Comments (4)
hazendaz
commented on September 25, 2024
That makes sense. The injection loaders changed for the better. I think the appropriate thing is to require latest maven. Outside of why 3.2.5 might be used there were simply to many bugs through others and if we attempted to support all then java 9 support would be a no go or just too complicated.
Pre 3.2.5 I'm not overly concerned as I don't think they should be used now and certainly any new plugin shouldn't support them all.
3.2.5 is only required if off cases of java 6 compilers. So in that case findbugs maven plugin is still good enough.
3.3.9 is only next to be used as earlier 3.3.x were buggy. In light of this, we may just need to suggest findbugs again.
3.5.2 is only next to be used.
Now that isn't to say this would entirely fail on earlier versions. I think at the moment the examples shown are using probably default plugins from respective maven versions. Can you confirm if the plugins running into errors get updated that it also fixes things? I wouldn't expect so bit not too sure. Seems like some potential leaks in classloaders. It might even be because of some of what we include.
Thanks for raising these concerns.
Get Outlook for Android<https://aka.ms/ghei36>
…________________________________
From: Benoit Lacelle <[email protected]>
Sent: Sunday, January 7, 2018 8:50:56 AM
To: spotbugs/spotbugs-maven-plugin
Cc: Subscribed
Subject: [spotbugs/spotbugs-maven-plugin] Maven plugin spot-bugs leads to mvn incompatibilities in other plugins (#21)
Hello,
According to spot-bugs maven plugin, Spotbugs is compatible with
<prerequisites>
<maven>3.0.1</maven>
</prerequisites>
However, it seems the use of maven-core in 3.5.2 leads to incompatibilities in other plugins when run in an older maven version (e.g. mvn 3.2.5 and mvn 3.3.9).
In https://github.com/blasd/spotbugs-maven-plugin/tree/IssueMaven3_3, you will find a sample maven project based on mvn-deploy-plugin 2.8.2 which fails during mvn deploy target (in the sample project, mvn deploy will deploy in a local folder). Reming the spotbugs from <plugins> enables deployment.
To reproduce the issue:
1. clone the fork,
2. cd exampleProject
3. run mvn deploy
It shall fail under mvn 3.3 and 3.2, and certainly previous versions (as prerequisites suggests compatibility up to 3.0)
$ mvn --version
Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T17:41:47+01:00)
Maven home: C:\Users\blacelle112212\Downloads\apache-maven-3.3.9
Java version: 1.8.0_152, vendor: Oracle Corporation
Java home: C:\HOMEWARE\Install\jdk-8u152-windows-x64\jre
Default locale: en_US, platform encoding: Cp1252
OS name: "windows 7", version: "6.1", arch: "amd64", family: "dos"
The issue looks like:
[INFO] --- maven-install-plugin:2.4:install (default-install) @ sampleProject ---
ve[WARNING] Error injecting: org.apache.maven.artifact.installer.DefaultArtifactInstaller
com.google.inject.ProvisionException: Unable to provision, see the following errors:
1) Error injecting: private org.eclipse.aether.spi.log.Logger org.apache.maven.repository.internal.DefaultVersionRangeResolver.logger
while locating org.apache.maven.repository.internal.DefaultVersionRangeResolver
while locating java.lang.Object annotated with *
at org.eclipse.sisu.wire.LocatorWiring
while locating org.eclipse.aether.impl.VersionRangeResolver
for parameter 2 at org.eclipse.aether.internal.impl.DefaultDependencyCollector.<init>(Unknown Source)
while locating org.eclipse.aether.internal.impl.DefaultDependencyCollector
while locating java.lang.Object annotated with *
at org.eclipse.sisu.wire.LocatorWiring
while locating org.eclipse.aether.impl.DependencyCollector
for parameter 5 at org.eclipse.aether.internal.impl.DefaultRepositorySystem.<init>(Unknown Source)
while locating org.eclipse.aether.internal.impl.DefaultRepositorySystem
while locating java.lang.Object annotated with *
while locating org.apache.maven.artifact.installer.DefaultArtifactInstaller
Caused by: java.lang.IllegalArgumentException: Can not set org.eclipse.aether.spi.log.Logger field org.apache.maven.repository.internal.DefaultVersionRangeResolver.logger to org.eclipse.aether.internal.impl.slf4j.Slf4jLoggerFactory
at sun.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167)
at sun.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171)
at sun.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81)
at java.lang.reflect.Field.set(Field.java:764)
at org.eclipse.sisu.bean.BeanPropertyField.set(BeanPropertyField.java:72)
at org.eclipse.sisu.plexus.ProvidedPropertyBinding.injectProperty(ProvidedPropertyBinding.java:48)
at org.eclipse.sisu.bean.BeanInjector.injectMembers(BeanInjector.java:52)
at com.google.inject.internal.MembersInjectorImpl.injectMembers(MembersInjectorImpl.java:140)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:114)
at com.google.inject.internal.ConstructorInjector.access$000(ConstructorInjector.java:32)
at com.google.inject.internal.ConstructorInjector$1.call(ConstructorInjector.java:89)
at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:115)
at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:133)
at com.google.inject.internal.ProvisionListenerStackCallback.provision(ProvisionListenerStackCallback.java:68)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:87)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:267)
at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:56)
at com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1016)
at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1103)
at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1012)
at org.eclipse.sisu.inject.Guice4$1.get(Guice4.java:162)
Given the stack, it appears the issue may also appear in the install plugin (maven-install-plugin:2.4), in my original project, the issue is with mvn deploy plugin 2.8.2
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<#21>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AA7ho16VAYyFAie1z2dZt4Vj42gma7Ouks5tIMvAgaJpZM4RVp5U>.
