maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Delany <delany.middle...@gmail.com>
Subject 3.8.2 transitive dependency insecure repo
Date Sat, 14 Aug 2021 07:25:47 GMT
The new org.apache.maven:maven-core:3.8.2 has a transitive dependency
org.jboss.weld:weld-parent:pom:6, but its source repository is
http://repository.jboss.org/maven2

When I run flatten-plugin with <flattenDependencyMode> set to "all", it
fails to resolve.

[ERROR] Failed to execute goal
org.codehaus.mojo:flatten-maven-plugin:1.2.7:flatten (default-cli) on
project dummy: failed to create a clean pom: unable to create flattened
dependencies: caught exception when flattening dependencies: Failed to read
artifact descriptor for javax.enterprise:cdi-api::1.0: Could not transfer
artifact org.jboss.weld:weld-parent:pom:6 from/to
maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for
repositories: [repository.jboss.org (http://repository.jboss.org/maven2,
default, releases), snapshots.jboss.org (http://snapshots.jboss.org/maven2,
default, snapshots), oss.sonatype.org/jboss-snapshots (
http://oss.sonatype.org/content/repositories/jboss-snapshots, default,
snapshots)] -> [Help 1]

Shouldn't the maven-core dependency tree at least not contradict itself?

Thanks,
Delany

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>tools</groupId>
  <artifactId>dummy</artifactId>
  <version>1.0.0</version>
  <name>Dummy</name>
  <dependencies>
    <dependency>
      <groupId>org.apache.maven</groupId>
      <artifactId>maven-core</artifactId>
      <version>3.8.2</version>
    </dependency>
    <dependency>
      <groupId>org.apache.maven</groupId>
      <artifactId>maven-model</artifactId>
      <version>3.8.2</version>
    </dependency>
  </dependencies>
  <build>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>flatten-maven-plugin</artifactId>
        <version>1.2.7</version>
        <configuration>
          <updatePomFile>true</updatePomFile>
          <flattenMode>clean</flattenMode>
          <flattenDependencyMode>all</flattenDependencyMode>
        </configuration>
        <executions>
          <execution>
            <id>flatten.clean</id>
            <goals>
              <goal>clean</goal>
            </goals>
            <phase>clean</phase>
          </execution>
          <execution>
            <id>flatten</id>
            <goals>
              <goal>flatten</goal>
            </goals>
            <phase>initialize</phase>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
</project>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message