error-prone-support
Used in:
components
- OverviewOverview
- VersionsVersions
- DependentsDependents
- DependenciesDependencies
<dependency>
<groupId>tech.picnic.error-prone-support</groupId>
<artifactId>error-prone-support</artifactId>
<version>0.23.0</version>
</dependency><?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>tech.picnic.error-prone-support</groupId>
<artifactId>error-prone-support</artifactId>
<version>0.23.0</version>
<packaging>pom</packaging>
<name>Picnic :: Error Prone Support</name>
<description>Error Prone support library by Picnic.</description>
<url>https://error-prone.picnic.tech</url>
<inceptionYear>2017</inceptionYear>
<organization>
<name>Picnic Technologies BV</name>
<url>https://picnic.tech</url>
</organization>
<licenses>
<license>
<name>MIT</name>
<url>https://opensource.org/licenses/mit-license.php</url>
<distribution>repo</distribution>
</license>
</licenses>
<developers>
<developer>
<name>Rick Ossendrijver</name>
<email>rick.ossendrijver@teampicnic.com</email>
<organization>Picnic Technologies BV</organization>
<timezone>Europe/Amsterdam</timezone>
</developer>
<developer>
<name>Stephan Schroevers</name>
<email>stephan.schroevers@teampicnic.com</email>
<organization>Picnic Technologies BV</organization>
<timezone>Europe/Amsterdam</timezone>
</developer>
</developers>
<modules>
<module>documentation-support</module>
<module>error-prone-contrib</module>
<module>error-prone-experimental</module>
<module>error-prone-guidelines</module>
<module>error-prone-utils</module>
<module>refaster-compiler</module>
<module>refaster-runner</module>
<module>refaster-support</module>
<module>refaster-test-support</module>
</modules>
<scm child.scm.developerConnection.inherit.append.path="false" child.scm.url.inherit.append.path="false">
<developerConnection>scm:git:git@github.com:PicnicSupermarket/error-prone-support.git</developerConnection>
<tag>v0.23.0</tag>
<url>https://github.com/PicnicSupermarket/error-prone-support</url>
</scm>
<issueManagement>
<system>Github</system>
<url>https://github.com/PicnicSupermarket/error-prone-support/issues</url>
</issueManagement>
<ciManagement>
<system>GitHub Actions</system>
<url>https://github.com/PicnicSupermarket/error-prone-support/actions</url>
</ciManagement>
<distributionManagement>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
</repository>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
</distributionManagement>
<properties>
<!-- Arguments to the JVMs forked by Surefire. The specification of
this 'argLine' property instead of the definition of the 'argLine'
configuration setting allows users or plugins to specify additional
arguments. In particular, JaCoCo relies on this for the configuration
of its Java agent, and Pitest uses this configuration when it spawns
additional JVMs. -->
<argLine>
<!-- The JVM arguments specified in `.mvn/jvm.config` also apply to
test JVMs, as those are also non-interactive processes running
Error Prone, and thus similarly make extensive use of unsupported
`javac`-internal APIs, in some cases even reflectively inspecting
them. -->
-XX:ReservedCodeCacheSize=512m
-XX:SoftRefLRUPolicyMSPerMB=10
-XX:+UseParallelGC
--add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.main=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.model=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.processing=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED
--add-opens=jdk.compiler/com.sun.tools.javac.comp=ALL-UNNAMED
<!-- The test JVMs are short-running. By disabling certain
expensive JIT optimizations we actually speed up most tests. -->
-XX:TieredStopAtLevel=1
<!-- The test JVMs run in a non-interactive and generally
multi-core context, where the Parallel Garbage Collector generally
has the highest throughput. -->
-XX:+UseParallelGC
<!-- We cap memory usage. This may be relevant for build agents,
but also prevents excessive memory usage by heavily parallelized
local builds. -->
-Xmx${argLine.xmx}
<!-- Configure the Byte Buddy Java agent used by Mockito to create
mocks. -->
-javaagent:${project.build.directory}/test-agents/mockito-core.jar
<!-- This argument cannot be set through Surefire's
'systemPropertyVariables' configuration setting. Setting the file
encoding is necessary because forked unit test invocations
otherwise use the environment's file encoding. -->
-Dfile.encoding=${project.build.sourceEncoding}
<!-- This argument *can* be set through Surefire's
'systemPropertyVariables' configuration setting, but by placing it
here it automatically also applies to the Failsafe plugin. To avoid
potential slowdown of tests relying on
`java.security.SecureRandom`, on Unix systems we use a
lower-quality source of randomness. Note that it is not fatal for
the file not to exist, so this setting is Windows-compatible. The
`/./` syntax is no accident; see
https://bugs.openjdk.java.net/browse/JDK-6202721 for details. -->
-Djava.security.egd=file:/dev/./urandom
<!-- On Mac OS X, running in headless mode prevents the forked JVMs
from showing up in the dock and capturing window focus. -->
-Djava.awt.headless=true
</argLine>
<!-- The maximum amount of heap memory available to forked Surefire
processes. Factored out into a separate property to allow overriding. -->
<argLine.xmx>1024m</argLine.xmx>
<!-- Our build system provides a monotonically increasing build number.
When building locally, this number is obviously absent. So we provide a
default value. -->
<build.number>LOCAL</build.number>
<!-- Properties using which additional Error Prone flags can be
specified. Used by the `patch` and `self-check` profiles. -->
<error-prone.patch-args />
<error-prone.self-check-args />
<!-- The build timestamp is derived from the most recent commit
timestamp in support of reproducible builds. -->
<project.build.outputTimestamp>2025-04-21T16:18:25Z</project.build.outputTimestamp>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- Glob pattern identifying Refaster rule definition files. These
Java classes don't contain "regular" code, and thus require special
handling by various code analysis tools. -->
<refaster-rules.path-pattern>**/tech/picnic/errorprone/refasterrules/*.java</refaster-rules.path-pattern>
<!-- SonarCloud analysis settings. Refaster rules are excluded from
coverage computation, because they are tested using a custom method
that does not cause code coverage to be registered. -->
<sonar.coverage.exclusions>${refaster-rules.path-pattern}</sonar.coverage.exclusions>
<sonar.host.url>https://sonarcloud.io</sonar.host.url>
<!-- SonarCloud partial rule suppressions. These fall in two
categories:
- "Java test resources", i.e. test resource files that are valid Java
source code files. These resources serve as input or expected output
for tests, and often contain non-idiomatic or non-production code on
purpose.
