> > Thanks for the quick response.
>> >
>> > On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák <ta...@cservenak.net>
>> > wrote:
>> >
>> > > Howdy,
>> > >
>> > > So, have a small local change, probably to go with 3.9.3.
>> > >
>> >
>> > [...]
>> >
>> >
>> > > [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
>> > > [WARNING] Declared at location(s):
>> > > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @
>> line
>> > > 145
>> > > [WARNING] Used in module(s):
>> > > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
>> > > [WARNING] Plugin issue(s):
>> > > [WARNING] * Plugin descriptor should not contain these Maven
>> > artifacts:
>> > > [org.apache.maven:maven-artifact:3.8.4,
>> > > org.apache.maven:maven-settings-builder:3.8.4,
>> > > org.apache.maven:maven-repository-metadata:3.8.4,
>> > > org.apache.maven:maven-builder-support:3.8.4,
>> > > org.apache.maven:maven-core:3.8.4,
>> > > org.apache.maven:maven-resolver-provider:3.8.4,
>> > > org.apache.maven:maven-settings:3.8.4,
>> > > org.apache.maven:maven-plugin-api:3.8.4,
>> > > org.apache.maven:maven-model-builder:3.8.4,
>> > > org.apache.maven:maven-model:3.8.4]
>> > >
>> >
>> > This has *zero* meaning to the person running the build. And it still
>> does
>> > not help the plugin author either. Because they (I) used the maven tool
>> > chain that was current at the point in time the plugin was created.
>> There
>> > is still no actionable advice in here and there is no link to any
>> > documentation that tells a plugin author what the root cause is and
>> what to
>> > do. Developers can now either do the "update everything and pray", an
>> > approach that worked exceedingly well with maven dependencies (look at
>> all
>> > the incompatibilities with the 4.0.0-M<x> components) or turn around to
>> the
>> > maven mailing list asking "what should I do".
>> >
>> > You need to write documentation that helps your users. All the error
>> > messages and warnings and "this is wrong, fix it" messages to users do
>> not
>> > help.
>> >
>> > This passive-aggressive attempt to surface problems in an obscure way to
>> > the end user and hope that "they file bugs with the plugin authors" is a
>> > terrible way to instigate change.
>> >
>> > I understand that there is limited developer time on Maven and this
>> looks
>> > tempting as the "simplest path" but all you have accomplished is reduce
>> > trust. "maven suddenly reports problems that were not there before. Were
>> > those always there? Are my builds still good? Do my older projects still
>> > build?"
>> >
>> > Surfacing non-actionable warnings or errors to a non-audience is a no-no
>> > for any user experience; this is UX 101.
>> >
>> > For Jdbi, I still get complaints
>> > about org.apache.maven.plugins:maven-pmd-plugin,
>> > org.apache.maven.plugins:maven-javadoc-plugin,
>> > org.apache.maven.plugins:maven-source-plugin,
>> > org.apache.maven.plugins:maven-dependency-plugin.
>> > So even the official maven plugins have not gotten this right. Of course
>> > you can say "time heals all wounds". That is not true, because there is
>> > attrition by people switching tools. Heck, the ASF is now running a
>> gradle
>> > enterprise server.
>> >
>> > You need to turn all of these warnings *OFF* and document the existence
>> of
>> > the switch *and* give developer documentation what you expect plugin
>> users
>> > *to do*. And then evangelize that. That will get your allies (which are
>> the
>> > plugin authors that will *want* to fix the problems) to help you. Not
>> > throw out another release with slightly tweaked warnings.
>> >
>> > Calling "maven 3.9 is about the journey to 4.0" is ridiculous. Maven
>> 3.9 is
>> > a, by definition, fully backwards compatible release of Apache Maven
>> 3.x.
>> > If you need a journey, then release Maven 4.0.0 as that stepping stone
>> and
>> > then 5.0 as a backwards incompatible version. Maven 4 has been in
>> > development for many years and developer uptake will take a long time,
>> > especially if all old builds break left and right. You may even end up
>> > having to call it "mvn4" and not "mvn" to not break build scripts in
>> > countless organizations.
>> >
>> > -h
>> >
>> >
>> > >
>> >
>>
>
Re: maven 3.9.x warnings
Posted by Henning Schmiedehausen <he...@schmiedehausen.org>.
Hi Gary,
Seems we both work in similar places. :-) Looking at
https://github.com/apache/maven/commit/11d97e64e7e3fbed23d8e98abdd8c015a957ee82,
it seems that 3.9.3 (whenever that comes) will improve things; the default
logging is still not great but at least I can add
`<maven.plugin.validation>NONE</maven.plugin.validation>` to all my
projects get back to the pre-3.9.x state. @michaelo might like that as well.
@tamas I would have preferred if we did not add a "NONE" setting but made
the "DEFAULT" value having no logging and replaced what is "DEFAULT" in
3.9.2 with "SUMMARY" or "NORMAL" or something else. That way, the default
state would be the same as it was with maven 3.8.x (which is IMHO the right
thing to call "default") and everyone who wants to actually log warnings
can turn it on.
Adding the property above to my poms is a stop-gap, as it emits a warning
on pre-3.9.3 maven versions, something that I can not fix because older
versions of the build tool are "out there". I could put the property under
a profile but at that point it feels like fighting the tool.
-h
(pro-tip: Never call the value for a default setting "default". "default"
is a state, not a value. If you want to change the "default" state, you are
now stuck with a value called "default")
On Fri, May 19, 2023 at 11:47 AM Gary Gregory <ga...@gmail.com>
wrote:
> From this user's POV, I feel these warning force me to spin my wheels: If I
> have old plugins I can update their versions, and then I still get the
> warnings, none of which I can do anything about. I can do something about
> compiler warnings, I can do nothing about these.
