error-prone-support
Used in:
components
- OverviewOverview
- VersionsVersions
- DependentsDependents
- DependenciesDependencies
<dependency>
<groupId>tech.picnic.error-prone-support</groupId>
<artifactId>error-prone-support</artifactId>
<version>0.12.0</version>
</dependency><?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>tech.picnic.error-prone-support</groupId>
<artifactId>error-prone-support</artifactId>
<version>0.12.0</version>
<packaging>pom</packaging>
<name>Picnic :: Error Prone Support</name>
<description>Error Prone support library by Picnic.</description>
<url>https://error-prone.picnic.tech</url>
<inceptionYear>2017</inceptionYear>
<organization>
<name>Picnic Technologies BV</name>
<url>https://picnic.tech</url>
</organization>
<licenses>
<license>
<name>MIT</name>
<url>https://opensource.org/licenses/mit-license.php</url>
<distribution>repo</distribution>
</license>
</licenses>
<developers>
<developer>
<name>Rick Ossendrijver</name>
<email>rick.ossendrijver@teampicnic.com</email>
<organization>Picnic Technologies BV</organization>
<timezone>Europe/Amsterdam</timezone>
</developer>
<developer>
<name>Stephan Schroevers</name>
<email>stephan.schroevers@teampicnic.com</email>
<organization>Picnic Technologies BV</organization>
<timezone>Europe/Amsterdam</timezone>
</developer>
</developers>
<modules>
<module>documentation-support</module>
<module>error-prone-contrib</module>
<module>refaster-compiler</module>
<module>refaster-runner</module>
<module>refaster-support</module>
<module>refaster-test-support</module>
</modules>
<scm>
<developerConnection>scm:git:git@github.com:PicnicSupermarket/error-prone-support.git</developerConnection>
<tag>v0.12.0</tag>
<url>https://github.com/PicnicSupermarket/error-prone-support</url>
</scm>
<issueManagement>
<system>Github</system>
<url>https://github.com/PicnicSupermarket/error-prone-support/issues</url>
</issueManagement>
<ciManagement>
<system>GitHub Actions</system>
<url>https://github.com/PicnicSupermarket/error-prone-support/actions</url>
</ciManagement>
<distributionManagement>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
</repository>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
</distributionManagement>
<properties>
<!-- Arguments to the JVMs forked by Surefire. The specification of
this 'argLine' property instead of the definition of the 'argLine'
configuration setting allows users or plugins to specify additional
arguments. In particular, JaCoCo relies on this for the configuration
of its Java agent, and Pitest uses this configuration when it spawns
additional JVMs. -->
<argLine>
<!-- The JVM arguments specified in `.mvn/jvm.config` also apply to
test JVMs, as those are also non-interactive processes running
Error Prone, and thus similarly make extensive use of unsupported
`javac`-internal APIs, in some cases even reflectively inspecting
them. -->
-XX:ReservedCodeCacheSize=512m
-XX:SoftRefLRUPolicyMSPerMB=10
-XX:+UseParallelGC
--add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.main=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.model=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.processing=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED
--add-opens=jdk.compiler/com.sun.tools.javac.comp=ALL-UNNAMED
<!-- The test JVMs are short-running. By disabling certain
expensive JIT optimizations we actually speed up most tests. -->
-XX:TieredStopAtLevel=1
<!-- We cap memory usage. This may be relevant for build agents,
but also prevents excessive memory usage by heavily parallelized
local builds. -->
-Xmx${argLine.xmx}
<!-- This argument cannot be set through Surefire's
'systemPropertyVariables' configuration setting. Setting the file
encoding is necessary because forked unit test invocations
otherwise use the environment's file encoding. -->
-Dfile.encoding=${project.build.sourceEncoding}
<!-- This argument *can* be set through Surefire's
'systemPropertyVariables' configuration setting, but by placing it
here it automatically also applies to the Failsafe plugin. To avoid
potential slowdown of tests relying on
`java.security.SecureRandom`, on Unix systems we use a
lower-quality source of randomness. Note that it is not fatal for
the file not to exist, so this setting is Windows-compatible. The
`/./` syntax is no accident; see
https://bugs.openjdk.java.net/browse/JDK-6202721 for details. -->
-Djava.security.egd=file:/dev/./urandom
<!-- On Mac OS X, running in headless mode prevents the forked JVMs
from showing up in the dock and capturing window focus. -->
-Djava.awt.headless=true
</argLine>
<!-- The maximum amount of heap memory available to forked Surefire
processes. Factored out into a separate property to allow overriding. -->
<argLine.xmx>1024m</argLine.xmx>
<!-- Our build system provides a monotonically increasing build number.
When building locally, this number is obviously absent. So we provide a
default value. -->
<build.number>LOCAL</build.number>
<!-- Properties using which additional Error Prone flags can be
specified. Used by the `patch` and `self-check` profiles. -->
<error-prone.patch-args />
<error-prone.self-check-args />
<!-- The Maven `groupId` under which Error Prone dependencies are
published. We use an official Error Prone release by default. This
property allows the `error-prone-fork` profile below to build the
project using Picnic's Error Prone fork instead. -->
<groupId.error-prone>com.google.errorprone</groupId.error-prone>
<!-- The build timestamp is derived from the most recent commit
timestamp in support of reproducible builds. -->
<project.build.outputTimestamp>2023-06-21T19:08:33Z</project.build.outputTimestamp>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- Glob pattern identifying Refaster rule definition files. These
Java classes don't contain "regular" code, and thus require special
handling by various code analysis tools. -->
<refaster-rules.path-pattern>**/tech/picnic/errorprone/refasterrules/*.java</refaster-rules.path-pattern>
<!-- SonarCloud analysis settings. Refaster rules are excluded from
coverage computation, because they are tested using a custom method
that does not cause code coverage to be registered. -->
<sonar.coverage.exclusions>${refaster-rules.path-pattern}</sonar.coverage.exclusions>
<sonar.host.url>https://sonarcloud.io</sonar.host.url>
<!-- SonarCloud partial rule suppressions. These fall in two
categories:
- "Java test resources", i.e. test resource files that are valid Java
source code files. These resources serve as input or expected output
for tests, and often contain non-idiomatic or non-production code on
purpose.