- Refaster rules. These are valid Java files, but they should not be
thought of as "executable code" in the traditional sense. Due to
their nature, Refaster rule definitions contain some code that would
be considered non-idiomatic or incorrect in other contexts. -->
<sonar.issue.ignore.multicriteria>java-resource,refaster-rules-1,refaster-rules-2,refaster-rules-3,refaster-rules-4,refaster-rules-5,refaster-rules-6</sonar.issue.ignore.multicriteria>
<sonar.issue.ignore.multicriteria.java-resource.resourceKey>**/src/test/resources/**/*.java</sonar.issue.ignore.multicriteria.java-resource.resourceKey>
<sonar.issue.ignore.multicriteria.java-resource.ruleKey>java:*</sonar.issue.ignore.multicriteria.java-resource.ruleKey>
<!-- Many Refaster rules are simpler thanks to generic return types. -->
<sonar.issue.ignore.multicriteria.refaster-rules-1.resourceKey>${refaster-rules.path-pattern}</sonar.issue.ignore.multicriteria.refaster-rules-1.resourceKey>
<sonar.issue.ignore.multicriteria.refaster-rules-1.ruleKey>java:S1452</sonar.issue.ignore.multicriteria.refaster-rules-1.ruleKey>
<!-- `@Placeholder` methods must be defined in an abstract class. -->
<sonar.issue.ignore.multicriteria.refaster-rules-2.resourceKey>${refaster-rules.path-pattern}</sonar.issue.ignore.multicriteria.refaster-rules-2.resourceKey>
<sonar.issue.ignore.multicriteria.refaster-rules-2.ruleKey>java:S1610</sonar.issue.ignore.multicriteria.refaster-rules-2.ruleKey>
<!-- Template parameters stand in for arbitrarily complex expressions;
lambda expression referencing such a parameter cannot be replaced with
a method reference. -->
<sonar.issue.ignore.multicriteria.refaster-rules-3.resourceKey>${refaster-rules.path-pattern}</sonar.issue.ignore.multicriteria.refaster-rules-3.resourceKey>
<sonar.issue.ignore.multicriteria.refaster-rules-3.ruleKey>java:S1612</sonar.issue.ignore.multicriteria.refaster-rules-3.ruleKey>
<!-- Refaster rules are named after their `@AfterTemplate` code, and
may end in `Exception`. -->
<sonar.issue.ignore.multicriteria.refaster-rules-4.resourceKey>${refaster-rules.path-pattern}</sonar.issue.ignore.multicriteria.refaster-rules-4.resourceKey>
<sonar.issue.ignore.multicriteria.refaster-rules-4.ruleKey>java:S2166</sonar.issue.ignore.multicriteria.refaster-rules-4.ruleKey>
<!-- Usage of `Refaster#anyOf` may incorrectly give the impression
that a stream is consumed more than once. -->
<sonar.issue.ignore.multicriteria.refaster-rules-5.resourceKey>${refaster-rules.path-pattern}</sonar.issue.ignore.multicriteria.refaster-rules-5.resourceKey>
<sonar.issue.ignore.multicriteria.refaster-rules-5.ruleKey>java:S3959</sonar.issue.ignore.multicriteria.refaster-rules-5.ruleKey>
<!-- Although not test code themselves, many Refaster rules contain
assertion expressions. -->
<sonar.issue.ignore.multicriteria.refaster-rules-6.resourceKey>${refaster-rules.path-pattern}</sonar.issue.ignore.multicriteria.refaster-rules-6.resourceKey>
<sonar.issue.ignore.multicriteria.refaster-rules-6.ruleKey>java:S5960</sonar.issue.ignore.multicriteria.refaster-rules-6.ruleKey>
<sonar.organization>picnic-technologies</sonar.organization>
<!-- SonarCloud analysis source and test directories are specified
explicitly, because SonarCloud will otherwise only analyze `pom.xml`
and `src/{main,test}/java/**`. -->
<sonar.sources>pom.xml,src/main</sonar.sources>
<sonar.tests>src/test</sonar.tests>
<!-- Dependency and plugin versions that are referenced in more than
one place. We use these to keep dependencies in sync. Version numbers
that need to be referenced only once should *not* be listed here. -->
<version.auto-service>1.1.1</version.auto-service>
<version.auto-value>1.11.0</version.auto-value>
<version.error-prone>${version.error-prone-orig}</version.error-prone>
<version.error-prone-fork>${version.error-prone-orig}-picnic-1</version.error-prone-fork>
<version.error-prone-orig>2.38.0</version.error-prone-orig>
<version.jdk>17</version.jdk>
<version.maven>3.9.9</version.maven>
<version.pitest-git>2.2.1</version.pitest-git>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>documentation-support</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>error-prone-contrib</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>error-prone-experimental</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>error-prone-guidelines</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>error-prone-utils</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>refaster-compiler</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>refaster-runner</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>refaster-support</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>refaster-test-support</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
<version>2.18.3</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.github.ben-manes.caffeine</groupId>
<artifactId>caffeine</artifactId>
<version>3.2.0</version>
</dependency>
<dependency>
<groupId>com.google.auto</groupId>
<artifactId>auto-common</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>com.google.auto.service</groupId>
<artifactId>auto-service</artifactId>
<version>${version.auto-service}</version>
</dependency>
<dependency>
<groupId>com.google.auto.service</groupId>
<artifactId>auto-service-annotations</artifactId>
<version>${version.auto-service}</version>
</dependency>
<dependency>
<groupId>com.google.auto.value</groupId>
<artifactId>auto-value</artifactId>
<version>${version.auto-value}</version>
</dependency>
<dependency>
<groupId>com.google.auto.value</groupId>
<artifactId>auto-value-annotations</artifactId>
<version>${version.auto-value}</version>
</dependency>
<!-- XXX: JSR-305 (meta-)annotation usage by some dependencies
triggers NullAway to attempt to load said annotations. As such
some modules require these annotations to be on the classpath.
Periodically review whether we can drop this dependeny version
declaration. See https://github.com/uber/NullAway/issues/1171. -->
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
<version>3.0.2</version>
</dependency>
<dependency>
<groupId>com.google.errorprone</groupId>
<artifactId>error_prone_annotation</artifactId>
<version>${version.error-prone}</version>
</dependency>
<dependency>
<groupId>com.google.errorprone</groupId>
<artifactId>error_prone_annotations</artifactId>
<version>${version.error-prone}</version>
</dependency>
<dependency>
<groupId>com.google.errorprone</groupId>
<artifactId>error_prone_check_api</artifactId>
<version>${version.error-prone}</version>
</dependency>
<dependency>
<groupId>com.google.errorprone</groupId>
<artifactId>error_prone_core</artifactId>
<version>${version.error-prone}</version>
</dependency>
<dependency>
<groupId>com.google.errorprone</groupId>
<artifactId>error_prone_test_helpers</artifactId>
<version>${version.error-prone}</version>
</dependency>
<dependency>
<groupId>com.google.googlejavaformat</groupId>
<artifactId>google-java-format</artifactId>
<version>1.26.0</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava-beta-checker</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava-bom</artifactId>
<version>33.4.8-jre</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.google.truth</groupId>
<artifactId>truth</artifactId>
<version>1.4.4</version>
</dependency>
<dependency>
<groupId>com.jakewharton.nopen</groupId>
<artifactId>nopen-checker</artifactId>
<version>1.0.1</version>
</dependency>
<dependency>
<groupId>com.uber.nullaway</groupId>
<artifactId>nullaway</artifactId>
<version>0.12.6</version>
</dependency>
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-bom</artifactId>
<version>1.14.6</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-bom</artifactId>
<version>2024.0.5</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>io.reactivex.rxjava2</groupId>
<artifactId>rxjava</artifactId>
<version>2.2.21</version>
</dependency>
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-annotations</artifactId>
<version>1.6.15</version>
</dependency>
<dependency>
<groupId>io.swagger.core.v3</groupId>
<artifactId>swagger-annotations</artifactId>
<version>2.2.30</version>
</dependency>
<dependency>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<version>6.1.0</version>
</dependency>
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
