Henning, your do have open option to go: in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2 (suffers from https://issues.apache.org/jira/browse/MPLUGIN-382) to a more recent one.
OTOH, this issue revealed a validation issue: - it relies on pluginDescriptor/dependencies to perform validation (that contains wrong entries due MPLUGIN-382) - we may want to validate the "reality" (plugin POM directly, instead of derived plugin descriptor that is built out of plugin POM at build time by maven-plugin-plugin, that may have bug as in this case) So, in this case we have an interesting situation: - your inline project POM is good - what is not good is bug in used m-plugin-p 3.6.2 (produces wrong plugin descriptor) - Maven 3.9.2 detects this (well, unwanted artifacts in there) and reports "plugin as wrong" Your option is to upgrade m-plugin-p to (possibly latest) version and release. Our option for the next Maven is probably to reconsider the data set we validate from. Thanks T On Fri, May 19, 2023 at 7:28 AM Henning Schmiedehausen < henn...@schmiedehausen.org> wrote: > From maven 3.9.2: > > [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1 > [WARNING] Declared at location(s): > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line > 145 > [WARNING] Used in module(s): > [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) > [WARNING] Plugin issue(s): > [WARNING] * Plugin should declare these Maven artifacts in `*provided*` > scope: [ > org.apache.maven:maven-artifact:3.8.4, > org.apache.maven:maven-settings-builder:3.8.4, > org.apache.maven:maven-repository-metadata:3.8.4, > org.apache.maven:maven-builder-support:3.8.4, > org.apache.maven:maven-core:3.8.4, > org.apache.maven:maven-resolver-provider:3.8.4, > org.apache.maven:maven-settings:3.8.4, > org.apache.maven:maven-plugin-api:3.8.4, > org.apache.maven:maven-model-builder:3.8.4, > org.apache.maven:maven-model:3.8.4] > > > From the plugin project itself, on the 1.0.1 tag: > > ❯ mvn dependency:list -pl :inline-maven-plugin | grep provided | sort > [...] > [INFO] org.apache.maven:maven-artifact:jar:3.8.4:*provided* -- module > maven.artifact (auto) > [INFO] org.apache.maven:maven-builder-support:jar:3.8.4:*provided* -- > module maven.builder.support (auto) > [INFO] org.apache.maven:maven-core:jar:3.8.4:*provided* -- module > maven.core (auto) > [INFO] org.apache.maven:maven-model-builder:jar:3.8.4:*provided* -- > module maven.model.builder (auto) > [INFO] org.apache.maven:maven-model:jar:3.8.4:*provided* -- module > maven.model (auto) > [INFO] org.apache.maven:maven-plugin-api:jar:3.8.4:*provided* -- module > maven.plugin.api (auto) > [INFO] org.apache.maven:maven-repository-metadata:jar:3.8.4:*provided* > -- module maven.repository.metadata (auto) > [INFO] org.apache.maven:maven-resolver-provider:jar:3.8.4:*provided* -- > module maven.resolver.provider (auto) > [INFO] org.apache.maven:maven-settings-builder:jar:3.8.4:*provided* -- > module maven.settings.builder (auto) > [INFO] org.apache.maven:maven-settings:jar:3.8.4:*provided* -- module > maven.settings (auto) > [...] > > Sorry, folks, I got nothing. > > Maven 3.9.2 complains that the inline plugin needs to declare > <dependencies> in *provided* scope. A build user might report that to their > build engineer or report it to the plugin author. > > As the plugin author, my plugin in the version 1.0.1 *DOES* declare every > single dependency that maven warns about in *provided* scope. > > There is literally *nothing* that I can do. Neither as build user, nor as > build engineer, nor as plugin author. > > I don't get it. What *is* the point? Really interested to learn *why* the > maven team has chosen to go down this path. > > -h >