- Refaster rules. These are valid Java files, but they should not be
thought of as "executable code" in the traditional sense. Due to
their nature, Refaster rule definitions contain some code that would
be considered non-idiomatic or incorrect in other contexts. -->
<sonar.issue.ignore.multicriteria>java-resource,refaster-rules-1,refaster-rules-2,refaster-rules-3,refaster-rules-4,refaster-rules-5,refaster-rules-6</sonar.issue.ignore.multicriteria>
<sonar.issue.ignore.multicriteria.java-resource.resourceKey>**/src/test/resources/**/*.java</sonar.issue.ignore.multicriteria.java-resource.resourceKey>
<sonar.issue.ignore.multicriteria.java-resource.ruleKey>java:*</sonar.issue.ignore.multicriteria.java-resource.ruleKey>
<!-- Many Refaster rules are simpler thanks to generic return types. -->
<sonar.issue.ignore.multicriteria.refaster-rules-1.resourceKey>${refaster-rules.path-pattern}</sonar.issue.ignore.multicriteria.refaster-rules-1.resourceKey>
<sonar.issue.ignore.multicriteria.refaster-rules-1.ruleKey>java:S1452</sonar.issue.ignore.multicriteria.refaster-rules-1.ruleKey>
<!-- `@Placeholder` methods must be defined in an abstract class. -->
<sonar.issue.ignore.multicriteria.refaster-rules-2.resourceKey>${refaster-rules.path-pattern}</sonar.issue.ignore.multicriteria.refaster-rules-2.resourceKey>
<sonar.issue.ignore.multicriteria.refaster-rules-2.ruleKey>java:S1610</sonar.issue.ignore.multicriteria.refaster-rules-2.ruleKey>
<!-- Template parameters stand in for arbitrarily complex expressions;
lambda expression referencing such a parameter cannot be replaced with
a method reference. -->
<sonar.issue.ignore.multicriteria.refaster-rules-3.resourceKey>${refaster-rules.path-pattern}</sonar.issue.ignore.multicriteria.refaster-rules-3.resourceKey>
<sonar.issue.ignore.multicriteria.refaster-rules-3.ruleKey>java:S1612</sonar.issue.ignore.multicriteria.refaster-rules-3.ruleKey>
<!-- Refaster rules are named after their `@AfterTemplate` code, and
may end in `Exception`. -->
<sonar.issue.ignore.multicriteria.refaster-rules-4.resourceKey>${refaster-rules.path-pattern}</sonar.issue.ignore.multicriteria.refaster-rules-4.resourceKey>
<sonar.issue.ignore.multicriteria.refaster-rules-4.ruleKey>java:S2166</sonar.issue.ignore.multicriteria.refaster-rules-4.ruleKey>
<!-- Usage of `Refaster#anyOf` may incorrectly give the impression
that a stream is consumed more than once. -->
<sonar.issue.ignore.multicriteria.refaster-rules-5.resourceKey>${refaster-rules.path-pattern}</sonar.issue.ignore.multicriteria.refaster-rules-5.resourceKey>
<sonar.issue.ignore.multicriteria.refaster-rules-5.ruleKey>java:S3959</sonar.issue.ignore.multicriteria.refaster-rules-5.ruleKey>
<!-- Although not test code themselves, many Refaster rules contain
assertion expressions. -->
<sonar.issue.ignore.multicriteria.refaster-rules-6.resourceKey>${refaster-rules.path-pattern}</sonar.issue.ignore.multicriteria.refaster-rules-6.resourceKey>
<sonar.issue.ignore.multicriteria.refaster-rules-6.ruleKey>java:S5960</sonar.issue.ignore.multicriteria.refaster-rules-6.ruleKey>
<sonar.organization>picnic-technologies</sonar.organization>
<!-- SonarCloud analysis source and test directories are specified
explicitly, because SonarCloud will otherwise only analyze `pom.xml`
and `src/{main,test}/java/**`. -->
<sonar.sources>pom.xml,src/main</sonar.sources>
<sonar.tests>src/test</sonar.tests>
<!-- Dependency and plugin versions that are referenced in more than
one place. We use these to keep dependencies in sync. Version numbers
that need to be referenced only once should *not* be listed here. -->
<version.auto-service>1.1.1</version.auto-service>
<version.auto-value>1.10.1</version.auto-value>
<version.error-prone>${version.error-prone-orig}</version.error-prone>
<version.error-prone-fork>v${version.error-prone-orig}-picnic-1</version.error-prone-fork>
<version.error-prone-orig>2.20.0</version.error-prone-orig>
<version.error-prone-slf4j>0.1.18</version.error-prone-slf4j>
<version.guava-beta-checker>1.0</version.guava-beta-checker>
<version.jdk>11</version.jdk>
<version.maven>3.8.7</version.maven>
<version.mockito>5.3.1</version.mockito>
<version.nopen-checker>1.0.1</version.nopen-checker>
<version.nullaway>0.10.10</version.nullaway>
<version.pitest-git>1.0.11</version.pitest-git>
<version.surefire>3.1.2</version.surefire>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>${groupId.error-prone}</groupId>
<artifactId>error_prone_annotation</artifactId>
<version>${version.error-prone}</version>
</dependency>
<dependency>
<groupId>${groupId.error-prone}</groupId>
<artifactId>error_prone_annotations</artifactId>
<version>${version.error-prone}</version>
</dependency>
<dependency>
<groupId>${groupId.error-prone}</groupId>
<artifactId>error_prone_check_api</artifactId>
<version>${version.error-prone}</version>
</dependency>
<dependency>
<groupId>${groupId.error-prone}</groupId>
<artifactId>error_prone_core</artifactId>
<version>${version.error-prone}</version>
</dependency>
<dependency>
<groupId>${groupId.error-prone}</groupId>
<artifactId>error_prone_test_helpers</artifactId>
<version>${version.error-prone}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>documentation-support</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>refaster-compiler</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>refaster-runner</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>refaster-support</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>refaster-test-support</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
<version>2.15.2</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.google.auto</groupId>
<artifactId>auto-common</artifactId>
<version>1.2.1</version>
</dependency>
<dependency>
<groupId>com.google.auto.service</groupId>
<artifactId>auto-service-annotations</artifactId>
<version>${version.auto-service}</version>
</dependency>
<dependency>
<groupId>com.google.auto.value</groupId>
<artifactId>auto-value</artifactId>
<version>${version.auto-value}</version>
</dependency>
<dependency>
<groupId>com.google.auto.value</groupId>
<artifactId>auto-value-annotations</artifactId>
<version>${version.auto-value}</version>
</dependency>
<dependency>
<groupId>com.google.googlejavaformat</groupId>
<artifactId>google-java-format</artifactId>
<version>1.17.0</version>
</dependency>
<!-- Specified as a workaround for
https://github.com/mojohaus/versions-maven-plugin/issues/244. -->
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava-beta-checker</artifactId>
<version>${version.guava-beta-checker}</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava-bom</artifactId>
<version>32.0.1-jre</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.google.truth</groupId>
<artifactId>truth</artifactId>
<version>1.1.4</version>
</dependency>
<!-- Specified as a workaround for
https://github.com/mojohaus/versions-maven-plugin/issues/244. -->
<dependency>
<groupId>com.jakewharton.nopen</groupId>
<artifactId>nopen-checker</artifactId>
<version>${version.nopen-checker}</version>
</dependency>
<dependency>
<groupId>com.newrelic.agent.java</groupId>
<artifactId>newrelic-api</artifactId>
<version>8.3.0</version>
</dependency>
<!-- Specified as a workaround for
https://github.com/mojohaus/versions-maven-plugin/issues/244. -->
<dependency>
<groupId>com.uber.nullaway</groupId>
<artifactId>nullaway</artifactId>
<version>${version.nullaway}</version>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-bom</artifactId>
<version>2022.0.8</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>io.reactivex.rxjava2</groupId>
<artifactId>rxjava</artifactId>
<version>2.2.21</version>
</dependency>
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-annotations</artifactId>