<artifactId>javax.inject</artifactId>
<version>1</version>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.1</version>
</dependency>
<dependency>
<groupId>jp.skypencil.errorprone.slf4j</groupId>
<artifactId>errorprone-slf4j</artifactId>
<version>0.1.28</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.13.2</version>
</dependency>
<dependency>
<groupId>net.bytebuddy</groupId>
<artifactId>byte-buddy</artifactId>
<version>1.17.5</version>
</dependency>
<!-- Specified so that Renovate will file Maven upgrade PRs, which
subsequently will cause `maven-enforcer-plugin` to require that
developers build the project using the latest Maven release. -->
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-plugin-api</artifactId>
<version>${version.maven}</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>1.9.24</version>
</dependency>
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-bom</artifactId>
<version>3.27.3</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.checkerframework</groupId>
<artifactId>checker-qual</artifactId>
<version>3.49.2</version>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-core</artifactId>
<version>3.0</version>
</dependency>
<dependency>
<groupId>org.immutables</groupId>
<artifactId>value-annotations</artifactId>
<version>2.10.1</version>
</dependency>
<dependency>
<groupId>org.jooq</groupId>
<artifactId>jooq</artifactId>
<version>3.19.18</version>
</dependency>
<dependency>
<groupId>org.jspecify</groupId>
<artifactId>jspecify</artifactId>
<version>1.0.0</version>
</dependency>
<dependency>
<groupId>org.junit</groupId>
<artifactId>junit-bom</artifactId>
<version>5.12.2</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-bom</artifactId>
<version>5.17.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver-bom</artifactId>
<version>5.4.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.openrewrite</groupId>
<artifactId>rewrite-templating</artifactId>
<version>1.26.1</version>
</dependency>
<dependency>
<groupId>org.openrewrite.recipe</groupId>
<artifactId>rewrite-recipe-bom</artifactId>
<version>3.6.1</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-bom</artifactId>
<version>2.0.17</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>6.2.6</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-test</artifactId>
<version>3.4.4</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-bom</artifactId>
<version>6.4.4</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
<version>7.11.0</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<!-- To avoid repetition of fairly complex configuration, Surefire
is configured to always load Mockito's Java agent. Declaring the
associated dependency here avoids additional repetition, and prevents
a slightly obscure error that happens if the dependency is absent. -->
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>com.arcmutate</groupId>
<artifactId>pitest-git-maven-plugin</artifactId>
<version>${version.pitest-git}</version>
</plugin>
<plugin>
<groupId>com.arcmutate</groupId>
<artifactId>pitest-github-maven-plugin</artifactId>
<version>${version.pitest-git}</version>
</plugin>
<plugin>
<groupId>com.github.ekryd.sortpom</groupId>
<artifactId>sortpom-maven-plugin</artifactId>
<version>4.0.0</version>
<configuration>
<createBackupFile>false</createBackupFile>
<encoding>${project.build.sourceEncoding}</encoding>
<expandEmptyElements>false</expandEmptyElements>
<nrOfIndentSpace>4</nrOfIndentSpace>
<predefinedSortOrder>recommended_2008_06</predefinedSortOrder>
<sortDependencies>groupId,artifactId</sortDependencies>
<sortDependencyExclusions>groupId,artifactId</sortDependencyExclusions>
<sortModules>true</sortModules>
<sortPlugins>groupId,artifactId</sortPlugins>
<sortProperties>true</sortProperties>
<verifyFail>warn</verifyFail>
</configuration>
<executions>
<execution>
<id>verify-pom-sorting</id>
<goals>
<goal>verify</goal>
</goals>
<phase>verify</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.spotify.fmt</groupId>
<artifactId>fmt-maven-plugin</artifactId>
<version>2.25</version>
<configuration>
<additionalSourceDirectories>
<additionalSourceDirectory>${basedir}/src/test/resources</additionalSourceDirectory>
</additionalSourceDirectories>
<forkMode>never</forkMode>
<failOnError>false</failOnError>
</configuration>
<executions>
<execution>
<id>check-source-format</id>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>de.thetaphi</groupId>
<artifactId>forbiddenapis</artifactId>
<version>3.9</version>
<configuration>
<bundledSignatures>
<bundledSignature>jdk-internal</bundledSignature>
<bundledSignature>jdk-reflection</bundledSignature>
<bundledSignature>jdk-system-out</bundledSignature>
<!-- Other bundles are available but currently not
enabled:
- commons-io-unsafe: while we may indirectly rely
on Apache Commons IO, we avoid direct
dependencies.
- jdk-deprecated: we compile with `-Xlint:all`,
which causes the build to fail when _any_
deprecated method is called.
- jdk-non-portable: the Error Prone integration
crucially relies on some of these APIs.
- jdk-unsafe: see
https://github.com/policeman-tools/forbidden-apis/issues/119.
Note that this whole plugin could be replaced with
an Error Prone check; that would also make it
possible to resolve issue #119 linked above. See
https://github.com/google/error-prone/issues/632. -->
</bundledSignatures>
<!-- The plugin tries to load all supertypes of any
class it analyzes. Some of those types may be absent
from the compilation classpath, because the module that
contains them has the `runtime` or `test` scope. When
this happens, we don't want to fail the build. (The
alternative is to declare all those dependencies
`provided`, but we'd rather not do that.) -->
<failOnMissingClasses>false</failOnMissingClasses>
<failOnViolation>false</failOnViolation>
<targetVersion>${version.jdk}</targetVersion>
</configuration>
<executions>
<execution>
<id>detect-forbidden-api-usage</id>
<goals>
<goal>check</goal>
<goal>testCheck</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>io.github.git-commit-id</groupId>
<artifactId>git-commit-id-maven-plugin</artifactId>
<version>9.0.1</version>
<configuration>
<injectAllReactorProjects>true</injectAllReactorProjects>
<runOnlyOnce>true</runOnlyOnce>
<skipPoms>false</skipPoms>
<dateFormat>yyyy-MM-dd'T'HH:mm:ssXXX</dateFormat>
</configuration>
<executions>
<execution>
<id>retrieve-git-info</id>
<goals>
<goal>revision</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.6.0</version>
<configuration>
<checkstyleRules>
<!-- We only enable rules that are not enforced by
Error Prone or automatically corrected through
application of google-java-format (GJF). -->
<module name="Checker">
<module name="RegexpMultiline">
<!-- GJF drops trailing horizontal
whitespace and blank lines preceding a
closing curly brace, but it does not remove
a blank line following an opening curly
brace. Here we disallow that specific case.
(The regular expression assumes that the
code has already been formatted using GJF.) -->
<property name="fileExtensions" value="java" />
<property name="format" value="\{\r?\n\r?\n" />
<property name="message" value="Avoid blank lines at the start of a block." />
</module>
<module name="SuppressWarningsFilter" />
<module name="TreeWalker">
<module name="AbbreviationAsWordInName" />
<module name="AnnotationUseStyle">
<!-- XXX: Right now this check doesn't
completely enforce the desired style.
See https://github.com/checkstyle/checkstyle/issues/4972;
we're looking for the proposed `compact
= ALWAYS` and `singleArrayCurlies =
NEVER` style. -->
</module>
<module name="AvoidEscapedUnicodeCharacters">
<property name="allowEscapesForControlCharacters" value="true" />
<property name="allowIfAllCharactersEscaped" value="true" />
<property name="allowNonPrintableEscapes" value="true" />
</module>
<module name="AvoidNoArgumentSuperConstructorCall" />
<module name="ConstructorsDeclarationGrouping" />
<module name="DeclarationOrder">
<!-- We don't enforce sorting fields by
their visibility modifier, for two
reasons:
- During (class) initialization
declaration order matters. Though the
plugin does not warn about fields
with obvious dependencies, its
dependency analysis is necessarily
incomplete; NPEs may result if some
of its advice is followed.