>
> I am left to explain up and down the food chain with hand handwaving why
> these warnings are "ok" :-(
>
> Gary
>
>
> On Fri, May 19, 2023, 14:15 Henning Schmiedehausen <
> henning@schmiedehausen.org> wrote:
>
> > Hi Tamas,
> >
> > Thanks for the quick response.
> >
> > On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák <ta...@cservenak.net>
> > wrote:
> >
> > > Howdy,
> > >
> > > So, have a small local change, probably to go with 3.9.3.
> > >
> >
> > [...]
> >
> >
> > > [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> > > [WARNING] Declared at location(s):
> > > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @
> line
> > > 145
> > > [WARNING] Used in module(s):
> > > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> > > [WARNING] Plugin issue(s):
> > > [WARNING] * Plugin descriptor should not contain these Maven
> > artifacts:
> > > [org.apache.maven:maven-artifact:3.8.4,
> > > org.apache.maven:maven-settings-builder:3.8.4,
> > > org.apache.maven:maven-repository-metadata:3.8.4,
> > > org.apache.maven:maven-builder-support:3.8.4,
> > > org.apache.maven:maven-core:3.8.4,
> > > org.apache.maven:maven-resolver-provider:3.8.4,
> > > org.apache.maven:maven-settings:3.8.4,
> > > org.apache.maven:maven-plugin-api:3.8.4,
> > > org.apache.maven:maven-model-builder:3.8.4,
> > > org.apache.maven:maven-model:3.8.4]
> > >
> >
> > This has *zero* meaning to the person running the build. And it still
> does
> > not help the plugin author either. Because they (I) used the maven tool
> > chain that was current at the point in time the plugin was created. There
> > is still no actionable advice in here and there is no link to any
> > documentation that tells a plugin author what the root cause is and what
> to
> > do. Developers can now either do the "update everything and pray", an
> > approach that worked exceedingly well with maven dependencies (look at
> all
> > the incompatibilities with the 4.0.0-M<x> components) or turn around to
> the
> > maven mailing list asking "what should I do".
> >
> > You need to write documentation that helps your users. All the error
> > messages and warnings and "this is wrong, fix it" messages to users do
> not
> > help.
> >
> > This passive-aggressive attempt to surface problems in an obscure way to
> > the end user and hope that "they file bugs with the plugin authors" is a
> > terrible way to instigate change.
> >
> > I understand that there is limited developer time on Maven and this looks
> > tempting as the "simplest path" but all you have accomplished is reduce
> > trust. "maven suddenly reports problems that were not there before. Were
> > those always there? Are my builds still good? Do my older projects still
> > build?"
> >
> > Surfacing non-actionable warnings or errors to a non-audience is a no-no
> > for any user experience; this is UX 101.
> >
> > For Jdbi, I still get complaints
> > about org.apache.maven.plugins:maven-pmd-plugin,
> > org.apache.maven.plugins:maven-javadoc-plugin,
> > org.apache.maven.plugins:maven-source-plugin,
> > org.apache.maven.plugins:maven-dependency-plugin.
> > So even the official maven plugins have not gotten this right. Of course
> > you can say "time heals all wounds". That is not true, because there is
> > attrition by people switching tools. Heck, the ASF is now running a
> gradle
> > enterprise server.
> >
> > You need to turn all of these warnings *OFF* and document the existence
> of
> > the switch *and* give developer documentation what you expect plugin
> users
> > *to do*. And then evangelize that. That will get your allies (which are
> the
> > plugin authors that will *want* to fix the problems) to help you. Not
> > throw out another release with slightly tweaked warnings.
> >
> > Calling "maven 3.9 is about the journey to 4.0" is ridiculous. Maven 3.9
> is
> > a, by definition, fully backwards compatible release of Apache Maven 3.x.
> > If you need a journey, then release Maven 4.0.0 as that stepping stone
> and
> > then 5.0 as a backwards incompatible version. Maven 4 has been in
> > development for many years and developer uptake will take a long time,
> > especially if all old builds break left and right. You may even end up
> > having to call it "mvn4" and not "mvn" to not break build scripts in
> > countless organizations.
> >
> > -h
> >
> >
> > >
> >
>
Re: maven 3.9.x warnings
Posted by Gary Gregory <ga...@gmail.com>.
From this user's POV, I feel these warning force me to spin my wheels: If I
have old plugins I can update their versions, and then I still get the
warnings, none of which I can do anything about. I can do something about
compiler warnings, I can do nothing about these.
I am left to explain up and down the food chain with hand handwaving why
these warnings are "ok" :-(
Gary
On Fri, May 19, 2023, 14:15 Henning Schmiedehausen <
henning@schmiedehausen.org> wrote:
> Hi Tamas,
>
> Thanks for the quick response.
>
> On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák <ta...@cservenak.net>
> wrote:
>
> > Howdy,
> >
> > So, have a small local change, probably to go with 3.9.3.
> >
>
> [...]