<version>1.6.11</version>
</dependency>
<dependency>
<groupId>io.swagger.core.v3</groupId>
<artifactId>swagger-annotations</artifactId>
<version>2.2.12</version>
</dependency>
<dependency>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<version>6.0.0</version>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
<artifactId>javax.inject</artifactId>
<version>1</version>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.1</version>
</dependency>
<!-- Specified as a workaround for
https://github.com/mojohaus/versions-maven-plugin/issues/244. -->
<dependency>
<groupId>jp.skypencil.errorprone.slf4j</groupId>
<artifactId>errorprone-slf4j</artifactId>
<version>${version.error-prone-slf4j}</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.13.2</version>
</dependency>
<dependency>
<groupId>net.bytebuddy</groupId>
<artifactId>byte-buddy</artifactId>
<version>1.14.5</version>
</dependency>
<!-- Specified so that Renovate will file Maven upgrade PRs, which
subsequently will cause `maven-enforcer-plugin` to require that
developers build the project using the latest Maven release. -->
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-plugin-api</artifactId>
<version>${version.maven}</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>1.9.19</version>
</dependency>
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-bom</artifactId>
<version>3.24.2</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.checkerframework</groupId>
<artifactId>checker-qual</artifactId>
<version>3.35.0</version>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-core</artifactId>
<version>2.2</version>
</dependency>
<dependency>
<groupId>org.immutables</groupId>
<artifactId>value-annotations</artifactId>
<version>2.9.3</version>
</dependency>
<dependency>
<groupId>org.jspecify</groupId>
<artifactId>jspecify</artifactId>
<version>0.3.0</version>
</dependency>
<dependency>
<groupId>org.junit</groupId>
<artifactId>junit-bom</artifactId>
<version>5.9.3</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-bom</artifactId>
<version>${version.mockito}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>2.0.7</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>5.3.27</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-test</artifactId>
<version>2.7.12</version>
</dependency>
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
<version>7.8.0</version>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>com.github.ekryd.sortpom</groupId>
<artifactId>sortpom-maven-plugin</artifactId>
<version>3.2.1</version>
<configuration>
<createBackupFile>false</createBackupFile>
<encoding>${project.build.sourceEncoding}</encoding>
<expandEmptyElements>false</expandEmptyElements>
<nrOfIndentSpace>4</nrOfIndentSpace>
<predefinedSortOrder>recommended_2008_06</predefinedSortOrder>
<sortDependencies>groupId,artifactId</sortDependencies>
<sortDependencyExclusions>groupId,artifactId</sortDependencyExclusions>
<sortModules>true</sortModules>
<sortPlugins>groupId,artifactId</sortPlugins>
<sortProperties>true</sortProperties>
<verifyFail>warn</verifyFail>
</configuration>
<executions>
<execution>
<id>verify-pom-sorting</id>
<goals>
<goal>verify</goal>
</goals>
<phase>verify</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.groupcdg</groupId>
<artifactId>pitest-git-maven-plugin</artifactId>
<version>${version.pitest-git}</version>
</plugin>
<plugin>
<groupId>com.groupcdg</groupId>
<artifactId>pitest-github-maven-plugin</artifactId>
<version>${version.pitest-git}</version>
</plugin>
<plugin>
<groupId>com.spotify.fmt</groupId>
<artifactId>fmt-maven-plugin</artifactId>
<version>2.20</version>
<configuration>
<additionalSourceDirectories>
<additionalSourceDirectory>${basedir}/src/test/resources</additionalSourceDirectory>
</additionalSourceDirectories>
<forkMode>never</forkMode>
<failOnError>false</failOnError>
</configuration>
</plugin>
<plugin>
<groupId>de.thetaphi</groupId>
<artifactId>forbiddenapis</artifactId>
<version>3.5.1</version>
<configuration>
<bundledSignatures>
<bundledSignature>jdk-internal</bundledSignature>
<bundledSignature>jdk-reflection</bundledSignature>
<bundledSignature>jdk-system-out</bundledSignature>
<!-- Other bundles are available but currently not
enabled:
- commons-io-unsafe: while we may indirectly rely
on Apache Commons IO, we avoid direct
dependencies.
- jdk-deprecated: we compile with `-Xlint:all`,
which causes the build to fail when _any_
deprecated method is called.
- jdk-non-portable: the Error Prone integration
crucially relies on some of these APIs.
- jdk-unsafe: see
https://github.com/policeman-tools/forbidden-apis/issues/119.
Note that this whole plugin could be replaced with
an Error Prone check; that would also make it
possible to resolve issue #119 linked above. See
https://github.com/google/error-prone/issues/632. -->
</bundledSignatures>
<!-- The plugin tries to load all supertypes of any
class it analyzes. Some of those types may be absent
from the compilation classpath, because the module that
contains them has the `runtime` or `test` scope. When
this happens, we don't want to fail the build. (The
alternative is to declare all those dependencies
`provided`, but we'd rather not do that.) -->
<failOnMissingClasses>false</failOnMissingClasses>
<failOnViolation>false</failOnViolation>
<targetVersion>${version.jdk}</targetVersion>
</configuration>
<executions>
<execution>
<id>detect-forbidden-api-usage</id>
<goals>
<goal>check</goal>
<goal>testCheck</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>io.github.git-commit-id</groupId>
<artifactId>git-commit-id-maven-plugin</artifactId>
<version>6.0.0</version>
<configuration>
<injectAllReactorProjects>true</injectAllReactorProjects>
<runOnlyOnce>true</runOnlyOnce>
<skipPoms>false</skipPoms>
<dateFormat>yyyy-MM-dd'T'HH:mm:ssXXX</dateFormat>
</configuration>
<executions>
<execution>
<id>retrieve-git-info</id>
<goals>
<goal>revision</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.3.0</version>
<configuration>
<checkstyleRules>
<!-- We only enable rules that are not enforced by
Error Prone or automatically corrected through
application of google-java-format (GJF). -->
<module name="Checker">
<module name="RegexpMultiline">
<!-- GJF drops trailing horizontal
whitespace and blank lines preceding a
closing curly brace, but it does not remove
a blank line following an opening curly
brace. Here we disallow that specific case.
(The regular expression assumes that the
code has already been formatted using GJF.) -->
<property name="fileExtensions" value="java" />
<property name="format" value="\{\r?\n\r?\n" />
<property name="message" value="Avoid blank lines at the start of a block." />
</module>
<module name="SuppressWarningsFilter" />
<module name="TreeWalker">
<module name="AbbreviationAsWordInName" />
<module name="AnnotationUseStyle">
<!-- XXX: Right now this check doesn't
completely enforce the desired style.
See https://github.com/checkstyle/checkstyle/issues/4972;
we're looking for the proposed `compact
= ALWAYS` and `singleArrayCurlies =
NEVER` style. -->
</module>
<module name="AvoidEscapedUnicodeCharacters">
<property name="allowEscapesForControlCharacters" value="true" />
<property name="allowIfAllCharactersEscaped" value="true" />
<property name="allowNonPrintableEscapes" value="true" />
</module>
<module name="AvoidNoArgumentSuperConstructorCall" />
<module name="DeclarationOrder">
<!-- We don't enforce sorting fields by
their visibility modifier, for two
reasons:
- During (class) initialization
declaration order matters. Though the
plugin does not warn about fields
with obvious dependencies, its
dependency analysis is necessarily
incomplete; NPEs may result if some
of its advice is followed.