- Sometimes a field is annotated
`@VisibleForTesting`. It may then be
preferable not to reorder. The plugin
does not currently respect this
annotation.
Note that as-is this check also doesn't
enforce that static fields are before
instance fields. See
https://github.com/checkstyle/checkstyle/issues/7043. -->
<property name="ignoreModifiers" value="true" />
</module>
<module name="DefaultComesLast" />
<module name="DesignForExtension" />
<module name="EmptyBlock">
<property name="option" value="text" />
</module>
<module name="EmptyCatchBlock">
<property name="exceptionVariableName" value="ignored" />
</module>
<module name="EmptyLineSeparator">
<!-- XXX: Google Java Format doesn't
enforce an empty line before method
declarations with Javadoc. This rule
flags those cases. For technical
reasons this entails inspecting not
just `METHOD_DEF` tokens. See
https://github.com/google/google-java-format/issues/399. -->
<property name="tokens" value="CLASS_DEF, CTOR_DEF, ENUM_DEF, INSTANCE_INIT, INTERFACE_DEF, METHOD_DEF, STATIC_INIT" />
</module>
<module name="EmptyStatement" />
<module name="FinalClass" />
<module name="HiddenField">
<property name="ignoreConstructorParameter" value="true" />
<property name="ignoreSetter" value="true" />
<property name="setterCanReturnItsClass" value="true" />
</module>
<module name="IllegalIdentifierName" />
<module name="IllegalImport">
<property name="illegalClasses" value="com.google.auto.common.MoreStreams">
<!-- Instead, please use Guava's
`java.util.stream.Collector`s. -->
</property>
<property name="illegalClasses" value="com.mongodb.lang.Nullable">
<!-- Instead, please use
`org.jspecify.annotations.Nullable`. -->
</property>
<property name="illegalClasses" value="io.micrometer.core.lang.Nullable">
<!-- Instead, please use
`org.jspecify.annotations.Nullable`. -->
</property>
<property name="illegalClasses" value="javax.annotation.Nullable">
<!-- Instead, please use
`org.jspecify.annotations.Nullable`. -->
</property>
<property name="illegalClasses" value="javax.annotation.concurrent.Immutable">
<!-- Instead, please use
`com.google.errorprone.annotations.Immutable`. -->
</property>
<property name="illegalClasses" value="org.jetbrains.annotations.CheckReturnValue">
<!-- Instead, please use
`com.google.errorprone.annotations.CheckReturnValue`. -->
</property>
<property name="illegalClasses" value="org.jetbrains.annotations.VisibleForTesting">
<!-- Instead, please use
`com.google.common.annotations.VisibleForTesting`. -->
</property>
<property name="illegalClasses" value="org.springframework.context.annotation.ComponentScan">
<!-- Instead, please explicitly
`@Import` the components. -->
</property>
<property name="illegalClasses" value="org.springframework.lang.Nullable">
<!-- Instead, please use
`org.jspecify.annotations.Nullable`. -->
</property>
<property name="illegalPkgs" value="autovalue.shaded" />
<property name="illegalPkgs" value="com.amazonaws.annotation" />
<property name="illegalPkgs" value="com.beust.jcommander.internal" />
<property name="illegalPkgs" value="com.google.api.client.repackaged" />
<property name="illegalPkgs" value="com.google.common.cache">
<!-- Instead, please use Caffeine. -->
</property>
<property name="illegalPkgs" value="com.tngtech.archunit.thirdparty" />
<property name="illegalPkgs" value="jdk" />
<property name="illegalPkgs" value="jersey.repackaged" />
<property name="illegalPkgs" value="nl.jqno.equalsverifier.internal" />
<property name="illegalPkgs" value="org.apache.commons.lang3">
<!-- Instead, please use Guava or a
custom helper method. -->
</property>
<property name="illegalPkgs" value="org.immutables.value.internal" />
<property name="illegalPkgs" value="org.jongo.marshall.jackson.oid">
<!-- Instead, please use Jackson's
`@JsonProperty` annotation. -->
</property>
<property name="illegalPkgs" value="org.mutabilitydetector.internal" />
<property name="illegalPkgs" value="org.testcontainers.shaded" />
<property name="illegalPkgs" value="org.testng.internal" />
</module>
<module name="IllegalImport">
<!-- XXX: This config uses
regexes so as to disallow static
imports. Once `illegalClasses`
disallows static imports by default,
this config can be merged into the one
above. See
https://github.com/checkstyle/checkstyle/issues/4954. -->
<property name="illegalClasses" value="com\.google\.api\.client\.util\.Preconditions(\..*?)?">
<!-- Instead, please use
`com.google.common.base.Preconditions`. -->
</property>
<property name="illegalClasses" value="com\.nimbusds\.jose\.util\.StandardCharset(\..*?)?">
<!-- Instead, please use
`java.nio.charset.StandardCharsets`. -->
</property>
<property name="illegalClasses" value="javax\.xml\.bind\.DatatypeConverter(\..*?)?" />
<property name="illegalClasses" value="org\.assertj\.core\.util\.Preconditions(\..*?)?">
<!-- Instead, please use
`com.google.common.base.Preconditions`. -->
</property>
<property name="illegalClasses" value="org\.assertj\.core\.util\.Streams(\..*?)?">
<!-- Instead, please use
`com.google.common.collect.Streams`. -->
</property>
<property name="illegalClasses" value="org\.springframework\.stereotype\.(Component|Controller|Service)">
<!-- We don't use Spring's
component scanning, so `@Component`
and `@Service` have no effect.
