sonatype/ossindex-maven

Does not work with version 3.0.0 of maven-enforcer-plugin

Closed this issue · 2 comments

The plugin breaks with

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0:enforce (verify-enforcer-rules) on project spring-recipes: Unable to parse configuration of mojo org.apache.maven.plugins:maven-enforcer-plugin:3.0.0:enforce for parameter banVulnerable: Cannot create instance of class org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies: com/google/common/cache/CacheBuilderSpec: com.google.common.cache.CacheBuilderSpec -> [Help 1]

when upgrading maven-enforcer-plugin to the latest version (3.0.0). Works fine again if you downgrade to the previous milestone release (3.0.0-M3).

POM contents to reproduce:

<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>org.example</groupId>
	<artifactId>spring-recipes</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<packaging>pom</packaging>

	<build>

		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-enforcer-plugin</artifactId>
				<!-- 3.0.0 currently breaks ossindex-maven-enforcer-rules -->
				<version>3.0.0</version>
				<dependencies>
					<dependency>
						<groupId>org.sonatype.ossindex.maven</groupId>
						<artifactId>ossindex-maven-enforcer-rules</artifactId>
						<version>3.0.0</version>
					</dependency>
				</dependencies>
				<configuration>
					<rules>
						<banVulnerable
							implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies" />
					</rules>
					<failFast>true</failFast>
				</configuration>
				<executions>
					<execution>
						<id>verify-enforcer-rules</id>
						<goals>
							<goal>enforce</goal>
						</goals>
					</execution>
				</executions>
			</plugin>

		</plugins>

	</build>

</project>

Reproduce by putting the above into an XML file, and run:

$ mvn --file ossindex-breaks-with-enforcer-3.0.0.xml verify

My Maven and Java versions are

 $ mvn --version
Apache Maven 3.8.1 (05c21c65bdfed0f71a2f2ada8b84da59348c4c5d)
Maven home: C:\Users\svejk\programs\apache\apache-maven-3.8.1
Java version: 16, vendor: AdoptOpenJDK, runtime: C:\Users\svejk\programs\java\jdk-16+36
Default locale: en_US, platform encoding: Cp1252
OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
$

Hi @svekar - there's a slightly later version of ossindex-maven-enforcer-rules that should resolve the issue. Can you try version 3.1.0?

<dependency>
  <groupId>org.sonatype.ossindex.maven</groupId>
  <artifactId>ossindex-maven-enforcer-rules</artifactId>
  <version>3.1.0</version>
</dependency>

Thanks, @ndonewar! That version works, indeed.