- Sometimes a field is annotated
`@VisibleForTesting`. It may then be
preferable not to reorder. The plugin
does not currently respect this
annotation.
Note that as-is this check also doesn't
enforce that static fields are before
instance fields. See
https://github.com/checkstyle/checkstyle/issues/7043. -->
<property name="ignoreModifiers" value="true" />
</module>
<module name="DefaultComesLast" />
<module name="DesignForExtension" />
<module name="EmptyBlock">
<property name="option" value="text" />
</module>
<module name="EmptyCatchBlock">
<property name="exceptionVariableName" value="ignored" />
</module>
<module name="EmptyLineSeparator">
<!-- XXX: Google Java Format doesn't
enforce an empty line before method
declarations with Javadoc. This rule
flags those cases. For technical
reasons this entails inspecting not
just `METHOD_DEF` tokens. See
https://github.com/google/google-java-format/issues/399. -->
<property name="tokens" value="CLASS_DEF, CTOR_DEF, ENUM_DEF, INSTANCE_INIT, INTERFACE_DEF, METHOD_DEF, STATIC_INIT" />
</module>
<module name="EmptyStatement" />
<module name="FinalClass" />
<module name="HiddenField">
<property name="ignoreConstructorParameter" value="true" />
<property name="ignoreSetter" value="true" />
<property name="setterCanReturnItsClass" value="true" />
</module>
<module name="IllegalIdentifierName" />
<module name="IllegalImport">
<property name="illegalClasses" value="com.google.auto.common.MoreStreams">
<!-- Instead, please use Guava's
`java.util.stream.Collector`s. -->
</property>
<property name="illegalClasses" value="com.mongodb.lang.Nullable">
<!-- Instead, please use
`org.jspecify.annotations.Nullable`. -->
</property>
<property name="illegalClasses" value="io.micrometer.core.lang.Nullable">
<!-- Instead, please use
`org.jspecify.annotations.Nullable`. -->
</property>
<property name="illegalClasses" value="javax.annotation.Nullable">
<!-- Instead, please use
`org.jspecify.annotations.Nullable`. -->
</property>
<property name="illegalClasses" value="javax.annotation.concurrent.Immutable">
<!-- Instead, please use
`com.google.errorprone.annotations.Immutable`. -->
</property>
<property name="illegalClasses" value="org.jetbrains.annotations.VisibleForTesting">
<!-- Instead, please use
`com.google.common.annotations.VisibleForTesting`. -->
</property>
<property name="illegalClasses" value="org.springframework.context.annotation.ComponentScan">
<!-- Instead, please explicitly
`@Import` the components. -->
</property>
<property name="illegalClasses" value="org.springframework.lang.Nullable">
<!-- Instead, please use
`org.jspecify.annotations.Nullable`. -->
</property>
<property name="illegalPkgs" value="com.amazonaws.annotation" />
<property name="illegalPkgs" value="com.beust.jcommander.internal" />
<property name="illegalPkgs" value="com.google.api.client.repackaged" />
<property name="illegalPkgs" value="com.google.common.cache">
<!-- Instead, please use Caffeine. -->
</property>
<property name="illegalPkgs" value="com.newrelic.agent.deps" />
<property name="illegalPkgs" value="com.tngtech.archunit.thirdparty" />
<property name="illegalPkgs" value="jdk" />
<property name="illegalPkgs" value="jersey.repackaged" />
<property name="illegalPkgs" value="nl.jqno.equalsverifier.internal" />
<property name="illegalPkgs" value="org.apache.commons.lang3">
<!-- Instead, please use Guava or a
custom helper method. -->
</property>
<property name="illegalPkgs" value="org.immutables.value.internal" />
<property name="illegalPkgs" value="org.jongo.marshall.jackson.oid">
<!-- Instead, please use Jackson's
`@JsonProperty` annotation. -->
</property>
<property name="illegalPkgs" value="org.mutabilitydetector.internal" />
<property name="illegalPkgs" value="org.testcontainers.shaded" />
<property name="illegalPkgs" value="org.testng.internal" />
</module>
<module name="IllegalImport">
<!-- XXX: This config uses
regexes so as to disallow static
imports. Once `illegalClasses`
disallows static imports by default,
this config can be merged into the one
above. See
https://github.com/checkstyle/checkstyle/issues/4954. -->
<property name="illegalClasses" value="com\.google\.api\.client\.util\.Preconditions(\..*?)?">
<!-- Instead, please use
`com.google.common.base.Preconditions`. -->
</property>
<property name="illegalClasses" value="com\.nimbusds\.jose\.util\.StandardCharset(\..*?)?">
<!-- Instead, please use
`java.nio.charset.StandardCharsets`. -->
</property>
<property name="illegalClasses" value="javax\.xml\.bind\.DatatypeConverter(\..*?)?" />
<property name="illegalClasses" value="org\.assertj\.core\.util\.Preconditions(\..*?)?">
<!-- Instead, please use
`com.google.common.base.Preconditions`. -->
</property>
<property name="illegalClasses" value="org\.assertj\.core\.util\.Streams(\..*?)?">
<!-- Instead, please use
`com.google.common.collect.Streams`. -->
</property>
<property name="illegalClasses" value="org\.springframework\.stereotype\.(Component|Controller|Service)">
<!-- We don't use Spring's
component scanning, so `@Component`
and `@Service` have no effect.