Instead of `@Controller` use
`@RestController`. -->
</property>
<property name="illegalClasses" value="org\.springframework\.util\.Assert(\..*?)?">
<!-- Instead, please use
`com.google.common.base.Preconditions`. -->
</property>
<property name="illegalClasses" value="org\.testng\.AssertJUnit(\..*?)?">
<!-- Instead, please use
`org.assertj.core.api.Assertions`. -->
</property>
<property name="regexp" value="true" />
</module>
<module name="IllegalCatch" />
<module name="IllegalThrows" />
<module name="InnerAssignment" />
<module name="InvalidJavadocPosition" />
<module name="JavadocBlockTagLocation" />
<module name="JavadocStyle">
<property name="checkEmptyJavadoc" value="true" />
</module>
<module name="LocalVariableName" />
<module name="MatchXpath">
<property name="query" value="//BLOCK_COMMENT_BEGIN[./COMMENT_CONTENT[contains(@text, '@author')]]" />
<message key="matchxpath.match" value="Avoid the `@author` Javadoc tag; Git history suffices." />
</module>
<module name="MissingDeprecated" />
<module name="MutableException" />
<module name="NeedBraces" />
<module name="NoClone" />
<module name="NoCodeInFile" />
<module name="NoEnumTrailingComma" />
<module name="NoFinalizer" />
<module name="PackageDeclaration" />
<module name="PackageName">
<property name="format" value="^[a-z]+(\.[a-z][a-z0-9]*)*$" />
</module>
<module name="ParameterAssignment" />
<module name="RedundantModifier" />
<module name="SimplifyBooleanExpression" />
<module name="SimplifyBooleanReturn" />
<module name="SummaryJavadoc" />
<module name="SuppressWarningsHolder">
<property name="aliasList" value="com.puppycrawl.tools.checkstyle.checks.coding.UnusedLocalVariableCheck=unused" />
</module>
<module name="TrailingComment" />
<module name="UnnecessarySemicolonAfterTypeMemberDeclaration" />
<module name="UnnecessarySemicolonInEnumeration" />
<module name="UnnecessarySemicolonInTryWithResources" />
<module name="UnusedImports">
<!-- Error-prone also detects these,
but (currently) doesn't warn about
JavaDoc-only imports. -->
</module>
<module name="VisibilityModifier" />
</module>
<module name="UniqueProperties" />
<module name="io.spring.nohttp.checkstyle.check.NoHttpCheck" />
</module>
</checkstyleRules>
<excludeGeneratedSources>true</excludeGeneratedSources>
<failOnViolation>false</failOnViolation>
<includeTestSourceDirectory>true</includeTestSourceDirectory>
<resourceIncludes>**/*</resourceIncludes>
<!-- XXX: The generated
`target/generated-sources/license/THIRD-PARTY.txt`
files are not excluded by the `excludeGeneratedSources`
setting. Consider filing an issue for this. -->
<resourceExcludes>THIRD-PARTY.txt</resourceExcludes>
</configuration>
<dependencies>
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<version>10.23.0</version>
</dependency>
<dependency>
<groupId>io.spring.nohttp</groupId>
<artifactId>nohttp-checkstyle</artifactId>
<version>0.0.11</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>run-checkstyle</id>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>3.4.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.14.0</version>
<configuration>
<annotationProcessorPaths>
<path>
<groupId>com.google.auto.value</groupId>
<artifactId>auto-value</artifactId>
</path>
<path>
<groupId>com.google.auto.service</groupId>
<artifactId>auto-service</artifactId>
</path>
<path>
<groupId>org.openrewrite</groupId>
<artifactId>rewrite-templating</artifactId>
</path>
</annotationProcessorPaths>
<compilerArgs>
<arg>--add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED</arg>
<arg>--add-exports=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED</arg>
<arg>--add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED</arg>
<arg>--add-exports=jdk.compiler/com.sun.tools.javac.main=ALL-UNNAMED</arg>
<arg>--add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED</arg>
<arg>--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED</arg>
<arg>--add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED</arg>
<arg>-Xmaxerrs</arg>
<arg>10000</arg>
<arg>-Xmaxwarns</arg>
<arg>10000</arg>
</compilerArgs>
<parameters>true</parameters>
<source>${version.jdk}</source>
<target>${version.jdk}</target>
<showWarnings>false</showWarnings>
<!-- Erroneously inverted logic... for details, see
https://issues.apache.org/jira/browse/MCOMPILER-209. -->
<useIncrementalCompilation>false</useIncrementalCompilation>
</configuration>
<executions>
<!-- OpenRewrite recipe sources, generated by the
`rewrite-templating` annotation processor and
identified as classes whose name ends in `Recipes`, are
compiled to target Java 8 for compatibility with the
wider OpenRewrite ecosystem. The `maven-jar-plugin` is
configured to package these files into a separate JAR. -->
<execution>
<id>compile-recipes</id>
<goals>
<goal>compile</goal>
</goals>
<configuration>
<compilerArgs combine.self="override">
<!-- When Java 8 is targeted we can't use
the `add-exports` flag. And since this goal
only recompiles already-compiled code,
static analysis is irrelevant. As such we
clear all compiler arguments, and only
suppress source/target/bootstrap classpath
warnings. -->
<arg>-Xlint:-options</arg>
</compilerArgs>
<source>8</source>
<target>8</target>
<includes>
<include>**/*Recipes.java</include>
</includes>
<outputDirectory>${project.build.directory}/openrewrite-recipes</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>3.8.1</version>
<configuration>
<!-- XXX: Drop `ignoreAllNonTestScoped` once
https://issues.apache.org/jira/browse/MNG-6058 is
resolved. (See
https://issues.apache.org/jira/browse/MDEP-791 for
context.) -->
<ignoreAllNonTestScoped>true</ignoreAllNonTestScoped>
<ignoreDirect>false</ignoreDirect>
<ignoreNonCompile>true</ignoreNonCompile>
</configuration>
<executions>
<execution>
<id>copy-test-agents</id>
<goals>
<goal>copy-dependencies</goal>
</goals>
<configuration>
<includeGroupIds>org.mockito</includeGroupIds>
<includeArtifactIds>mockito-core</includeArtifactIds>
<stripVersion>true</stripVersion>
<outputDirectory>${project.build.directory}/test-agents</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>3.1.4</version>
<configuration>
<retryFailedDeploymentCount>3</retryFailedDeploymentCount>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.5.0</version>
<configuration>
<fail>false</fail>
<rules>
<banCircularDependencies />
<banDependencyManagementScope />
<banDuplicateClasses>
<dependencies>
<dependency>
<groupId>io.github.eisop</groupId>
<artifactId>dataflow-errorprone</artifactId>
<!-- This package is contained in
Checker Framework's `checker-qual` and
`dataflow-errorprone` modules. Error
Prone requires the latter, while Guava
pulls in the former. Since the package
contains mostly annotations, this is
not expected to cause trouble in
practice. -->
<ignoreClasses>
<ignoreClass>org.checkerframework.dataflow.qual.*</ignoreClass>
</ignoreClasses>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<!-- Spring AOP redistributes the AOP
Alliance interfaces of the
`aopalliance:aopalliance` artifact. See
https://jira.spring.io/browse/SPR-13984. -->
<ignoreClasses>
<ignoreClass>org.aopalliance.*</ignoreClass>
</ignoreClasses>
</dependency>
</dependencies>
<findAllDuplicates>true</findAllDuplicates>
</banDuplicateClasses>
<banDuplicatePomDependencyVersions />
<banDynamicVersions>
<ignores>
<ignore>${project.groupId}</ignore>
</ignores>
</banDynamicVersions>
<dependencyConvergence />
<enforceBytecodeVersion>
<maxJdkVersion>${version.jdk}</maxJdkVersion>
</enforceBytecodeVersion>
<requireEncoding>
<acceptAsciiSubset>true</acceptAsciiSubset>
<encoding>ISO-8859-1</encoding>
<includes>src/main/resources/**/*.properties,src/test/resources/**/*.properties</includes>
</requireEncoding>
<requireJavaVersion>
<version>${version.jdk}</version>
</requireJavaVersion>
<requireMatchingCoordinates>
<moduleNameMustMatchArtifactId>true</moduleNameMustMatchArtifactId>
</requireMatchingCoordinates>
<requireMavenVersion>
<version>${version.maven}</version>
</requireMavenVersion>
<requireNoRepositories />
<requirePluginVersions />
<requireUpperBoundDeps />
</rules>
</configuration>
<dependencies>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>extra-enforcer-rules</artifactId>
<version>1.10.0</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>apply-enforcement-rules</id>
<goals>
<goal>enforce</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.2.7</version>
<executions>
<execution>
<id>sign-artifacts</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<version>3.1.4</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.4.2</version>
<configuration>
<skipIfEmpty>true</skipIfEmpty>
<archive>
<manifest>
