Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolves #973: NPE if actual version is null for a dependency #974

Merged
merged 4 commits into from
Jun 23, 2023
Merged

Resolves #973: NPE if actual version is null for a dependency #974

merged 4 commits into from
Jun 23, 2023

Conversation

andrzejj0
Copy link
Contributor

@andrzejj0 andrzejj0 commented Jun 9, 2023
edited
Loading

In case a dependency version is specified in dependencyManagement, a dependency can be versionless.

Dependency updates goals would then attempt to find an updated version to a versionless dependency, which would fail with an NPE or, if that is prevented, an attempt would have been made to find an update to version specified as [,0], which would be any version.

Preventing both issues.

@slawekjaranowski please review.

@andrzejj0 andrzejj0 force-pushed the issue-973-npe-empty-version branch from f8e0c0c to a27af46 Compare June 9, 2023 15:46
@andrzejj0 andrzejj0 marked this pull request as draft June 9, 2023 15:48
@andrzejj0 andrzejj0 force-pushed the issue-973-npe-empty-version branch 4 times, most recently from ad63336 to 56106e8 Compare June 9, 2023 18:41
@andrzejj0 andrzejj0 force-pushed the issue-973-npe-empty-version branch from 56106e8 to 38cf2ac Compare June 9, 2023 20:31
@andrzejj0 andrzejj0 marked this pull request as ready for review June 9, 2023 21:08
@slawekjaranowski slawekjaranowski linked an issue Jun 23, 2023 that may be closed by this pull request
org.codehaus.mojo:versions-maven-plugin:2.16.0:display-dependency-updates failed: Cannot invoke "Object.toString()" because "otherVersion" is null #973
Closed
@slawekjaranowski slawekjaranowski added this to the next-release milestone Jun 23, 2023
@andrzejj0 andrzejj0 marked this pull request as draft June 23, 2023 17:40
@andrzejj0
Copy link
Contributor Author

andrzejj0 commented Jun 23, 2023
edited
Loading

@slawekjaranowski The plugin itself must define a dependency version in its dependencies or dependency management.

This does trigger the error and will be helped with the patch.

For this to work though as an it, the plugin needs to be executed.

    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>com.github.spotbugs</groupId>
          <artifactId>spotbugs-maven-plugin</artifactId>
          <version>4.7.3.4</version>
          <dependencies>
            <!-- overwrite dependency on spotbugs if you want to
            specify the version of spotbugs -->
            <dependency>
              <groupId>com.github.spotbugs</groupId>
              <artifactId>spotbugs</artifactId>
            </dependency>
          </dependencies>
        </plugin>
      </plugins>
    </pluginManagement>

In this case, it does define the dependency on com.github.spotbugs:spotbugs:${spotbugsVersion}. -- see https://repo1.maven.org/maven2/com/github/spotbugs/spotbugs-maven-plugin/4.7.3.4/spotbugs-maven-plugin-4.7.3.4.pom

EDIT: No, it will still fail if we actually try executing the plugin

@andrzejj0
Copy link
Contributor Author

andrzejj0 commented Jun 23, 2023
edited
Loading

@slawekjaranowski Ok, so I guess this is another edge case: the pom.xml will fail when we try executing the actual plugin as it is invalid -- lacks version. However, this faulty pom.xml will cause an NPE on the versions plugin if we try bumping the versions. So, maybe let's allow this faulty pom.xml as the goal here is not to execute the plugin, but to make the versions plugin not fail while processing the pom.

@slawekjaranowski
Copy link
Member

@slawekjaranowski Ok, so I guess this is another edge case: the pom.xml will fail when we try executing the actual plugin as it is invalid -- lacks version. However, this faulty pom.xml will cause an NPE on the versions plugin if we try bumping the versions. So, maybe let's allow this faulty pom.xml as the goal here is not to execute the plugin, but to make the versions plugin not fail while processing the pom.

Sounds reasonable - we only need comments on IT tah such configurations is not working

@slawekjaranowski slawekjaranowski force-pushed the issue-973-npe-empty-version branch from 10a0608 to 38cf2ac Compare June 23, 2023 18:24
@slawekjaranowski
Copy link
Member

Dropped my test commit 😄

@andrzejj0 andrzejj0 marked this pull request as ready for review June 23, 2023 19:05
@andrzejj0
Copy link
Contributor Author

Added a description. Did not squash :)

@slawekjaranowski slawekjaranowski merged commit 7b566f2 into mojohaus:master Jun 23, 2023
@andrzejj0 andrzejj0 deleted the issue-973-npe-empty-version branch June 23, 2023 20:36
@freedom1b2830 freedom1b2830 mentioned this pull request Jun 24, 2023
Closed
@slawekjaranowski slawekjaranowski mentioned this pull request Oct 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@slawekjaranowski slawekjaranowski slawekjaranowski left review comments

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
2.16.1
2 participants
@andrzejj0 @slawekjaranowski