>
>
> > [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> > [WARNING] Declared at location(s):
> > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
> > 145
> > [WARNING] Used in module(s):
> > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> > [WARNING] Plugin issue(s):
> > [WARNING] * Plugin descriptor should not contain these Maven
> artifacts:
> > [org.apache.maven:maven-artifact:3.8.4,
> > org.apache.maven:maven-settings-builder:3.8.4,
> > org.apache.maven:maven-repository-metadata:3.8.4,
> > org.apache.maven:maven-builder-support:3.8.4,
> > org.apache.maven:maven-core:3.8.4,
> > org.apache.maven:maven-resolver-provider:3.8.4,
> > org.apache.maven:maven-settings:3.8.4,
> > org.apache.maven:maven-plugin-api:3.8.4,
> > org.apache.maven:maven-model-builder:3.8.4,
> > org.apache.maven:maven-model:3.8.4]
> >
>
> This has *zero* meaning to the person running the build. And it still does
> not help the plugin author either. Because they (I) used the maven tool
> chain that was current at the point in time the plugin was created. There
> is still no actionable advice in here and there is no link to any
> documentation that tells a plugin author what the root cause is and what to
> do. Developers can now either do the "update everything and pray", an
> approach that worked exceedingly well with maven dependencies (look at all
> the incompatibilities with the 4.0.0-M<x> components) or turn around to the
> maven mailing list asking "what should I do".
>
> You need to write documentation that helps your users. All the error
> messages and warnings and "this is wrong, fix it" messages to users do not
> help.
>
> This passive-aggressive attempt to surface problems in an obscure way to
> the end user and hope that "they file bugs with the plugin authors" is a
> terrible way to instigate change.
>
> I understand that there is limited developer time on Maven and this looks
> tempting as the "simplest path" but all you have accomplished is reduce
> trust. "maven suddenly reports problems that were not there before. Were
> those always there? Are my builds still good? Do my older projects still
> build?"
>
> Surfacing non-actionable warnings or errors to a non-audience is a no-no
> for any user experience; this is UX 101.
>
> For Jdbi, I still get complaints
> about org.apache.maven.plugins:maven-pmd-plugin,
> org.apache.maven.plugins:maven-javadoc-plugin,
> org.apache.maven.plugins:maven-source-plugin,
> org.apache.maven.plugins:maven-dependency-plugin.
> So even the official maven plugins have not gotten this right. Of course
> you can say "time heals all wounds". That is not true, because there is
> attrition by people switching tools. Heck, the ASF is now running a gradle
> enterprise server.
>
> You need to turn all of these warnings *OFF* and document the existence of
> the switch *and* give developer documentation what you expect plugin users
> *to do*. And then evangelize that. That will get your allies (which are the
> plugin authors that will *want* to fix the problems) to help you. Not
> throw out another release with slightly tweaked warnings.
>
> Calling "maven 3.9 is about the journey to 4.0" is ridiculous. Maven 3.9 is
> a, by definition, fully backwards compatible release of Apache Maven 3.x.
> If you need a journey, then release Maven 4.0.0 as that stepping stone and
> then 5.0 as a backwards incompatible version. Maven 4 has been in
> development for many years and developer uptake will take a long time,
> especially if all old builds break left and right. You may even end up
> having to call it "mvn4" and not "mvn" to not break build scripts in
> countless organizations.
>
> -h
>
>
> >
>
Re: maven 3.9.x warnings
Posted by Henning Schmiedehausen <he...@schmiedehausen.org>.
Hi Tamas,
Thanks for the quick response.
On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák <ta...@cservenak.net> wrote:
> Howdy,
>
> So, have a small local change, probably to go with 3.9.3.
>
[...]
> [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> [WARNING] Declared at location(s):
> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
> 145
> [WARNING] Used in module(s):
> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> [WARNING] Plugin issue(s):
> [WARNING] * Plugin descriptor should not contain these Maven artifacts:
> [org.apache.maven:maven-artifact:3.8.4,
> org.apache.maven:maven-settings-builder:3.8.4,
> org.apache.maven:maven-repository-metadata:3.8.4,
> org.apache.maven:maven-builder-support:3.8.4,
> org.apache.maven:maven-core:3.8.4,
> org.apache.maven:maven-resolver-provider:3.8.4,
> org.apache.maven:maven-settings:3.8.4,
> org.apache.maven:maven-plugin-api:3.8.4,
> org.apache.maven:maven-model-builder:3.8.4,
> org.apache.maven:maven-model:3.8.4]
>
This has *zero* meaning to the person running the build. And it still does
not help the plugin author either. Because they (I) used the maven tool
chain that was current at the point in time the plugin was created. There
is still no actionable advice in here and there is no link to any
documentation that tells a plugin author what the root cause is and what to
do. Developers can now either do the "update everything and pray", an
approach that worked exceedingly well with maven dependencies (look at all
the incompatibilities with the 4.0.0-M<x> components) or turn around to the
maven mailing list asking "what should I do".
You need to write documentation that helps your users. All the error
messages and warnings and "this is wrong, fix it" messages to users do not
help.
This passive-aggressive attempt to surface problems in an obscure way to
the end user and hope that "they file bugs with the plugin authors" is a
terrible way to instigate change.
I understand that there is limited developer time on Maven and this looks
tempting as the "simplest path" but all you have accomplished is reduce
trust. "maven suddenly reports problems that were not there before. Were
those always there? Are my builds still good? Do my older projects still
build?"
Surfacing non-actionable warnings or errors to a non-audience is a no-no
for any user experience; this is UX 101.
For Jdbi, I still get complaints
about org.apache.maven.plugins:maven-pmd-plugin,
org.apache.maven.plugins:maven-javadoc-plugin,
org.apache.maven.plugins:maven-source-plugin,
org.apache.maven.plugins:maven-dependency-plugin.
So even the official maven plugins have not gotten this right. Of course
you can say "time heals all wounds". That is not true, because there is
attrition by people switching tools. Heck, the ASF is now running a gradle
enterprise server.
You need to turn all of these warnings *OFF* and document the existence of
the switch *and* give developer documentation what you expect plugin users
*to do*. And then evangelize that. That will get your allies (which are the
plugin authors that will *want* to fix the problems) to help you. Not
throw out another release with slightly tweaked warnings.