<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
</manifest>
<manifestEntries>
<Implementation-Title>${project.name}</Implementation-Title>
<Implementation-Vendor>${project.organization.name}</Implementation-Vendor>
<Implementation-Version>${project.version}.${build.number}.${git.commit.id}</Implementation-Version>
<Rookout-Repository>${project.scm.url}</Rookout-Repository>
<Rookout-Revision>${git.commit.id}</Rookout-Revision>
</manifestEntries>
</archive>
</configuration>
<executions>
<execution>
<id>default-jar</id>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<!-- These Java 17 bytecode classes are omitted
from the default JAR, as instead we produce a
separate artifact with Java 8 bytecode variants. -->
<excludes>
<excludes>**/*Recipe$*.class</excludes>
<excludes>**/*Recipe.class</excludes>
<excludes>**/*Recipes.class</excludes>
</excludes>
</configuration>
</execution>
<execution>
<!-- Creates a custom JAR with Java 8-compatible
OpenRewrite recipe classes. -->
<id>create-openrewrite-recipes-jar</id>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classesDirectory>${project.build.directory}/openrewrite-recipes</classesDirectory>
<classifier>recipes</classifier>
<includes>
<includes>**/*Recipe$*.class</includes>
<includes>**/*Recipe.class</includes>
<includes>**/*Recipes.class</includes>
</includes>
</configuration>
</execution>
<execution>
<id>create-test-jar</id>
<goals>
<goal>test-jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.11.2</version>
<configuration>
<additionalJOptions>
<additionalJOption>--add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED</additionalJOption>
<additionalJOption>--add-exports=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED</additionalJOption>
<additionalJOption>--add-exports=jdk.compiler/com.sun.tools.javac.main=ALL-UNNAMED</additionalJOption>
<additionalJOption>--add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED</additionalJOption>
<additionalJOption>--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED</additionalJOption>
<additionalJOption>--add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED</additionalJOption>
</additionalJOptions>
<!-- All relevant doclint checks are performed during
the compilation phase; no need to recheck during
Javadoc generation. -->
<doclint>none</doclint>
<source>${version.jdk}</source>
</configuration>
<executions>
<execution>
<id>generate-javadoc-jar</id>
<goals>
<goal>jar</goal>
</goals>
<phase>verify</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>3.1.1</version>
<configuration>
<autoVersionSubmodules>true</autoVersionSubmodules>
<preparationProfiles>release</preparationProfiles>
<releaseProfiles>release</releaseProfiles>
<tagNameFormat>v@{project.version}</tagNameFormat>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>3.3.1</version>
<configuration>
<delimiters>
<delimiter>@</delimiter>
</delimiters>
<propertiesEncoding>ISO-8859-1</propertiesEncoding>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<version>3.21.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.3.1</version>
<executions>
<execution>
<id>generate-source-jar</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
<phase>verify</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.5.3</version>
<configuration>
<includes>
<include>**/*Test.java</include>
</includes>
<properties>
<configurationParameters>junit.jupiter.execution.parallel.enabled=true
junit.jupiter.execution.parallel.mode.default=concurrent
junit.jupiter.execution.timeout.threaddump.enabled=true
junit.platform.stacktrace.pruning.enabled=false</configurationParameters>
</properties>
<redirectTestOutputToFile>true</redirectTestOutputToFile>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>license-maven-plugin</artifactId>
<version>2.5.0</version>
<configuration>
<includedLicenses>
<!-- The SPDX IDs of licenses of third-party
software that may be bundled as part of
non-distributed (i.e. Picnic-internal) deployable
artifacts (i.e. web services). -->
<includedLicense>Apache-2.0</includedLicense>
<includedLicense>BSD-2-Clause</includedLicense>
<includedLicense>BSD-3-Clause</includedLicense>
<includedLicense>CC0-1.0</includedLicense>
<includedLicense>CDDL-1.1</includedLicense>
<includedLicense>EPL-1.0</includedLicense>
<includedLicense>EPL-2.0</includedLicense>
<includedLicense>GPL-2.0-with-classpath-exception</includedLicense>
<includedLicense>ICU</includedLicense>
<includedLicense>LGPL-2.1+</includedLicense>
<includedLicense>LGPL-3.0+</includedLicense>
<includedLicense>MIT</includedLicense>
<includedLicense>MIT-0</includedLicense>
<includedLicense>Public Domain</includedLicense>
</includedLicenses>
<licenseMerges>
<!-- License aliases. Each section corresponds to a
single license; where applicable the license's SPDX
ID is listed first; the aliases that follow are (or
were) declared by one or more third-party
dependencies. -->
<licenseMerge>
<!-- -->
Apache-2.0
| Apache 2
| Apache 2.0
| Apache License 2.0
| Apache License, Version 2.0
| The Apache License, Version 2.0
| The Apache Software License, Version 2.0
</licenseMerge>
<licenseMerge>
<!-- XXX: Get projects referencing just "BSD"
to explicitly state the clause count. -->
BSD-2-Clause
| The BSD License
</licenseMerge>
<licenseMerge>
<!-- XXX: Get projects referencing just "BSD"
to explicitly state the clause count. -->
BSD-3-Clause
| 3-Clause BSD License
| BSD 3-clause
| BSD 3-Clause "New" or "Revised" License (BSD-3-Clause)
<!-- XXX: Typo; file ticket. -->
| BSD licence
| BSD License 3
| Eclipse Distribution License (New BSD License)
| Eclipse Distribution License - v 1.0
| EDL 1.0
| New BSD License
</licenseMerge>
<licenseMerge>
<!-- -->
CC0-1.0
| CC0
| Public Domain, per Creative Commons CC0
</licenseMerge>
<licenseMerge>
<!-- -->
CDDL-1.1
| CDDL 1.1
| Dual license consisting of the CDDL v1.1 and GPL v2
</licenseMerge>
<licenseMerge>
<!-- -->
EPL-1.0
| Eclipse Public License 1.0
| Eclipse Public License - v 1.0
</licenseMerge>
<licenseMerge>
<!-- -->
EPL-2.0
| Eclipse Public License - v 2.0
| Eclipse Public License v2.0
| EPL 2.0
</licenseMerge>
<licenseMerge>
<!-- -->
ICU
| Unicode/ICU License
</licenseMerge>
<licenseMerge>
<!-- -->
GPL-2.0-with-classpath-exception
| CDDL/GPLv2+CE
| CDDL + GPLv2 with classpath exception
| GNU General Public License, version 2 (GPL2), with the classpath exception
| GNU General Public License, version 2, with the Classpath Exception
| GPL2 w/ CPE
</licenseMerge>
<licenseMerge>
<!-- -->
LGPL-2.1+
| LGPL-2.1-or-later
</licenseMerge>
<licenseMerge>
<!-- XXX: Get projects referencing just "LGPL"
to explicitly state the license version. -->
LGPL-3.0+
| GNU Lesser Public License
</licenseMerge>
<licenseMerge>
<!-- -->
MIT
| MIT license
| MIT License
| The MIT License
| The MIT License (MIT)
</licenseMerge>
</licenseMerges>
<!-- Nearly no projects ship a "missing third party
licenses" file. Since the operation of attempting to
retrieve these files is very slow, we have decided to
disable this functionality at this time. -->
<useRepositoryMissingFiles>false</useRepositoryMissingFiles>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>tidy-maven-plugin</artifactId>
<version>1.4.0</version>
<executions>
<execution>
<id>check-pom</id>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.18.0</version>
<configuration>
<updateBuildOutputTimestampPolicy>never</updateBuildOutputTimestampPolicy>
</configuration>
</plugin>
<plugin>
<groupId>org.gaul</groupId>
<artifactId>modernizer-maven-plugin</artifactId>
<version>3.1.0</version>
<configuration>
<exclusionPatterns>
<!-- The plugin suggests replacing usages of
Guava's `Iterables` class with
`java.util.stream.Stream` equivalents, but the
alternative is often more verbose, requiring
unnecessary conversions to and from streams. -->
<exclusionPattern>com/google/common/collect/Iterables\..*</exclusionPattern>
</exclusionPatterns>
<failOnViolations>false</failOnViolations>
<ignorePackages>
<!-- Some Refaster rules purposefully use outdated
patterns in their `@BeforeTemplate` methods. -->
<ignorePackage>tech.picnic.errorprone.refasterrules</ignorePackage>
</ignorePackages>
<javaVersion>${version.jdk}</javaVersion>
</configuration>
<executions>
<execution>
<id>run-modernizer</id>
<goals>
<goal>modernizer</goal>
</goals>
<phase>process-test-classes</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.13</version>
<configuration>
<excludes>
<!-- Refaster rules are tested using a custom method
that does not cause code coverage to be registered. -->
<exclude>${refaster-rules.path-pattern}</exclude>
</excludes>
</configuration>
</plugin>
<plugin>