Instead of `@Controller` use
`@RestController`. -->
</property>
<property name="illegalClasses" value="org\.springframework\.util\.Assert(\..*?)?">
<!-- Instead, please use
`com.google.common.base.Preconditions`. -->
</property>
<property name="illegalClasses" value="org\.testng\.AssertJUnit(\..*?)?">
<!-- Instead, please use
`org.assertj.core.api.Assertions`. -->
</property>
<property name="regexp" value="true" />
</module>
<module name="IllegalCatch" />
<module name="IllegalThrows" />
<module name="InnerAssignment" />
<module name="InvalidJavadocPosition" />
<module name="JavadocBlockTagLocation" />
<module name="JavadocStyle">
<property name="checkEmptyJavadoc" value="true" />
</module>
<module name="LocalVariableName" />
<module name="MatchXpath">
<property name="query" value="//BLOCK_COMMENT_BEGIN[./COMMENT_CONTENT[contains(@text, '@author')]]" />
<message key="matchxpath.match" value="Avoid the `@author` Javadoc tag; Git history suffices." />
</module>
<module name="MissingDeprecated" />
<module name="MutableException" />
<module name="NeedBraces" />
<module name="NoClone" />
<module name="NoCodeInFile" />
<module name="NoEnumTrailingComma" />
<module name="NoFinalizer" />
<module name="PackageDeclaration" />
<module name="PackageName">
<property name="format" value="^[a-z]+(\.[a-z][a-z0-9]*)*$" />
</module>
<module name="ParameterAssignment" />
<module name="RedundantModifier" />
<module name="SimplifyBooleanExpression" />
<module name="SimplifyBooleanReturn" />
<module name="SuppressWarningsHolder">
<property name="aliasList" value="com.puppycrawl.tools.checkstyle.checks.coding.UnusedLocalVariableCheck=unused" />
</module>
<module name="TrailingComment" />
<module name="UnnecessarySemicolonAfterTypeMemberDeclaration" />
<module name="UnnecessarySemicolonInEnumeration" />
<module name="UnnecessarySemicolonInTryWithResources" />
<module name="UnusedImports">
<!-- Error-prone also detects these,
but (currently) doesn't warn about
JavaDoc-only imports. -->
</module>
<module name="VisibilityModifier" />
</module>
<module name="UniqueProperties" />
<module name="io.spring.nohttp.checkstyle.check.NoHttpCheck" />
</module>
</checkstyleRules>
<failOnViolation>false</failOnViolation>
<includeTestSourceDirectory>true</includeTestSourceDirectory>
<!-- The plugin's "excludes" property accepts an Ant
pattern, but does not match against the full path. So
rather than explicitly excluding generated sources, we
have to explicitly include "original" sources. -->
<sourceDirectories>
<sourceDirectory>${project.build.sourceDirectory}</sourceDirectory>
</sourceDirectories>
<testSourceDirectories>
<testSourceDirectory>${project.build.testSourceDirectory}</testSourceDirectory>
<!-- Refaster input and output test files represent
valid Java code, exposed as resources on the test
classpath. -->
<testSourceDirectory>${basedir}/src/test/resources</testSourceDirectory>
</testSourceDirectories>
</configuration>
<dependencies>
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<version>10.12.0</version>
</dependency>
<dependency>
<groupId>io.spring.nohttp</groupId>
<artifactId>nohttp-checkstyle</artifactId>
<version>0.0.11</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>run-checkstyle</id>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>3.2.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.10.1</version>
<configuration>
<!-- XXX: MCOMPILER-503: The plugin constructs a highly
unintuitive annotation processor classpath, in which
some indirect dependencies take precedence over
explicitly defined dependencies. This can largely be
mitigated through careful ordering of the dependencies,
but this prevents (where relevant) declaring these
dependencies as part of their corresponding Maven
profile. -->
<annotationProcessorPaths>
<path>
<groupId>${groupId.error-prone}</groupId>
<artifactId>error_prone_core</artifactId>
<version>${version.error-prone}</version>
</path>
<path>
<groupId>com.google.auto.value</groupId>
<artifactId>auto-value</artifactId>
<version>${version.auto-value}</version>
</path>
<path>
<groupId>com.google.auto.service</groupId>
<artifactId>auto-service</artifactId>
<version>${version.auto-service}</version>
</path>
<path>
<groupId>com.google.guava</groupId>
<artifactId>guava-beta-checker</artifactId>
<version>${version.guava-beta-checker}</version>
</path>
<path>
<groupId>com.jakewharton.nopen</groupId>
<artifactId>nopen-checker</artifactId>
<version>${version.nopen-checker}</version>
</path>
<path>
<groupId>com.uber.nullaway</groupId>
<artifactId>nullaway</artifactId>
<version>${version.nullaway}</version>
</path>
<path>
<groupId>jp.skypencil.errorprone.slf4j</groupId>
<artifactId>errorprone-slf4j</artifactId>
<version>${version.error-prone-slf4j}</version>
</path>
<path>
<groupId>org.mockito</groupId>
<artifactId>mockito-errorprone</artifactId>
<version>${version.mockito}</version>
</path>
</annotationProcessorPaths>
<compilerArgs>
<arg>--add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED</arg>
<arg>--add-exports=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED</arg>
<arg>--add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED</arg>
<arg>--add-exports=jdk.compiler/com.sun.tools.javac.main=ALL-UNNAMED</arg>
<arg>--add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED</arg>
<arg>--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED</arg>
<arg>--add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED</arg>
<arg>-Xmaxerrs</arg>
<arg>10000</arg>
<arg>-Xmaxwarns</arg>
<arg>10000</arg>
</compilerArgs>
<parameters>true</parameters>
<source>${version.jdk}</source>
<target>${version.jdk}</target>
<!-- Erroneously inverted logic... for details, see
https://issues.apache.org/jira/browse/MCOMPILER-209. -->
<useIncrementalCompilation>false</useIncrementalCompilation>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>3.6.0</version>
<configuration>
<!-- XXX: Drop `ignoreAllNonTestScoped` once
https://issues.apache.org/jira/browse/MNG-6058 is
resolved. (See
https://issues.apache.org/jira/browse/MDEP-791 for
context.) -->
<ignoreAllNonTestScoped>true</ignoreAllNonTestScoped>
<ignoreDirect>false</ignoreDirect>
<ignoreNonCompile>true</ignoreNonCompile>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>3.1.1</version>
<configuration>
<retryFailedDeploymentCount>3</retryFailedDeploymentCount>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.3.0</version>
<configuration>
<fail>false</fail>
<rules>
<banCircularDependencies />
<banDependencyManagementScope />
<banDuplicateClasses>
<dependencies>
<dependency>
<groupId>io.github.eisop</groupId>
<artifactId>dataflow-errorprone</artifactId>
<!-- This package is contained in
Checker Framework's `checker-qual` and
`dataflow-errorprone` modules. Error
Prone requires the latter, while Guava
pulls in the former. Since the package
contains mostly annotations, this is
not expected to cause trouble in
practice. -->
<ignoreClasses>
<ignoreClass>org.checkerframework.dataflow.qual.*</ignoreClass>
</ignoreClasses>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<!-- Spring AOP redistributes the AOP
Alliance interfaces of the
`aopalliance:aopalliance` artifact. See
https://jira.spring.io/browse/SPR-13984. -->
<ignoreClasses>
<ignoreClass>org.aopalliance.*</ignoreClass>
</ignoreClasses>
</dependency>
</dependencies>
<findAllDuplicates>true</findAllDuplicates>
</banDuplicateClasses>
<banDuplicatePomDependencyVersions />
<banDynamicVersions>
<!-- XXX: Drop this once the `ignores` section
below works as expected. -->
<allowSnapshots>true</allowSnapshots>
<!-- XXX: It shouldn't be necessary to specify
an empty `excludedScopes` parameter, but
without this an NPE results. See
https://issues.apache.org/jira/browse/MENFORCER-481. -->
<excludedScopes />
<!-- XXX: This doesn't work. See
https://issues.apache.org/jira/browse/MENFORCER-480.