Calling "maven 3.9 is about the journey to 4.0" is ridiculous. Maven 3.9 is
a, by definition, fully backwards compatible release of Apache Maven 3.x.
If you need a journey, then release Maven 4.0.0 as that stepping stone and
then 5.0 as a backwards incompatible version. Maven 4 has been in
development for many years and developer uptake will take a long time,
especially if all old builds break left and right. You may even end up
having to call it "mvn4" and not "mvn" to not break build scripts in
countless organizations.
-h
>
Re: maven 3.9.x warnings
Posted by Tamás Cservenák <ta...@cservenak.net>.
Howdy,
so far I have PRs:
Fix for Henning case (make the message clear that it is descriptor)
https://github.com/apache/maven/pull/1112
Adding new modes https://github.com/apache/maven/pull/1113
Will see for that one as well.
T
On Fri, May 19, 2023 at 2:58 PM Jeremy Landis <je...@hotmail.com>
wrote:
> While you are at it, could you change the warnings to show just before the
> final status of the build? Some projects at least in VERBOSE have so many
> warnings that it makes it much harder to know the project built
> successfully.
>
> ATM it's something like this.
>
> ...Status successful build...
> Now a bunch of warnings
>
> I think for clarity that just needs to be flipped to.
>
> ...bunch of warnings...
> Status of the build
>
> -----Original Message-----
> From: Tamás Cservenák <ta...@cservenak.net>
> Sent: Friday, May 19, 2023 5:35 AM
> To: Maven Developers List <de...@maven.apache.org>
> Subject: Re: maven 3.9.x warnings
>
> Howdy,
>
> So, have a small local change, probably to go with 3.9.3.
>
> changes:
> - message modified, it is now clear that it is "plugin descriptor" that
> contains unwanted artifacts
> - added new check that "checks reality", the plugin resolved dependencies
>
> So, now messages on JDBI project look like this (two examples):
>
> [WARNING] * org.asciidoctor:asciidoctor-maven-plugin:2.2.3
> [WARNING] Declared at location(s):
> [WARNING] * org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml) @ line
> 270
> [WARNING] Used in module(s):
> [WARNING] * org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml)
> [WARNING] Plugin issue(s):
> [WARNING] * Plugin should declare these Maven artifacts in `provided`
> scope: [org.apache.maven:maven-core:3.0.5,
> org.apache.maven:maven-plugin-api:3.0.5]
> [WARNING] * Plugin descriptor should not contain these Maven artifacts:
> [org.apache.maven:maven-model-builder:3.0.5,
> org.apache.maven:maven-core:3.0.5, org.apache.maven:maven-plugin-api:3.0.5,
> org.apache.maven:maven-model:3.0.5, org.apache.maven:maven-settings:3.0.5,
> org.apache.maven:maven-artifact:3.0.5,
> org.apache.maven:maven-repository-metadata:3.0.5,
> org.apache.maven:maven-aether-provider:3.0.5,
> org.apache.maven:maven-settings-builder:3.0.5]
> [WARNING] * Plugin depends on plexus-container-default, which is EOL
> [WARNING]
> [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> [WARNING] Declared at location(s):
> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
> 145
> [WARNING] Used in module(s):
> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> [WARNING] Plugin issue(s):
> [WARNING] * Plugin descriptor should not contain these Maven artifacts:
> [org.apache.maven:maven-artifact:3.8.4,
> org.apache.maven:maven-settings-builder:3.8.4,
> org.apache.maven:maven-repository-metadata:3.8.4,
> org.apache.maven:maven-builder-support:3.8.4,
> org.apache.maven:maven-core:3.8.4,
> org.apache.maven:maven-resolver-provider:3.8.4,
> org.apache.maven:maven-settings:3.8.4,
> org.apache.maven:maven-plugin-api:3.8.4,
> org.apache.maven:maven-model-builder:3.8.4,
> org.apache.maven:maven-model:3.8.4]
>
> Problems of asciidoctor-maven-plugin:2.2.3:
> 1. does not declare scopes properly:
>
> https://github.com/asciidoctor/asciidoctor-maven-plugin/blob/asciidoctor-maven-plugin-2.2.3/pom.xml#L108-L117
> 2. plugin descriptor (META-INF/maven/plugin.xml) really contains all the
> listed artifacts, reason is problem in bullet 1: they are not in provided,
> hence in descriptor full transitive hull is present
>
> Problems of inline-maven-plugin:1.0.1
> 1. descriptor contains WAY TOO MANY artifacts (due MPLUGIN-382)
>
>
> Thanks
> T
>
> On Fri, May 19, 2023 at 10:22 AM Tamás Cservenák <ta...@cservenak.net>
> wrote:
>
> > Henning, your do have open option to go:
> >
> > in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2
> > (suffers from
> > https://issues.apache.org/jira/browse/MPLUGIN-382) to a more recent one.
> >
> > OTOH, this issue revealed a validation issue:
> > - it relies on pluginDescriptor/dependencies to perform validation
> > (that contains wrong entries due MPLUGIN-382)
> > - we may want to validate the "reality" (plugin POM directly, instead
> > of derived plugin descriptor that is built out of plugin POM at build
> > time by maven-plugin-plugin, that may have bug as in this case)
> >
> > So, in this case we have an interesting situation:
> > - your inline project POM is good
> > - what is not good is bug in used m-plugin-p 3.6.2 (produces wrong
> > plugin
> > descriptor)
> > - Maven 3.9.2 detects this (well, unwanted artifacts in there) and
> > reports "plugin as wrong"
> >
> > Your option is to upgrade m-plugin-p to (possibly latest) version and
> > release.
> >
> > Our option for the next Maven is probably to reconsider the data set
> > we validate from.