<groupId>org.kordamp.maven</groupId>
<artifactId>pomchecker-maven-plugin</artifactId>
<version>1.14.0</version>
<configuration>
<failOnError>false</failOnError>
<release>false</release>
</configuration>
<executions>
<execution>
<id>check-maven-central-compliance</id>
<goals>
<goal>check-maven-central</goal>
</goals>
<phase>verify</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.pitest</groupId>
<artifactId>pitest-maven</artifactId>
<version>1.19.1</version>
<configuration>
<excludedClasses>
<!-- AutoValue generated classes. -->
<excludedClass>*.AutoValue_*</excludedClass>
<!-- Refaster rule collections. -->
<excludedClass>*.refaster*.*Rules*</excludedClass>
</excludedClasses>
<failWhenNoMutations>false</failWhenNoMutations>
<mutators>
<mutator>EXTENDED</mutator>
<mutator>STRONGER</mutator>
</mutators>
<!-- Use multiple threads to speed things up. Extend
timeouts to prevent false positives as a result of
contention. -->
<threads>4</threads>
<timeoutFactor>4</timeoutFactor>
<timestampedReports>false</timestampedReports>
</configuration>
<dependencies>
<dependency>
<groupId>com.arcmutate</groupId>
<artifactId>base</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>com.arcmutate</groupId>
<artifactId>pitest-accelerator-junit5</artifactId>
<version>1.2.0</version>
</dependency>
<dependency>
<groupId>com.arcmutate</groupId>
<artifactId>pitest-git-plugin</artifactId>
<version>${version.pitest-git}</version>
</dependency>
<dependency>
<groupId>org.pitest</groupId>
<artifactId>pitest-junit5-plugin</artifactId>
<version>1.2.2</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>compute-mutation-coverage</id>
<goals>
<goal>mutationCoverage</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>5.1.0.4751</version>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>io.github.git-commit-id</groupId>
<artifactId>git-commit-id-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>error-prone-fork</id>
<properties>
<version.error-prone>${version.error-prone-fork}</version.error-prone>
</properties>
</profile>
<profile>
<!-- Applies the Error Prone checks defined by this project to the
code base itself. Assumes that a prior build has already installed
the project in the local Maven repository. -->
<id>self-check</id>
<properties>
<!-- XXX: `MethodReferenceUsage` is an extremely expensive
check due to its use of `SuggestedFixes.compilesWithFix`. Maybe
we should drop it altogether? -->
<!-- XXX: Find a way to assert that test code (both inline
`BugChecker` test code and the Refaster test files) does not
exhibit anti-patterns other than those associated with the
check/rule under test. Ideally all test cases are realistic. -->
<error-prone.self-check-args>-Xep:MethodReferenceUsage:OFF</error-prone.self-check-args>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<annotationProcessorPaths combine.children="append">
<path>
<groupId>${project.groupId}</groupId>
<artifactId>error-prone-contrib</artifactId>
</path>
<path>
<groupId>${project.groupId}</groupId>
<artifactId>error-prone-experimental</artifactId>
</path>
<path>
<groupId>${project.groupId}</groupId>
<artifactId>error-prone-guidelines</artifactId>
</path>
<path>
<groupId>${project.groupId}</groupId>
<artifactId>refaster-runner</artifactId>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<!-- A counterpart to the `disallow-warnings` profile which
explicitly "tones down" plugins enabled by the `build-checks`
profile. Necessary for dealing with plugins that default to failing
the build upon encountering a violation. -->
<id>avoid-errors</id>
<activation>
<property>
<name>verification.warn</name>
</property>
</activation>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>tidy-maven-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</profile>
<profile>
<!-- By default, we verify various aspects of a module and the
artifact(s) it produces. We define these checks in a profile so
that they can be disabled during development. See also the
`error-prone` profile defined below. -->
<id>build-checks</id>
<activation>
<property>
<name>!verification.skip</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>com.github.ekryd.sortpom</groupId>
<artifactId>sortpom-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>com.spotify.fmt</groupId>
<artifactId>fmt-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>de.thetaphi</groupId>
<artifactId>forbiddenapis</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<compilerArgs combine.children="append">
<!-- We first enable all doclint checks and
then selectively disable a subset below. -->
<arg>-Xdoclint:all</arg>
<!-- We don't care about missing Javadoc
on non-public classes and members. -->
<arg>-Xdoclint:-missing/package</arg>
<!-- We first enable all lint checks and then
selectively disable a subset below. -->
<arg>-Xlint:all</arg>
<!-- The annotation processors do not handle
all annotations present on the classpath, and
javac complains about this. See
https://bugs.openjdk.java.net/browse/JDK-6999068. -->
<arg>-Xlint:-processing</arg>
</compilerArgs>
<showWarnings>true</showWarnings>
</configuration>
<executions>
<execution>
<id>default-testCompile</id>
<goals>
<goal>testCompile</goal>
</goals>
<phase>test-compile</phase>
<configuration>
<compilerArgs combine.children="append">
<!-- Test code doesn't require Javadoc. -->
<arg>-Xdoclint:-missing</arg>
</compilerArgs>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>analyze-dependencies</id>
<goals>
<goal>analyze-dep-mgt</goal>
<goal>analyze-duplicate</goal>
<goal>analyze-only</goal>
</goals>
<phase>process-test-classes</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>license-maven-plugin</artifactId>
<executions>
<execution>
<id>check-third-party-licenses</id>
<goals>
<goal>add-third-party</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>tidy-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.gaul</groupId>
<artifactId>modernizer-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.kordamp.maven</groupId>
<artifactId>pomchecker-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
<profile>
<!-- An extension of the `build-checks` profile that configures
Error Prone. This configuration is defined in a separate profile so
that it can be combined with the `patch` profile below, without
introducing the overhead of other build checks. -->
<id>error-prone</id>
<activation>
<property>
<name>!verification.skip</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<annotationProcessorPaths combine.children="append">
<path>
<groupId>com.google.errorprone</groupId>
<artifactId>error_prone_core</artifactId>
</path>
<path>
<groupId>com.google.guava</groupId>
<artifactId>guava-beta-checker</artifactId>
</path>
<path>
<groupId>com.jakewharton.nopen</groupId>
<artifactId>nopen-checker</artifactId>
</path>
<path>
<groupId>com.uber.nullaway</groupId>
<artifactId>nullaway</artifactId>
</path>
<path>
<groupId>jp.skypencil.errorprone.slf4j</groupId>
<artifactId>errorprone-slf4j</artifactId>
</path>
<path>
<groupId>org.mockito</groupId>
<artifactId>mockito-errorprone</artifactId>
</path>
</annotationProcessorPaths>
<compilerArgs combine.children="append">
<!-- Enable and configure Error Prone. -->
<arg>
-Xplugin:ErrorProne
<!-- We use a separate Maven profile to
raise all warnings as errors. This way one
can optionally collect all warnings without
failing the build on the first error
encountered. -->
-XepAllErrorsAsWarnings
-XepAllSuggestionsAsWarnings
<!-- We want to enable almost all Error
Prone bug pattern checkers, so we enable
all and then selectively deactivate some. -->
-XepAllDisabledChecksAsWarnings
<!-- Some generated classes violate Error
Prone bug patterns. We cannot in all cases
avoid that, so we simply tell Error Prone
not to warn about generated code. -->
-XepDisableWarningsInGeneratedCode
<!-- XXX: Ideally we'd match against
`\Q${project.build.directory}${file.separator}\E.*`,
but that approach doesn't work on Windows,
as Error Prone matches against a path that
always contains forward-slash path
separators. -->
-XepExcludedPaths:(?!.*/src/[^/]+/java/.*).*
<!-- We don't target Android. -->
-Xep:AndroidJdkLibsChecker:OFF
<!-- XXX: Enable this once we open-source
this library. -->
-Xep:BetaApi:OFF
<!-- We don't target JDK 8. -->
-Xep:Java8ApiChecker:OFF
<!-- We don't target Android. -->
-Xep:StaticOrDefaultInterfaceMethod:OFF
<!-- We generally discourage `var` use. -->
-Xep:Varifier:OFF
<!-- Yoda conditions are not always more
readable than the alternative. -->
-Xep:YodaCondition:OFF
-XepOpt:CheckReturnValue:CheckAllConstructors=true
<!-- XXX: Enable once there are fewer
false-positives.