<ignores>
<ignore>${project.groupId}</ignore>
</ignores> -->
</banDynamicVersions>
<dependencyConvergence />
<enforceBytecodeVersion>
<maxJdkVersion>${version.jdk}</maxJdkVersion>
</enforceBytecodeVersion>
<requireEncoding>
<acceptAsciiSubset>true</acceptAsciiSubset>
<encoding>ISO-8859-1</encoding>
<includes>src/main/resources/**/*.properties,src/test/resources/**/*.properties</includes>
</requireEncoding>
<requireJavaVersion>
<version>${version.jdk}</version>
</requireJavaVersion>
<requireMavenVersion>
<version>${version.maven}</version>
</requireMavenVersion>
<requireNoRepositories />
<requirePluginVersions />
<requireUpperBoundDeps>
<excludes>
<!-- XXX:
`com.google.errorprone:error_prone_test_helpers`
pulls in a more recent version of Truth
than
`com.google.testing.compile:compile-testing`,
but the latter is incompatible with said
never version. -->
<exclude>com.google.truth:truth</exclude>
</excludes>
</requireUpperBoundDeps>
</rules>
</configuration>
<dependencies>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>extra-enforcer-rules</artifactId>
<version>1.7.0</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>apply-enforcement-rules</id>
<goals>
<goal>enforce</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>sign-artifacts</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<version>3.1.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.3.0</version>
<configuration>
<skipIfEmpty>true</skipIfEmpty>
<archive>
<manifest>
<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
</manifest>
<manifestEntries>
<Implementation-Title>${project.name}</Implementation-Title>
<Implementation-Vendor>${project.organization.name}</Implementation-Vendor>
<Implementation-Version>${project.version}.${build.number}.${git.commit.id}</Implementation-Version>
<Rookout-Repository>${project.scm.url}</Rookout-Repository>
<Rookout-Revision>${git.commit.id}</Rookout-Revision>
</manifestEntries>
</archive>
</configuration>
<executions>
<execution>
<id>create-test-jar</id>
<goals>
<goal>test-jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.5.0</version>
<configuration>
<additionalJOptions>
<additionalJOption>--add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED</additionalJOption>
<additionalJOption>--add-exports=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED</additionalJOption>
<additionalJOption>--add-exports=jdk.compiler/com.sun.tools.javac.main=ALL-UNNAMED</additionalJOption>
<additionalJOption>--add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED</additionalJOption>
<additionalJOption>--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED</additionalJOption>
<additionalJOption>--add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED</additionalJOption>
</additionalJOptions>
<!-- All relevant doclint checks are performed during
the compilation phase; no need to recheck during
Javadoc generation. -->
<doclint>none</doclint>
<source>${version.jdk}</source>
</configuration>
<executions>
<execution>
<id>generate-javadoc-jar</id>
<goals>
<goal>jar</goal>
</goals>
<phase>verify</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>3.0.1</version>
<configuration>
<autoVersionSubmodules>true</autoVersionSubmodules>
<preparationProfiles>release</preparationProfiles>
<releaseProfiles>release</releaseProfiles>
<tagNameFormat>v@{project.version}</tagNameFormat>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>3.3.1</version>
<configuration>
<delimiters>
<delimiter>@</delimiter>
</delimiters>
<propertiesEncoding>ISO-8859-1</propertiesEncoding>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<version>3.12.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.3.0</version>
<executions>
<execution>
<id>generate-source-jar</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
<phase>verify</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>${version.surefire}</version>
<configuration>
<includes>
<include>**/*Test.java</include>
</includes>
<properties>
<configurationParameters>junit.jupiter.execution.parallel.enabled=true
junit.jupiter.execution.parallel.mode.default=concurrent</configurationParameters>
</properties>
<redirectTestOutputToFile>true</redirectTestOutputToFile>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>build-helper-maven-plugin</artifactId>
<version>3.4.0</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>license-maven-plugin</artifactId>
<version>2.1.0</version>
<configuration>
<includedLicenses>
<!-- The SPDX IDs of licenses of third-party
software that may be bundled as part of
non-distributed (i.e. Picnic-internal) deployable
artifacts (i.e. web services). -->
<includedLicense>Apache-2.0</includedLicense>
<includedLicense>BSD-3-Clause</includedLicense>
<includedLicense>CC0-1.0</includedLicense>
<includedLicense>CDDL-1.1</includedLicense>
<includedLicense>EPL-1.0</includedLicense>
<includedLicense>EPL-2.0</includedLicense>
<includedLicense>GPL-2.0-with-classpath-exception</includedLicense>
<includedLicense>LGPL-3.0+</includedLicense>
<includedLicense>MIT</includedLicense>
<includedLicense>MIT-0</includedLicense>
<includedLicense>Public Domain</includedLicense>
</includedLicenses>
<licenseMerges>
<!-- License aliases. Each section corresponds to a
single license; where applicable the license's SPDX
ID is listed first; the aliases that follow are (or
were) declared by one or more third-party
dependencies. -->
<licenseMerge>
<!-- -->
Apache-2.0
| Apache 2
| Apache 2.0
| Apache License 2.0
| Apache License, Version 2.0
| The Apache License, Version 2.0
| The Apache Software License, Version 2.0
</licenseMerge>
<licenseMerge>
<!-- -->
BSD-3-Clause
| 3-Clause BSD License
| BSD 3-clause
| BSD License 3
| Eclipse Distribution License (New BSD License)
| New BSD License
</licenseMerge>
<licenseMerge>
<!-- -->
CC0-1.0
| CC0
</licenseMerge>
<licenseMerge>
<!-- -->
CDDL-1.1
| CDDL 1.1
| Dual license consisting of the CDDL v1.1 and GPL v2
</licenseMerge>
<licenseMerge>
<!-- -->
EPL-1.0
| Eclipse Public License 1.0
| Eclipse Public License - v 1.0
</licenseMerge>
<licenseMerge>
<!-- -->
EPL-2.0
| Eclipse Public License - v 2.0
| Eclipse Public License v2.0
</licenseMerge>
<licenseMerge>
<!-- -->
GPL-2.0-with-classpath-exception
| CDDL/GPLv2+CE
| GNU General Public License, version 2 (GPL2), with the classpath exception
| GNU General Public License, version 2, with the Classpath Exception
| GPL2 w/ CPE
</licenseMerge>
<licenseMerge>
<!-- -->
LGPL-3.0+
| GNU Lesser Public License
</licenseMerge>
<licenseMerge>
<!-- -->
MIT
| MIT license
| MIT License
| The MIT License
</licenseMerge>
</licenseMerges>
<!-- Nearly no projects ship a "missing third party
licenses" file. Since the operation of attempting to
retrieve these files is very slow, we have decided to
disable this functionality at this time. -->
<useRepositoryMissingFiles>false</useRepositoryMissingFiles>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>tidy-maven-plugin</artifactId>
<version>1.2.0</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.16.0</version>
<configuration>
<updateBuildOutputTimestampPolicy>never</updateBuildOutputTimestampPolicy>
</configuration>
</plugin>
<plugin>
<groupId>org.gaul</groupId>
<artifactId>modernizer-maven-plugin</artifactId>
<version>2.6.0</version>
<configuration>
<exclusionPatterns>
<!-- The plugin suggests replacing usages of
Guava's `Iterables` class with
`java.util.stream.Stream` equivalents, but the
alternative is often more verbose, requiring