> >
> > Thanks
> > T
> >
> >
> >
> > On Fri, May 19, 2023 at 7:28 AM Henning Schmiedehausen <
> > henning@schmiedehausen.org> wrote:
> >
> >> From maven 3.9.2:
> >>
> >> [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> >> [WARNING] Declared at location(s):
> >> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
> >> 145
> >> [WARNING] Used in module(s):
> >> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> >> [WARNING] Plugin issue(s):
> >> [WARNING] * Plugin should declare these Maven artifacts in
> `*provided*`
> >> scope: [
> >> org.apache.maven:maven-artifact:3.8.4,
> >> org.apache.maven:maven-settings-builder:3.8.4,
> >> org.apache.maven:maven-repository-metadata:3.8.4,
> >> org.apache.maven:maven-builder-support:3.8.4,
> >> org.apache.maven:maven-core:3.8.4,
> >> org.apache.maven:maven-resolver-provider:3.8.4,
> >> org.apache.maven:maven-settings:3.8.4,
> >> org.apache.maven:maven-plugin-api:3.8.4,
> >> org.apache.maven:maven-model-builder:3.8.4,
> >> org.apache.maven:maven-model:3.8.4]
> >>
> >>
> >> From the plugin project itself, on the 1.0.1 tag:
> >>
> >> ❯ mvn dependency:list -pl :inline-maven-plugin | grep provided | sort
> >> [...]
> >> [INFO] org.apache.maven:maven-artifact:jar:3.8.4:*provided* -- module
> >> maven.artifact (auto)
> >> [INFO] org.apache.maven:maven-builder-support:jar:3.8.4:*provided* --
> >> module maven.builder.support (auto)
> >> [INFO] org.apache.maven:maven-core:jar:3.8.4:*provided* -- module
> >> maven.core (auto)
> >> [INFO] org.apache.maven:maven-model-builder:jar:3.8.4:*provided* --
> >> module maven.model.builder (auto)
> >> [INFO] org.apache.maven:maven-model:jar:3.8.4:*provided* -- module
> >> maven.model (auto)
> >> [INFO] org.apache.maven:maven-plugin-api:jar:3.8.4:*provided* --
> module
> >> maven.plugin.api (auto)
> >> [INFO]
> org.apache.maven:maven-repository-metadata:jar:3.8.4:*provided*
> >> -- module maven.repository.metadata (auto)
> >> [INFO] org.apache.maven:maven-resolver-provider:jar:3.8.4:*provided*
> --
> >> module maven.resolver.provider (auto)
> >> [INFO] org.apache.maven:maven-settings-builder:jar:3.8.4:*provided*
> --
> >> module maven.settings.builder (auto)
> >> [INFO] org.apache.maven:maven-settings:jar:3.8.4:*provided* -- module
> >> maven.settings (auto)
> >> [...]
> >>
> >> Sorry, folks, I got nothing.
> >>
> >> Maven 3.9.2 complains that the inline plugin needs to declare
> >> <dependencies> in *provided* scope. A build user might report that to
> >> their build engineer or report it to the plugin author.
> >>
> >> As the plugin author, my plugin in the version 1.0.1 *DOES* declare
> >> every single dependency that maven warns about in *provided* scope.
> >>
> >> There is literally *nothing* that I can do. Neither as build user,
> >> nor as build engineer, nor as plugin author.
> >>
> >> I don't get it. What *is* the point? Really interested to learn *why*
> >> the maven team has chosen to go down this path.
> >>
> >> -h
> >>
> >
>
RE: maven 3.9.x warnings
Posted by Jeremy Landis <je...@hotmail.com>.
While you are at it, could you change the warnings to show just before the final status of the build? Some projects at least in VERBOSE have so many warnings that it makes it much harder to know the project built successfully.
ATM it's something like this.
...Status successful build...
Now a bunch of warnings
I think for clarity that just needs to be flipped to.
...bunch of warnings...
Status of the build
-----Original Message-----
From: Tamás Cservenák <ta...@cservenak.net>
Sent: Friday, May 19, 2023 5:35 AM
To: Maven Developers List <de...@maven.apache.org>
Subject: Re: maven 3.9.x warnings
Howdy,
So, have a small local change, probably to go with 3.9.3.