-XepOpt:CheckReturnValue:CheckAllMethods=true -->
<!-- XXX: Consider renaming flagged types
instead. -->
-XepOpt:ConstantExpressions:ConsiderAllMethodsPure=true
-XepOpt:IdentifierName:AllowInitialismsInTypeName=true
-XepOpt:InlineMe:SkipInliningsWithComments=false
-XepOpt:NullAway:AnnotatedPackages=tech.picnic
-XepOpt:NullAway:AssertsEnabled=true
-XepOpt:NullAway:CheckOptionalEmptiness=true
-XepOpt:NullAway:JSpecifyMode=true
-XepOpt:Nullness:Conservative=false
<!-- Append additional custom arguments. -->
${error-prone.patch-args}
${error-prone.self-check-args}
</arg>
<!-- The Error Prone plugin makes certain
assumptions about the state of the AST at the
moment it is invoked. Those assumptions require
the `simple` compile policy. This flag may be
dropped after resolution of
https://bugs.openjdk.java.net/browse/JDK-8155674. -->
<arg>-XDcompilePolicy=simple</arg>
<!-- Similarly, Error Prone requires that flow
analysis has been performed, e.g. to determine
whether variables are effectively final. This
flag may be dropped if it ever becomes the
default. See
https://bugs.openjdk.org/browse/JDK-8134117. -->
<arg>--should-stop=ifError=FLOW</arg>
</compilerArgs>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<!-- If combined with the `error-prone` profile above, this profile
configures Error Prone to try and automatically fix (rather than
merely flag) bug pattern violations in the source code. -->
<id>patch</id>
<activation>
<property>
<name>error-prone.patch-checks</name>
</property>
</activation>
<properties>
<error-prone.patch-args>-XepPatchChecks:${error-prone.patch-checks} -XepPatchLocation:IN_PLACE</error-prone.patch-args>
</properties>
</profile>
<profile>
<!-- The `build-checks` and `error-prone` profiles enable numerous
additional validations. By default, any violations break the build.
This profile allows one to collect all violations without failing
the build. -->
<id>disallow-warnings</id>
<activation>
<property>
<name>!verification.warn</name>
</property>
</activation>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>com.github.ekryd.sortpom</groupId>
<artifactId>sortpom-maven-plugin</artifactId>
<configuration>
<verifyFail>stop</verifyFail>
</configuration>
</plugin>
<plugin>
<groupId>com.spotify.fmt</groupId>
<artifactId>fmt-maven-plugin</artifactId>
<configuration>
<failOnError>true</failOnError>
</configuration>
</plugin>
<plugin>
<groupId>de.thetaphi</groupId>
<artifactId>forbiddenapis</artifactId>
<configuration>
<failOnViolation>true</failOnViolation>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<configuration>
<failOnViolation>true</failOnViolation>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<compilerArgs combine.children="append">
<!-- When using a JDK other than the one
specified using `-source`, `javac` warns
that the bootstrap classpath will not be
set. We don't want to fail on that warning. -->
<arg>-Xlint:-options</arg>
</compilerArgs>
<failOnWarning>true</failOnWarning>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<configuration>
<failBuild>true</failBuild>
<failOnWarning>true</failOnWarning>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<configuration>
<fail>true</fail>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>license-maven-plugin</artifactId>
<configuration>
<failOnBlacklist>true</failOnBlacklist>
<failOnMissing>true</failOnMissing>
</configuration>
</plugin>
<plugin>
<groupId>org.gaul</groupId>
<artifactId>modernizer-maven-plugin</artifactId>
<configuration>
<failOnViolations>true</failOnViolations>
</configuration>
</plugin>
<plugin>
<groupId>org.kordamp.maven</groupId>
<artifactId>pomchecker-maven-plugin</artifactId>
<configuration>
<failOnError>true</failOnError>
<failOnWarning>true</failOnWarning>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</profile>
<profile>
<id>sonar</id>
<properties>
<maven.test.failure.ignore>true</maven.test.failure.ignore>
</properties>
</profile>
<profile>
<id>third-party-license-tsv-export</id>
<activation>
<file>
<exists>${path.third-party-licenses-template}</exists>
</file>
</activation>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>license-maven-plugin</artifactId>
<configuration>
<fileTemplate>${path.third-party-licenses-template}</fileTemplate>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</profile>
<profile>
<id>version-number-rules</id>
<activation>
<file>
<exists>${path.version-number-rules}</exists>
</file>
</activation>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<configuration>
<rulesUri>file://${path.version-number-rules}</rulesUri>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</profile>
<profile>
<!-- This profile is auto-activated when performing a release. -->
<id>release</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
</plugin>
<!-- Lexicographically this plugin is listed out-of-order
because it must be executed after the
`maven-javadoc-plugin`; otherwise not all artifacts will be
signed. -->
<?SORTPOM IGNORE?>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
</plugin>
<?SORTPOM RESUME?>
<plugin>
<groupId>org.kordamp.maven</groupId>
<artifactId>pomchecker-maven-plugin</artifactId>
<configuration>
<release>true</release>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
Open source consumption has exploded, with estimates placing this year’s downloads at over 6.6 trillion. This reliance on open source components, now making up to 90% of the modern software application, has ushered in both unprecedented innovation and complex challenges for software supply chains.
View the Report