from spotbugs-maven-plugin.
blacelle
commented on September 25, 2024
I initially get an issue with maven-deploy-plugin in its latest versiob (2.8.2). https://github.com/apache/maven-plugins/blob/c719f8da6d9380d2b9f3f0b311b1b2cbcb3f9cf7/maven-deploy-plugin/pom.xml shows it might be a best practise to align maven dependencies
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-project</artifactId>
<version>${mavenVersion}</version>
</dependency>
with prerequisites
<prerequisites>
<maven>${mavenVersion}</maven>
</prerequisites>
I suppose spotbugs-maven-plugin should also follow this pattern.
The first concern raised with this ticket is the reproducibility of some of my builds (which relies on spotbugs) as it appeared OK in local (mvn 3.5.2) but KO in some of my customers Jenkins instances (which may lock mvn down to 3.2.5 3.3.9). Increasing the prerequisites to 3.5.2 would have been fine as it have been clearer what was the issue. About spotbugs-maven-plugin not being compatible with mvn 3.2.X and 3.3.X, I'm OK with this. In my own cases, I'm ready to introduce profiles in order to fully exclude spotbugs-maven-plugin in the environments where mvn 3.5 is not available.
Seems like some potential leaks in classloaders
It might be the root-cause. I recently encountered the same stacks (Error injecting: private org.eclipse.aether.spi.log.Logger org.apache.maven.repository.internal.DefaultVersionRangeResolver.logger) but on another project NOT relying on spotbugs. The errors appears on mvn install when inside a sub-module, while mvn install on the root module is OK which seems weird as mvn install in the root-module will also process the sub-module
from spotbugs-maven-plugin.
hazendaz
commented on September 25, 2024
@BlasD I'm submitting a commit now that should provide backwards support. I'm trying not to enforce 3.5.2. I think generally that would not have been an issue had it not been for underlying injection changes which seem to conflict badly. Would it be possible for you to give the latest snapshot a try once that lands? It should be on there in next hour or so.
from spotbugs-maven-plugin.
hazendaz
commented on September 25, 2024
Version 3.1.2 released fixing this issue.
from spotbugs-maven-plugin.
Related Issues (20)
- Uses deprecated maven components HOT 8
- Does spotbugs report plugin support aggregation HOT 2
- Review replacing usage of 'ant'
- FindBugsAntBuildLogic 3.7 generates invalid findbugs_report.xml file HOT 2
- java 22 support will be in groovy 4.0.16 which isn't out yet HOT 2
- plugin build setting HOT 9
- makeConcatWithConstants + apply classes needed for analysis were missing HOT 1
- check does not fail if called as defaultGoal of profile HOT 4
- Build repeats "Unable to create Maven project for" warning and fails HOT 6
- NOTICE: Maven support will be moved to 3.6.3 as minimum on next release HOT 1
- Sporadic spotbugs failure HOT 1
- Spotbugs Maven Plugin 4.8.4 waiting on groovy! HOT 1
- Support the `chooseVisitors` option
- Is there a way to configure an accepted number of errors in order to introduce spotbugs into existing projects HOT 2
- All documentation descriptions are empty HOT 1
- After recent updates in core libraries ad plugin `verify` and `spotbugs:check` works differently
- Plugin tries to fetch latest snapshot version HOT 7
- GHA - remove the duplicate codeql file HOT 1
- Release 4.8.6.0 suddenly requires Java 11 HOT 2
- outputDirectory default value is invalid. HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spotbugs-maven-plugin.