changes:
- message modified, it is now clear that it is "plugin descriptor" that contains unwanted artifacts
- added new check that "checks reality", the plugin resolved dependencies
So, now messages on JDBI project look like this (two examples):
[WARNING] * org.asciidoctor:asciidoctor-maven-plugin:2.2.3
[WARNING] Declared at location(s):
[WARNING] * org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml) @ line 270
[WARNING] Used in module(s):
[WARNING] * org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml)
[WARNING] Plugin issue(s):
[WARNING] * Plugin should declare these Maven artifacts in `provided`
scope: [org.apache.maven:maven-core:3.0.5,
org.apache.maven:maven-plugin-api:3.0.5]
[WARNING] * Plugin descriptor should not contain these Maven artifacts:
[org.apache.maven:maven-model-builder:3.0.5,
org.apache.maven:maven-core:3.0.5, org.apache.maven:maven-plugin-api:3.0.5,
org.apache.maven:maven-model:3.0.5, org.apache.maven:maven-settings:3.0.5,
org.apache.maven:maven-artifact:3.0.5,
org.apache.maven:maven-repository-metadata:3.0.5,
org.apache.maven:maven-aether-provider:3.0.5,
org.apache.maven:maven-settings-builder:3.0.5]
[WARNING] * Plugin depends on plexus-container-default, which is EOL
[WARNING]
[WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
[WARNING] Declared at location(s):
[WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line 145
[WARNING] Used in module(s):
[WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
[WARNING] Plugin issue(s):
[WARNING] * Plugin descriptor should not contain these Maven artifacts:
[org.apache.maven:maven-artifact:3.8.4,
org.apache.maven:maven-settings-builder:3.8.4,
org.apache.maven:maven-repository-metadata:3.8.4,
org.apache.maven:maven-builder-support:3.8.4,
org.apache.maven:maven-core:3.8.4,
org.apache.maven:maven-resolver-provider:3.8.4,
org.apache.maven:maven-settings:3.8.4,
org.apache.maven:maven-plugin-api:3.8.4,
org.apache.maven:maven-model-builder:3.8.4,
org.apache.maven:maven-model:3.8.4]
Problems of asciidoctor-maven-plugin:2.2.3:
1. does not declare scopes properly:
https://github.com/asciidoctor/asciidoctor-maven-plugin/blob/asciidoctor-maven-plugin-2.2.3/pom.xml#L108-L117
2. plugin descriptor (META-INF/maven/plugin.xml) really contains all the listed artifacts, reason is problem in bullet 1: they are not in provided, hence in descriptor full transitive hull is present
Problems of inline-maven-plugin:1.0.1
1. descriptor contains WAY TOO MANY artifacts (due MPLUGIN-382)
Thanks
T
On Fri, May 19, 2023 at 10:22 AM Tamás Cservenák <ta...@cservenak.net>
wrote:
> Henning, your do have open option to go:
>
> in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2
> (suffers from
> https://issues.apache.org/jira/browse/MPLUGIN-382) to a more recent one.
>
> OTOH, this issue revealed a validation issue:
> - it relies on pluginDescriptor/dependencies to perform validation
> (that contains wrong entries due MPLUGIN-382)
> - we may want to validate the "reality" (plugin POM directly, instead
> of derived plugin descriptor that is built out of plugin POM at build
> time by maven-plugin-plugin, that may have bug as in this case)
>
> So, in this case we have an interesting situation:
> - your inline project POM is good
> - what is not good is bug in used m-plugin-p 3.6.2 (produces wrong
> plugin
> descriptor)
> - Maven 3.9.2 detects this (well, unwanted artifacts in there) and
> reports "plugin as wrong"
>
> Your option is to upgrade m-plugin-p to (possibly latest) version and
> release.
>
> Our option for the next Maven is probably to reconsider the data set
> we validate from.
>
> Thanks
> T
>
>
>
> On Fri, May 19, 2023 at 7:28 AM Henning Schmiedehausen <
> henning@schmiedehausen.org> wrote:
>
>> From maven 3.9.2:
>>
>> [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
>> [WARNING] Declared at location(s):
>> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
>> 145
>> [WARNING] Used in module(s):
>> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
>> [WARNING] Plugin issue(s):
>> [WARNING] * Plugin should declare these Maven artifacts in `*provided*`
>> scope: [
>> org.apache.maven:maven-artifact:3.8.4,
>> org.apache.maven:maven-settings-builder:3.8.4,
>> org.apache.maven:maven-repository-metadata:3.8.4,
>> org.apache.maven:maven-builder-support:3.8.4,
>> org.apache.maven:maven-core:3.8.4,
>> org.apache.maven:maven-resolver-provider:3.8.4,
>> org.apache.maven:maven-settings:3.8.4,
>> org.apache.maven:maven-plugin-api:3.8.4,
>> org.apache.maven:maven-model-builder:3.8.4,
>> org.apache.maven:maven-model:3.8.4]
>>
>>
>> From the plugin project itself, on the 1.0.1 tag:
>>
>> ❯ mvn dependency:list -pl :inline-maven-plugin | grep provided | sort
>> [...]
>> [INFO] org.apache.maven:maven-artifact:jar:3.8.4:*provided* -- module
>> maven.artifact (auto)
>> [INFO] org.apache.maven:maven-builder-support:jar:3.8.4:*provided* --
>> module maven.builder.support (auto)
>> [INFO] org.apache.maven:maven-core:jar:3.8.4:*provided* -- module
>> maven.core (auto)
>> [INFO] org.apache.maven:maven-model-builder:jar:3.8.4:*provided* --
>> module maven.model.builder (auto)
>> [INFO] org.apache.maven:maven-model:jar:3.8.4:*provided* -- module
>> maven.model (auto)
>> [INFO] org.apache.maven:maven-plugin-api:jar:3.8.4:*provided* -- module
>> maven.plugin.api (auto)
>> [INFO] org.apache.maven:maven-repository-metadata:jar:3.8.4:*provided*
>> -- module maven.repository.metadata (auto)
>> [INFO] org.apache.maven:maven-resolver-provider:jar:3.8.4:*provided* --
>> module maven.resolver.provider (auto)
>> [INFO] org.apache.maven:maven-settings-builder:jar:3.8.4:*provided* --
>> module maven.settings.builder (auto)
>> [INFO] org.apache.maven:maven-settings:jar:3.8.4:*provided* -- module
>> maven.settings (auto)
>> [...]
>>
>> Sorry, folks, I got nothing.
>>
>> Maven 3.9.2 complains that the inline plugin needs to declare
>> <dependencies> in *provided* scope. A build user might report that to
>> their build engineer or report it to the plugin author.
>>
>> As the plugin author, my plugin in the version 1.0.1 *DOES* declare
>> every single dependency that maven warns about in *provided* scope.
>>
>> There is literally *nothing* that I can do. Neither as build user,
>> nor as build engineer, nor as plugin author.
>>
>> I don't get it. What *is* the point? Really interested to learn *why*
>> the maven team has chosen to go down this path.