unnecessary conversions to and from streams. -->
<exclusionPattern>com/google/common/collect/Iterables\..*</exclusionPattern>
</exclusionPatterns>
<failOnViolations>false</failOnViolations>
<ignorePackages>
<!-- Some Refaster rules purposefully use outdated
patterns in their `@BeforeTemplate` methods. -->
<ignorePackage>tech.picnic.errorprone.refasterrules</ignorePackage>
</ignorePackages>
<javaVersion>${version.jdk}</javaVersion>
</configuration>
<executions>
<execution>
<id>run-modernizer</id>
<goals>
<goal>modernizer</goal>
</goals>
<phase>process-test-classes</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.10</version>
<configuration>
<excludes>
<!-- Refaster rules are tested using a custom method
that does not cause code coverage to be registered. -->
<exclude>${refaster-rules.path-pattern}</exclude>
</excludes>
</configuration>
</plugin>
<plugin>
<groupId>org.pitest</groupId>
<artifactId>pitest-maven</artifactId>
<version>1.14.1</version>
<configuration>
<excludedClasses>
<!-- AutoValue generated classes. -->
<excludedClass>*.AutoValue_*</excludedClass>
<!-- Refaster rule collections. -->
<excludedClass>*.refaster*.*Rules*</excludedClass>
</excludedClasses>
<failWhenNoMutations>false</failWhenNoMutations>
<mutators>
<mutator>EXTENDED</mutator>
<mutator>STRONGER</mutator>
</mutators>
<!-- Use multiple threads to speed things up. Extend
timeouts to prevent false positives as a result of
contention. -->
<threads>4</threads>
<timeoutFactor>4</timeoutFactor>
<timestampedReports>false</timestampedReports>
</configuration>
<dependencies>
<dependency>
<groupId>com.groupcdg</groupId>
<artifactId>pitest-git-plugin</artifactId>
<version>${version.pitest-git}</version>
</dependency>
<dependency>
<groupId>com.groupcdg.arcmutate</groupId>
<artifactId>base</artifactId>
<version>1.0.5</version>
</dependency>
<dependency>
<groupId>com.groupcdg.pitest</groupId>
<artifactId>pitest-accelerator-junit5</artifactId>
<version>1.0.5</version>
</dependency>
<dependency>
<groupId>org.pitest</groupId>
<artifactId>pitest-junit5-plugin</artifactId>
<version>1.2.0</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>compute-mutation-coverage</id>
<goals>
<goal>mutationCoverage</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.9.1.2184</version>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>io.github.git-commit-id</groupId>
<artifactId>git-commit-id-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>error-prone-fork</id>
<properties>
<groupId.error-prone>com.github.PicnicSupermarket.error-prone</groupId.error-prone>
<version.error-prone>${version.error-prone-fork}</version.error-prone>
</properties>
<dependencyManagement>
<!-- Even when we directly depend on the Picnic Error Prone
fork, some other dependencies depend on the official (i.e.,
non-forked) `error_prone_annotations`. Here we fix which
version is pulled in. -->
<dependencies>
<dependency>
<groupId>com.google.errorprone</groupId>
<artifactId>error_prone_annotations</artifactId>
<version>${version.error-prone-orig}</version>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<configuration>
<rules>
<banDuplicateClasses>
<!-- The original
`error_prone_annotations` dependency
contains the same classes as those
provided by the corresponding Picnic
Error Prone fork artifact. -->
<dependencies combine.children="append">
<dependency>
<groupId>com.google.errorprone</groupId>
<artifactId>error_prone_annotations</artifactId>
<ignoreClasses>
<ignoreClass>*</ignoreClass>
</ignoreClasses>
</dependency>
</dependencies>
</banDuplicateClasses>
</rules>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<systemPropertyVariables>
<!-- Property used by `ErrorProneForkTest`
to verify fork identification. -->
<error-prone-fork-in-use>true</error-prone-fork-in-use>
</systemPropertyVariables>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</profile>
<profile>
<!-- Error Prone checks that are not available from Maven Central;
these are therefore not enabled by default. -->
<id>non-maven-central</id>
<properties>
<version.reactor-error-prone>0.1.4</version.reactor-error-prone>
</properties>
<dependencyManagement>
<!-- Specified as a workaround for
https://github.com/mojohaus/versions-maven-plugin/issues/244. -->
<dependencies>
<dependency>
<groupId>com.github.lhotari</groupId>
<artifactId>reactor-error-prone</artifactId>
<version>${version.reactor-error-prone}</version>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<annotationProcessorPaths combine.children="append">
<path>
<groupId>com.github.lhotari</groupId>
<artifactId>reactor-error-prone</artifactId>
<version>${version.reactor-error-prone}</version>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<!-- Applies the Error Prone checks defined by this project to the
code base itself. Assumes that a prior build has already installed
the project in the local Maven repository. -->
<id>self-check</id>
<properties>
<!-- XXX: `MethodReferenceUsage` is an extremely expensive
check due to its use of `SuggestedFixes.compilesWithFix`. Maybe
we should drop it altogether? -->
<!-- XXX: Find a way to assert that test code (both inline
`BugChecker` test code and the Refaster test files) does not
exhibit anti-patterns other than those associated with the
check/rule under test. Ideally all test cases are realistic. -->
<error-prone.self-check-args>-XepAllSuggestionsAsWarnings -Xep:MethodReferenceUsage:OFF</error-prone.self-check-args>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<annotationProcessorPaths combine.children="append">
<path>
<groupId>${project.groupId}</groupId>
<artifactId>error-prone-contrib</artifactId>
<version>${project.version}</version>
</path>
<path>
<groupId>${project.groupId}</groupId>
<artifactId>refaster-runner</artifactId>
<version>${project.version}</version>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<!-- By default, we verify various aspects of a module and the
artifact(s) it produces. We define these checks in a profile so
that they can be disabled during development. See also the
`error-prone` profile defined below. -->
<id>build-checks</id>
<activation>
<property>
<name>!verification.skip</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>com.github.ekryd.sortpom</groupId>
<artifactId>sortpom-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>com.spotify.fmt</groupId>
<artifactId>fmt-maven-plugin</artifactId>
<executions>
<execution>
<id>check-source-format</id>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>de.thetaphi</groupId>
<artifactId>forbiddenapis</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<compilerArgs combine.children="append">
<!-- We first enable all doclint checks and
then selectively disable a subset below. -->
<arg>-Xdoclint:all</arg>
<!-- We don't care about missing Javadoc
on non-public classes and members. -->
<arg>-Xdoclint:-missing/package</arg>
<!-- We first enable all lint checks and then
selectively disable a subset below. -->
<arg>-Xlint:all</arg>
<!-- The annotation processors do not handle
all annotations present on the classpath, and
javac complains about this. See
https://bugs.openjdk.java.net/browse/JDK-6999068. -->
<arg>-Xlint:-processing</arg>
</compilerArgs>
<showWarnings>true</showWarnings>
</configuration>
<executions>
<execution>
<id>default-testCompile</id>
<goals>
<goal>testCompile</goal>
</goals>
<phase>test-compile</phase>
<configuration>
<compilerArgs combine.children="append">
<!-- Test code doesn't require Javadoc. -->
