[ 
https://issues.apache.org/jira/browse/RAT-309?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17578171#comment-17578171
 ] 

Gary D. Gregory commented on RAT-309:
-------------------------------------

[~michael-o] 

Thanks Michael!

Here is what I did to validate that the PR works for the Apache Commons Parent 
use case:
 * Cloned the RAT repo
 * Applied PR 78 as a patch
 * Ran maven to 'clean install' version 0.15-SNAPSHOT locally
 * Updated my local repo for Apache Commons Parent from RAT 0.14 to 
0.15-SNAPSHOT
 * Run my use case: `mvn clean install site`
 * The build ran all the way through

The only unusual output I saw was while building RAT itself:
{noformat}
[INFO] --- maven-plugin-plugin:3.6.4:descriptor (default-descriptor) @ 
apache-rat-plugin ---
[ERROR]

Some dependencies of Maven Plugins are expected to be in provided scope.
Please make sure that dependencies listed below declared in POM
have set '<scope>provided</scope>' as well.

The following dependencies are in wrong scope:
 * org.apache.maven:maven-artifact:jar:2.2.1:compile
 * org.apache.maven:maven-artifact-manager:jar:2.2.1:compile
 * org.apache.maven:maven-repository-metadata:jar:2.2.1:compile
 * org.apache.maven:maven-model:jar:2.2.1:compile
 * org.apache.maven:maven-project:jar:2.2.1:compile
 * org.apache.maven:maven-profile:jar:2.2.1:compile
 * org.apache.maven:maven-plugin-registry:jar:2.2.1:compile



[INFO] Using 'UTF-8' encoding to read mojo source files.
[INFO] java-javadoc mojo extractor found 0 mojo descriptor.
[INFO] bsh mojo extractor found 0 mojo descriptor.
[INFO] ant mojo extractor found 0 mojo descriptor.
[INFO] java-annotations mojo extractor found 3 mojo descriptors.
[INFO]
[INFO] --- animal-sniffer-maven-plugin:1.21:check (check-java-1.8-compat) @ 
apache-rat-plugin ---
[INFO] Checking unresolved references to org.codehaus.mojo.signature:java18:1.0
[INFO]
[INFO] --- maven-plugin-plugin:3.6.4:descriptor (mojo-descriptor) @ 
apache-rat-plugin ---
[ERROR]

Some dependencies of Maven Plugins are expected to be in provided scope.
Please make sure that dependencies listed below declared in POM
have set '<scope>provided</scope>' as well.

The following dependencies are in wrong scope:
 * org.apache.maven:maven-artifact:jar:2.2.1:compile
 * org.apache.maven:maven-artifact-manager:jar:2.2.1:compile
 * org.apache.maven:maven-repository-metadata:jar:2.2.1:compile
 * org.apache.maven:maven-model:jar:2.2.1:compile
 * org.apache.maven:maven-project:jar:2.2.1:compile
 * org.apache.maven:maven-profile:jar:2.2.1:compile
 * org.apache.maven:maven-plugin-registry:jar:2.2.1:compile
{noformat}

> Upgrade Maven Reporting API to 3.1.1/Complete with Maven Reporting Impl 3.2.0
> -----------------------------------------------------------------------------
>
>                 Key: RAT-309
>                 URL: https://issues.apache.org/jira/browse/RAT-309
>             Project: Apache Rat
>          Issue Type: Bug
>    Affects Versions: 0.14
>            Reporter: Michael Osipov
>            Assignee: Philipp Ottlinger
>            Priority: Major
>             Fix For: 0.15
>
>
> This is basically a copy of MJAVADOC-723.
> It was discovered in RAT while verifying RAT-200 after 0.14 was released.
> [~michael-o] can you provide a bit more context? Does the problem have 
> security implications apart from breaking the generation of maven-sites? 
> Thanks



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to