>>
>> -h
>>
>
Re: maven 3.9.x warnings
Posted by Tamás Cservenák <ta...@cservenak.net>.
Howdy,
So, have a small local change, probably to go with 3.9.3.
changes:
- message modified, it is now clear that it is "plugin descriptor" that
contains unwanted artifacts
- added new check that "checks reality", the plugin resolved dependencies
So, now messages on JDBI project look like this (two examples):
[WARNING] * org.asciidoctor:asciidoctor-maven-plugin:2.2.3
[WARNING] Declared at location(s):
[WARNING] * org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml) @ line 270
[WARNING] Used in module(s):
[WARNING] * org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml)
[WARNING] Plugin issue(s):
[WARNING] * Plugin should declare these Maven artifacts in `provided`
scope: [org.apache.maven:maven-core:3.0.5,
org.apache.maven:maven-plugin-api:3.0.5]
[WARNING] * Plugin descriptor should not contain these Maven artifacts:
[org.apache.maven:maven-model-builder:3.0.5,
org.apache.maven:maven-core:3.0.5, org.apache.maven:maven-plugin-api:3.0.5,
org.apache.maven:maven-model:3.0.5, org.apache.maven:maven-settings:3.0.5,
org.apache.maven:maven-artifact:3.0.5,
org.apache.maven:maven-repository-metadata:3.0.5,
org.apache.maven:maven-aether-provider:3.0.5,
org.apache.maven:maven-settings-builder:3.0.5]
[WARNING] * Plugin depends on plexus-container-default, which is EOL
[WARNING]
[WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
[WARNING] Declared at location(s):
[WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line 145
[WARNING] Used in module(s):
[WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
[WARNING] Plugin issue(s):
[WARNING] * Plugin descriptor should not contain these Maven artifacts:
[org.apache.maven:maven-artifact:3.8.4,
org.apache.maven:maven-settings-builder:3.8.4,
org.apache.maven:maven-repository-metadata:3.8.4,
org.apache.maven:maven-builder-support:3.8.4,
org.apache.maven:maven-core:3.8.4,
org.apache.maven:maven-resolver-provider:3.8.4,
org.apache.maven:maven-settings:3.8.4,
org.apache.maven:maven-plugin-api:3.8.4,
org.apache.maven:maven-model-builder:3.8.4,
org.apache.maven:maven-model:3.8.4]
Problems of asciidoctor-maven-plugin:2.2.3:
1. does not declare scopes properly:
https://github.com/asciidoctor/asciidoctor-maven-plugin/blob/asciidoctor-maven-plugin-2.2.3/pom.xml#L108-L117
2. plugin descriptor (META-INF/maven/plugin.xml) really contains all the
listed artifacts, reason is problem in bullet 1: they are not in provided,
hence in descriptor full transitive hull is present
Problems of inline-maven-plugin:1.0.1
1. descriptor contains WAY TOO MANY artifacts (due MPLUGIN-382)
Thanks
T
On Fri, May 19, 2023 at 10:22 AM Tamás Cservenák <ta...@cservenak.net>
wrote:
> Henning, your do have open option to go:
>
> in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2 (suffers
> from https://issues.apache.org/jira/browse/MPLUGIN-382) to a more recent
> one.
>
> OTOH, this issue revealed a validation issue:
> - it relies on pluginDescriptor/dependencies to perform validation (that
> contains wrong entries due MPLUGIN-382)
> - we may want to validate the "reality" (plugin POM directly, instead of
> derived plugin descriptor that is built out of plugin POM at build time by
> maven-plugin-plugin, that may have bug as in this case)
>
> So, in this case we have an interesting situation:
> - your inline project POM is good
> - what is not good is bug in used m-plugin-p 3.6.2 (produces wrong plugin
> descriptor)
> - Maven 3.9.2 detects this (well, unwanted artifacts in there) and reports
> "plugin as wrong"
>
> Your option is to upgrade m-plugin-p to (possibly latest) version and
> release.
>
> Our option for the next Maven is probably to reconsider the data set we
> validate from.
>
> Thanks
> T
>
>
>
> On Fri, May 19, 2023 at 7:28 AM Henning Schmiedehausen <
> henning@schmiedehausen.org> wrote:
>
>> From maven 3.9.2:
>>
>> [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
>> [WARNING] Declared at location(s):
>> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
>> 145
>> [WARNING] Used in module(s):
>> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
>> [WARNING] Plugin issue(s):
>> [WARNING] * Plugin should declare these Maven artifacts in `*provided*`
>> scope: [
>> org.apache.maven:maven-artifact:3.8.4,
>> org.apache.maven:maven-settings-builder:3.8.4,
>> org.apache.maven:maven-repository-metadata:3.8.4,
>> org.apache.maven:maven-builder-support:3.8.4,
>> org.apache.maven:maven-core:3.8.4,
>> org.apache.maven:maven-resolver-provider:3.8.4,
>> org.apache.maven:maven-settings:3.8.4,
>> org.apache.maven:maven-plugin-api:3.8.4,
>> org.apache.maven:maven-model-builder:3.8.4,
>> org.apache.maven:maven-model:3.8.4]
>>
>>
>> From the plugin project itself, on the 1.0.1 tag:
>>
>> ❯ mvn dependency:list -pl :inline-maven-plugin | grep provided | sort
>> [...]
