This is an automated email from the ASF dual-hosted git repository.
sjaranowski pushed a commit to branch maven-3.9.x
in repository https://gitbox.apache.org/repos/asf/maven.git
The following commit(s) were added to refs/heads/maven-3.9.x by this push:
new 35755eea5f [MNG-8722] Use a single standalone version of asm
35755eea5f is described below
commit 35755eea5f507cf0b176e4c4ac7ad01f4704a7ce
Author: Slawomir Jaranowski <s.jaranow...@gmail.com>
AuthorDate: Sun May 4 22:11:33 2025 +0200
[MNG-8722] Use a single standalone version of asm
---
.../licenses/unrecognized-asm-9.8.txt | 29 ++++++++++++++++++++++
maven-core/pom.xml | 6 +++++
maven-embedder/pom.xml | 1 +
maven-model-builder/pom.xml | 6 +++++
maven-resolver-provider/pom.xml | 1 +
pom.xml | 22 ++++++++++++++--
6 files changed, 63 insertions(+), 2 deletions(-)
diff --git
a/apache-maven/src/main/appended-resources/licenses/unrecognized-asm-9.8.txt
b/apache-maven/src/main/appended-resources/licenses/unrecognized-asm-9.8.txt
new file mode 100644
index 0000000000..55761eddec
--- /dev/null
+++ b/apache-maven/src/main/appended-resources/licenses/unrecognized-asm-9.8.txt
@@ -0,0 +1,29 @@
+ASM is released under the following 3-Clause BSD License:
+
+ASM: a very small and fast Java bytecode manipulation framework
+Copyright (c) 2000-2011 INRIA, France Telecom
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+3. Neither the name of the copyright holders nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/maven-core/pom.xml b/maven-core/pom.xml
index 4a34b80e08..35142485b5 100644
--- a/maven-core/pom.xml
+++ b/maven-core/pom.xml
@@ -97,10 +97,16 @@ under the License.
<dependency>
<groupId>org.eclipse.sisu</groupId>
<artifactId>org.eclipse.sisu.inject</artifactId>
+ <classifier>no_asm</classifier>
+ </dependency>
+ <dependency>
+ <groupId>org.ow2.asm</groupId>
+ <artifactId>asm</artifactId>
</dependency>
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
+ <classifier>classes</classifier>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
diff --git a/maven-embedder/pom.xml b/maven-embedder/pom.xml
index a111716144..e010e154d5 100644
--- a/maven-embedder/pom.xml
+++ b/maven-embedder/pom.xml
@@ -75,6 +75,7 @@ under the License.
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
+ <classifier>classes</classifier>
<exclusions>
<!-- MNG-7068 Active dependency management for Google Guice / Google
Guava. Excludes of Guava are managed in parent POM -->
<exclusion>
diff --git a/maven-model-builder/pom.xml b/maven-model-builder/pom.xml
index 6aba40db1a..de2cb31e7d 100644
--- a/maven-model-builder/pom.xml
+++ b/maven-model-builder/pom.xml
@@ -55,6 +55,11 @@ under the License.
<dependency>
<groupId>org.eclipse.sisu</groupId>
<artifactId>org.eclipse.sisu.inject</artifactId>
+ <classifier>no_asm</classifier>
+ </dependency>
+ <dependency>
+ <groupId>org.ow2.asm</groupId>
+ <artifactId>asm</artifactId>
</dependency>
<dependency>
<groupId>org.eclipse.sisu</groupId>
@@ -65,6 +70,7 @@ under the License.
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
+ <classifier>classes</classifier>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/maven-resolver-provider/pom.xml b/maven-resolver-provider/pom.xml
index cde70dda83..dc84fa8b09 100644
--- a/maven-resolver-provider/pom.xml
+++ b/maven-resolver-provider/pom.xml
@@ -71,6 +71,7 @@ under the License.
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
+ <classifier>classes</classifier>
<optional>true</optional>
<exclusions>
<exclusion>
diff --git a/pom.xml b/pom.xml
index e6dd820789..ef1452638e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -126,6 +126,7 @@ under the License.
<properties>
<javaVersion>8</javaVersion>
<version.sisu-maven-plugin>0.9.0.M3</version.sisu-maven-plugin>
+ <asmVersion>9.8</asmVersion>
<classWorldsVersion>2.9.0</classWorldsVersion>
<commonsCliVersion>1.9.0</commonsCliVersion>
<commonsIoVersion>2.19.0</commonsIoVersion>
@@ -240,6 +241,7 @@ under the License.
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
<version>${guiceVersion}</version>
+ <classifier>classes</classifier>
<exclusions>
<exclusion>
<groupId>com.google.guava</groupId>
@@ -295,12 +297,23 @@ under the License.
<groupId>javax.enterprise</groupId>
<artifactId>cdi-api</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.eclipse.sisu</groupId>
+ <artifactId>org.eclipse.sisu.inject</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.sisu</groupId>
<artifactId>org.eclipse.sisu.inject</artifactId>
<version>${version.sisu-maven-plugin}</version>
+ <classifier>no_asm</classifier>
+ </dependency>
+ <dependency>
+ <groupId>org.ow2.asm</groupId>
+ <artifactId>asm</artifactId>
+ <version>${asmVersion}</version>
+ <scope>runtime</scope>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
@@ -691,7 +704,7 @@ under the License.
<artifactId>maven-enforcer-plugin</artifactId>
<executions>
<execution>
- <id>ensure-no-sonatype-cipher-and-sec-dispatcher</id>
+ <id>ensure-no-banned-dependencies</id>
<goals>
<goal>enforce</goal>
</goals>
@@ -702,8 +715,13 @@ under the License.
<excludes>
<exclude>org.sonatype.plexus:plexus-sec-dispatcher</exclude>
<exclude>org.sonatype.plexus:plexus-cipher</exclude>
+ <exclude>org.eclipse.sisu:org.eclipse.sisu.inject</exclude>
+ <exclude>com.google.inject:guice</exclude>
</excludes>
- <message>ensure no more org.sonatype.plexus:plexus-cipher
and org.sonatype.plexus:plexus-sec-dispatcher.</message>
+ <includes>
+
<include>org.eclipse.sisu:org.eclipse.sisu.inject:*:*:*:no_asm</include>
+ <include>com.google.inject:guice:*:*:*:classes</include>
+ </includes>
</bannedDependencies>
</rules>
<fail>true</fail>
