Skip to content

Commit

Permalink
Update pom.xml so it builds Java 7 bytecode instead of Java 8, which
Browse files Browse the repository at this point in the history 
was a mistake in the 1.6.6 release. Upgrade various plugins that
released new versions since the 1.6.6 release and add a few more
checks during the release process. This is the only change for the
1.6.6.1 release. The primary change being it allows Java 7 projects
to use AntiSamy, as long as they exclude the 2 dependencies we use
that require Java 8, and include the last Java 7 versions of those
dependencies.
  • Loading branch information
@davewichers
davewichers committed Apr 7, 2022
1 parent 99b1143 commit b6e76de
Showing 1 changed file with 111 additions and 71 deletions.
182 changes: 111 additions & 71 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<groupId>org.owasp.antisamy</groupId>
<artifactId>antisamy</artifactId>
<packaging>jar</packaging>
<version>1.6.6</version>
<version>1.6.6.1</version>
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
Expand Down Expand Up @@ -41,9 +41,11 @@
</scm>

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.build.outputTimestamp>2022-04-21T21:46:00Z</project.build.outputTimestamp>
<gpg.skip>true</gpg.skip><!-- by default skip gpg -->
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.build.outputTimestamp>2022-04-07T19:23:45Z</project.build.outputTimestamp>
<project.java.target>1.7</project.java.target>
<version.findsecbugs>1.12.0</version.findsecbugs>
<version.io>2.11.0</version.io>
<version.slf4j>1.7.36</version.slf4j>
<version.spotbugs.maven>4.6.0.0</version.spotbugs.maven>
Expand Down Expand Up @@ -219,18 +221,21 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>3.1.0</version>
<version>3.2.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.10.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<testSource>1.8</testSource>
<testTarget>1.8</testTarget>
<compilerArgument>-Xlint:unchecked</compilerArgument>
<source>${project.java.target}</source>
<target>${project.java.target}</target>
<testSource>${project.java.target}</testSource>
<testTarget>${project.java.target}</testTarget>
<compilerArgument>
<!-- Eventual desire is to use -Xlint:all -->
-Xlint:unchecked
</compilerArgument>
</configuration>
</plugin>
<plugin>
Expand All @@ -248,6 +253,11 @@
<artifactId>extra-enforcer-rules</artifactId>
<version>1.5.1</version>
</dependency>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>animal-sniffer-enforcer-rule</artifactId>
<version>1.21</version>
</dependency>
</dependencies>
<executions>
<execution>
Expand All @@ -274,12 +284,29 @@
<configuration>
<rules>
<requireJavaVersion>
<version>1.7</version>
<version>${project.java.target}</version>
<message>Antisamy source code is written to support Java 7+.</message>
</requireJavaVersion>
</rules>
</configuration>
</execution>
<execution>
<id>check-java7API-signatures</id>
<phase>compile</phase>
<goals><goal>enforce</goal></goals>
<configuration>
<rules>
<checkSignatureRule implementation="org.codehaus.mojo.animal_sniffer.enforcer.CheckSignatureRule">
<signature>
<groupId>org.codehaus.mojo.signature</groupId>
<!-- Check against Java 7 API -->
<artifactId>java17</artifactId>
<version>1.0</version>
</signature>
</checkSignatureRule>
</rules>
</configuration>
</execution>
</executions>
</plugin>
<plugin> <!-- This plugin is disabled by default. Invoke the release profile (-Prelease) to enable it. -->
Expand Down Expand Up @@ -325,6 +352,21 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jxr-plugin</artifactId>
<version>3.2.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.16.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-project-info-reports-plugin</artifactId>
<version>3.2.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
Expand All @@ -350,7 +392,12 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.0.0-M5</version>
<version>3.0.0-M6</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.10.0</version>
</plugin>
<plugin>
<groupId>org.cyclonedx</groupId>
Expand All @@ -366,7 +413,7 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.7</version>
<version>0.8.8</version>
<executions>
<execution>
<id>prepare-agent</id>
Expand Down Expand Up @@ -411,74 +458,56 @@
</dependencies>
</plugin>
<plugin>
<!-- Necessary on pmd 3.16.0 only due to leak of old asm, remove this after next pmd plugin release.
Delete this entire build plugin block in 3.16+ as maven-pmd-plugin is only needed in the reporting block. -->
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.16.0</version>
<dependencies>
<!-- Without this, 3.15.0+ causes lots of warning like: [WARNING] Could not find class org.owasp.validator.html.util.ErrorMessageUtil,
due to: java.lang.IncompatibleClassChangeError: class net.sourceforge.pmd.lang.java.typeresolution.visitors.PMDASMVisitor
has interface org.objectweb.asm.ClassVisitor as super class.
However, these warnings don't adversely affect the PMD results, so we are keeping this upgrade. -->
<dependency>
<groupId>org.ow2.asm</groupId>
<artifactId>asm</artifactId>
<version>9.2</version>
</dependency>
</dependencies>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>${version.findsecbugs}</version>
</plugin>

</plugins>
</build>

<reporting>
<!-- All plugins used here should first be declared in the <plugins> section above with their
versions, so the versions get reported in the plugins Updates report.
-->
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.10.0</version>
<reportSets>
<reportSet>
<reports>
<report>dependency-updates-report</report>
<report>plugin-updates-report</report>
<report>property-updates-report</report>
</reports>
</reportSet>
</reportSets>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<configuration>
<plugins>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>${version.findsecbugs}</version>
</plugin>
</plugins>
<effort>Max</effort>
<relaxed>false</relaxed>
<excludeFilterFile>src/test/spotbugsFilterFile.xml</excludeFilterFile>
</configuration>
</plugin>

<plugin>
<!-- This causes the Jacoco report generated during test to be added to the Project
Reports section of the 'site' report. -->
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<reportSets>
<reportSet>
<reports><report>report</report></reports>
</reportSet>
</reportSets>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<artifactId>maven-jxr-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<configuration>
<targetJdk>1.7</targetJdk>
<targetJdk>${project.java.target}</targetJdk>
<sourceEncoding>utf-8</sourceEncoding>
<!-- excludeFromFailureFile>exclude-pmd.properties</excludeFromFailureFile -->
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jxr-plugin</artifactId>
<version>3.2.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-project-info-reports-plugin</artifactId>
<version>3.2.2</version>
<reportSets>
<reportSet>
<reports>
Expand All @@ -491,22 +520,33 @@
<dependencyLocationsEnabled>false</dependencyLocationsEnabled>
</configuration>
</plugin>

<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<configuration>
<plugins>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>1.11.0</version>
</plugin>
</plugins>
<effort>Max</effort>
<relaxed>false</relaxed>
<excludeFilterFile>src/test/spotbugsFilterFile.xml</excludeFilterFile>
</configuration>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<reportSets>
<reportSet>
<reports>
<report>dependency-updates-report</report>
<report>plugin-updates-report</report>
<report>property-updates-report</report>
</reports>
</reportSet>
</reportSets>
</plugin>
<plugin>
<!-- This causes the Jacoco report generated during test to be added to the Project
Reports section of the 'site' report. -->
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<reportSets>
<reportSet>
<reports><report>report</report></reports>
</reportSet>
</reportSets>
</plugin>

</plugins>
</reporting>

</project>

0 comments on commit b6e76de

Please sign in to comment.