>> [INFO] org.apache.maven:maven-artifact:jar:3.8.4:*provided* -- module
>> maven.artifact (auto)
>> [INFO] org.apache.maven:maven-builder-support:jar:3.8.4:*provided* --
>> module maven.builder.support (auto)
>> [INFO] org.apache.maven:maven-core:jar:3.8.4:*provided* -- module
>> maven.core (auto)
>> [INFO] org.apache.maven:maven-model-builder:jar:3.8.4:*provided* --
>> module maven.model.builder (auto)
>> [INFO] org.apache.maven:maven-model:jar:3.8.4:*provided* -- module
>> maven.model (auto)
>> [INFO] org.apache.maven:maven-plugin-api:jar:3.8.4:*provided* -- module
>> maven.plugin.api (auto)
>> [INFO] org.apache.maven:maven-repository-metadata:jar:3.8.4:*provided*
>> -- module maven.repository.metadata (auto)
>> [INFO] org.apache.maven:maven-resolver-provider:jar:3.8.4:*provided* --
>> module maven.resolver.provider (auto)
>> [INFO] org.apache.maven:maven-settings-builder:jar:3.8.4:*provided* --
>> module maven.settings.builder (auto)
>> [INFO] org.apache.maven:maven-settings:jar:3.8.4:*provided* -- module
>> maven.settings (auto)
>> [...]
>>
>> Sorry, folks, I got nothing.
>>
>> Maven 3.9.2 complains that the inline plugin needs to declare
>> <dependencies> in *provided* scope. A build user might report that to
>> their
>> build engineer or report it to the plugin author.
>>
>> As the plugin author, my plugin in the version 1.0.1 *DOES* declare every
>> single dependency that maven warns about in *provided* scope.
>>
>> There is literally *nothing* that I can do. Neither as build user, nor as
>> build engineer, nor as plugin author.
>>
>> I don't get it. What *is* the point? Really interested to learn *why* the
>> maven team has chosen to go down this path.
>>
>> -h
>>
>
Re: maven 3.9.x warnings
Posted by Tamás Cservenák <ta...@cservenak.net>.
Henning, your do have open option to go:
in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2 (suffers
from https://issues.apache.org/jira/browse/MPLUGIN-382) to a more recent
one.
OTOH, this issue revealed a validation issue:
- it relies on pluginDescriptor/dependencies to perform validation (that
contains wrong entries due MPLUGIN-382)
- we may want to validate the "reality" (plugin POM directly, instead of
derived plugin descriptor that is built out of plugin POM at build time by
maven-plugin-plugin, that may have bug as in this case)
So, in this case we have an interesting situation:
- your inline project POM is good
- what is not good is bug in used m-plugin-p 3.6.2 (produces wrong plugin
descriptor)
- Maven 3.9.2 detects this (well, unwanted artifacts in there) and reports
"plugin as wrong"
Your option is to upgrade m-plugin-p to (possibly latest) version and
release.
Our option for the next Maven is probably to reconsider the data set we
validate from.
Thanks
T
On Fri, May 19, 2023 at 7:28 AM Henning Schmiedehausen <
henning@schmiedehausen.org> wrote:
> From maven 3.9.2:
>
> [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1
> [WARNING] Declared at location(s):
> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
> 145
> [WARNING] Used in module(s):
> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> [WARNING] Plugin issue(s):
> [WARNING] * Plugin should declare these Maven artifacts in `*provided*`
> scope: [
> org.apache.maven:maven-artifact:3.8.4,
> org.apache.maven:maven-settings-builder:3.8.4,
> org.apache.maven:maven-repository-metadata:3.8.4,
> org.apache.maven:maven-builder-support:3.8.4,
> org.apache.maven:maven-core:3.8.4,
> org.apache.maven:maven-resolver-provider:3.8.4,
> org.apache.maven:maven-settings:3.8.4,
> org.apache.maven:maven-plugin-api:3.8.4,
> org.apache.maven:maven-model-builder:3.8.4,
> org.apache.maven:maven-model:3.8.4]
>
>
> From the plugin project itself, on the 1.0.1 tag:
>
> ❯ mvn dependency:list -pl :inline-maven-plugin | grep provided | sort
> [...]
> [INFO] org.apache.maven:maven-artifact:jar:3.8.4:*provided* -- module
> maven.artifact (auto)
> [INFO] org.apache.maven:maven-builder-support:jar:3.8.4:*provided* --
> module maven.builder.support (auto)
> [INFO] org.apache.maven:maven-core:jar:3.8.4:*provided* -- module
> maven.core (auto)
> [INFO] org.apache.maven:maven-model-builder:jar:3.8.4:*provided* --
> module maven.model.builder (auto)
> [INFO] org.apache.maven:maven-model:jar:3.8.4:*provided* -- module
> maven.model (auto)
> [INFO] org.apache.maven:maven-plugin-api:jar:3.8.4:*provided* -- module
> maven.plugin.api (auto)
> [INFO] org.apache.maven:maven-repository-metadata:jar:3.8.4:*provided*
> -- module maven.repository.metadata (auto)
> [INFO] org.apache.maven:maven-resolver-provider:jar:3.8.4:*provided* --
> module maven.resolver.provider (auto)
> [INFO] org.apache.maven:maven-settings-builder:jar:3.8.4:*provided* --
> module maven.settings.builder (auto)
> [INFO] org.apache.maven:maven-settings:jar:3.8.4:*provided* -- module
> maven.settings (auto)
> [...]
>
> Sorry, folks, I got nothing.
>
> Maven 3.9.2 complains that the inline plugin needs to declare
> <dependencies> in *provided* scope. A build user might report that to their
> build engineer or report it to the plugin author.
>
> As the plugin author, my plugin in the version 1.0.1 *DOES* declare every
> single dependency that maven warns about in *provided* scope.
>
> There is literally *nothing* that I can do. Neither as build user, nor as
> build engineer, nor as plugin author.
>
> I don't get it. What *is* the point? Really interested to learn *why* the
> maven team has chosen to go down this path.
>
> -h
>