<arg>-Xdoclint:-missing</arg>
</compilerArgs>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>analyze-dependencies</id>
<goals>
<goal>analyze-dep-mgt</goal>
<goal>analyze-duplicate</goal>
<goal>analyze-only</goal>
</goals>
<phase>process-test-classes</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>license-maven-plugin</artifactId>
<executions>
<execution>
<id>check-third-party-licenses</id>
<goals>
<goal>add-third-party</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.gaul</groupId>
<artifactId>modernizer-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
<profile>
<!-- An extension of the `build-checks` profile that configures
Error Prone. This configuration is defined in a separate profile so
that it can be combined with the `patch` profile below, without
introducing the overhead of other build checks. -->
<id>error-prone</id>
<activation>
<property>
<name>!verification.skip</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<compilerArgs combine.children="append">
<!-- Enable and configure Error Prone. -->
<arg>
-Xplugin:ErrorProne
<!-- We use a separate Maven profile to
raise all warnings as errors. This way one
can optionally collect all warnings without
failing the build on the first error
encountered. -->
-XepAllErrorsAsWarnings
<!-- Some generated classes violate Error
Prone bug patterns. We cannot in all cases
avoid that, so we simply tell Error Prone
not to warn about generated code. -->
-XepDisableWarningsInGeneratedCode
<!-- We want to enable almost all Error
Prone bug pattern checkers, so we enable
all and then selectively deactivate some. -->
-XepAllDisabledChecksAsWarnings
<!-- We don't target Android. -->
-Xep:AndroidJdkLibsChecker:OFF
<!-- XXX: Enable this once we open-source
this library. -->
-Xep:BetaApi:OFF
<!-- We don't target JDK 7. -->
-Xep:Java7ApiChecker:OFF
<!-- We don't target JDK 8. -->
-Xep:Java8ApiChecker:OFF
<!-- XXX: Triggers an IOOBE. See
https://github.com/google/error-prone/pull/3976. -->
-Xep:MemberName:OFF
<!-- We don't target Android. -->
-Xep:StaticOrDefaultInterfaceMethod:OFF
<!-- We generally discourage `var` use. -->
-Xep:Varifier:OFF
<!-- Yoda conditions are not always more
readable than the alternative. -->
-Xep:YodaCondition:OFF
-XepOpt:CheckReturnValue:CheckAllConstructors=true
<!-- XXX: Enable once there are fewer
false-positives.
-XepOpt:CheckReturnValue:CheckAllMethods=true -->
-XepOpt:InlineMe:SkipInliningsWithComments=false
-XepOpt:NullAway:AnnotatedPackages=tech.picnic
-XepOpt:NullAway:AssertsEnabled=true
-XepOpt:NullAway:CheckOptionalEmptiness=true
-XepOpt:Nullness:Conservative=false
-XepOpt:StatementSwitchToExpressionSwitch:EnableAssignmentSwitchConversion=true
-XepOpt:StatementSwitchToExpressionSwitch:EnableReturnSwitchConversion=true
<!-- XXX: Enable once this check respects
the compilation source version. See
https://github.com/google/error-prone/pull/3646.
-XepOpt:StatementSwitchToExpressionSwitch:EnableDirectConversion=true -->
<!-- Append additional custom arguments. -->
${error-prone.patch-args}
${error-prone.self-check-args}
</arg>
<!-- The Error Prone plugin makes certain
assumptions about the state of the AST at the
moment it is invoked. Those assumptions are met
when using the `simple` compile policy. This
flag may be dropped after resolution of
https://bugs.openjdk.java.net/browse/JDK-8155674. -->
<arg>-XDcompilePolicy=simple</arg>
</compilerArgs>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<!-- If combined with the `error-prone` profile above, this profile
configures Error Prone to try and automatically fix (rather than
merely flag) bug pattern violations in the source code. -->
<id>patch</id>
<activation>
<property>
<name>error-prone.patch-checks</name>
</property>
</activation>
<properties>
<error-prone.patch-args>-XepPatchChecks:${error-prone.patch-checks} -XepPatchLocation:IN_PLACE</error-prone.patch-args>
</properties>
</profile>
<profile>
<!-- The `build-checks` and `error-prone` profiles enable a bunch
of additional compile checks. By default, those warnings break the
build. This profile allows one to collect all build warnings
without failing the build. -->
<id>disallow-warnings</id>
<activation>
<property>
<name>!verification.warn</name>
</property>
</activation>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>com.github.ekryd.sortpom</groupId>
<artifactId>sortpom-maven-plugin</artifactId>
<configuration>
<verifyFail>stop</verifyFail>
</configuration>
</plugin>
<plugin>
<groupId>com.spotify.fmt</groupId>
<artifactId>fmt-maven-plugin</artifactId>
<configuration>
<failOnError>true</failOnError>
</configuration>
</plugin>
<plugin>
<groupId>de.thetaphi</groupId>
<artifactId>forbiddenapis</artifactId>
<configuration>
<failOnViolation>true</failOnViolation>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<configuration>
<failOnViolation>true</failOnViolation>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<compilerArgs combine.children="append">
<!-- When using a JDK other than the one
specified using `-source`, `javac` warns
that the bootstrap classpath will not be
set. We don't want to fail on that warning. -->
<arg>-Xlint:-options</arg>
</compilerArgs>
<failOnWarning>true</failOnWarning>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<configuration>
<failBuild>true</failBuild>
<failOnWarning>true</failOnWarning>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<configuration>
<fail>true</fail>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>license-maven-plugin</artifactId>
<configuration>
<failOnBlacklist>true</failOnBlacklist>
<failOnMissing>true</failOnMissing>
</configuration>
</plugin>
<plugin>
<groupId>org.gaul</groupId>
<artifactId>modernizer-maven-plugin</artifactId>
<configuration>
<failOnViolations>true</failOnViolations>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</profile>
<profile>
<id>sonar</id>
<properties>
<maven.test.failure.ignore>true</maven.test.failure.ignore>
</properties>
</profile>
<profile>
<id>third-party-license-tsv-export</id>
<activation>
<file>
<exists>${path.third-party-licenses-template}</exists>
</file>
</activation>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>license-maven-plugin</artifactId>
<configuration>
<fileTemplate>${path.third-party-licenses-template}</fileTemplate>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</profile>
<profile>
<id>version-number-rules</id>
<activation>
<file>
<exists>${path.version-number-rules}</exists>
</file>
</activation>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<configuration>
<rulesUri>file://${path.version-number-rules}</rulesUri>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</profile>
<profile>
<!-- This profile is auto-activated when performing a release. -->
<id>release</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
</plugin>
<!-- Lexicographically this plugin is listed out-of-order
because it must be executed after the
`maven-javadoc-plugin`; otherwise not all artifacts will be
signed. -->
<?SORTPOM IGNORE?>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
</plugin>
<?SORTPOM RESUME?>
</plugins>
</build>
</profile>
</profiles>
</project>
Open source consumption has exploded, with estimates placing this year’s downloads at over 6.6 trillion. This reliance on open source components, now making up to 90% of the modern software application, has ushered in both unprecedented innovation and complex challenges for software supply chains.
View the Report