POM文件内容: |
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.2.0.0-RC3</version>
<packaging>jar</packaging>
<distributionManagement>
<snapshotRepository>
<id>sonatype-nexus-snapshots</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>sonatype-nexus-staging</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
</repository>
</distributionManagement>
<parent>
<groupId>org.sonatype.oss</groupId>
<artifactId>oss-parent</artifactId>
<version>9</version>
</parent>
<licenses>
<license>
<name>BSD</name>
<url>http://www.opensource.org/licenses/bsd-license.php</url>
<comments>Code License - New BSD License</comments>
</license>
<license>
<name>Creative Commons 3.0 BY-SA</name>
<url>http://creativecommons.org/licenses/by-sa/3.0/</url>
<comments>Content License - Create Commons 3.0 BY-SA</comments>
</license>
</licenses>
<name>ESAPI</name>
<url>https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API</url>
<description>The Enterprise Security API (ESAPI) project is an OWASP project
to create simple strong security controls for every web platform.
Security controls are not simple to build. You can read about the
hundreds of pitfalls for unwary developers on the OWASP web site. By
providing developers with a set of strong controls, we aim to
eliminate some of the complexity of creating secure web applications.
This can result in significant cost savings across the SDLC.
</description>
<organization>
<name>The Open Web Application Security Project (OWASP)</name>
<url>http://www.owasp.org/index.php</url>
</organization>
<mailingLists>
<mailingList>
<name>ESAPI-Project-Users</name>
<subscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-users/join</subscribe>
<unsubscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-users/unsubscribe</unsubscribe>
<post>mailto:esapi-project-users@owasp.org</post>
<archive>(Pre 3/25/2019) https://lists.owasp.org/pipermail/esapi-users/</archive>
<!--This is the OWASP ESAPI mailing list for ESAPI users, regardless of programming language. For example, ESAPI users with questions about ESAPI for Java or ESAPI for PHP would both post here.-->
</mailingList>
<mailingList>
<name>ESAPI-Project-Dev</name>
<subscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/join</subscribe>
<unsubscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/unsubscribe</unsubscribe>
<post>mailto:esapi-project-dev@owasp.org</post>
<archive>(Pre 3/25/2019) https://lists.owasp.org/pipermail/esapi-dev/</archive>
<!--This is the OWASP ESAPI mailing list for ESAPI for Java developers. While the list is not closed, the topics of discussion are likely to be less relevant to those only using ESAPI. Note that this is the list for ESAPI for Java. Most other language implementations, such ESAPI for PHP, have their own mailing lists.-->
</mailingList>
<mailingList>
<name>OWASP-ESAPI (Inactive! Archive only!)</name>
<archive>https://lists.owasp.org/pipermail/owasp-esapi/</archive>
<!--The name of the obsolete mailing list that previously was a combination of an ESAPI users lists and ESAP development list. While obsolete, it is still sometimes useful for searching through old historical posts. NOTE: NEW POSTS SHOULD NO LONGER BE MADE TO THIS LIST!-->
</mailingList>
</mailingLists>
<scm>
<connection>scm:git:git://github.com/ESAPI/esapi-java-legacy.git</connection>
<developerConnection>scm:git:git@github.com:ESAPI/esapi-java-legacy.git</developerConnection>
<url>https://github.com/ESAPI/esapi-java-legacy</url>
</scm>
<issueManagement>
<system>GitHub Issue Tracking</system>
<url>https://github.com/ESAPI/esapi-java-legacy/issues</url>
</issueManagement>
<developers>
<developer>
<name>Jeff Williams</name>
<organization>Aspect Security</organization>
<roles>
<role>Project Inventor</role>
</roles>
</developer>
<developer>
<name>Kevin W. Wall</name>
<organization>Wells Fargo</organization>
<roles>
<role>Project Co-owner</role>
</roles>
</developer>
<developer>
<name>Matt Seil</name>
<organization>OWASP</organization>
<roles>
<role>Project Co-owner</role>
</roles>
</developer>
<developer>
<name>Chris Schmidt</name>
<organization>Synopsys</organization>
<roles>
<role>Former project co-owner</role>
</roles>
</developer>
</developers>
<contributors>
<contributor>
<name>Dave Wichers</name>
<organization>Aspect Security</organization>
</contributor>
<contributor>
<name>Jim Manico</name>
</contributor>
<contributor>
<name>Jeremiah J. Stacey</name>
</contributor>
</contributors>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>javax.servlet.jsp-api</artifactId>
<version>2.3.3</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.io7m.xom</groupId>
<artifactId>xom</artifactId>
<version>1.2.10</version>
<exclusions>
<!-- excluded because we directly import newer versions. -->
<exclusion>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
</exclusion>
<exclusion>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
</exclusion>
<exclusion>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<!-- We need to use 1.9.2 (or later) here to address CVE-2014-0114. -->
<version>1.9.3</version>
<!-- NOTE: commons-beanutils uses commons-collections 3.2.2. We use
commons-collections 4.2. Package names are different so this shouldn't
cause any problems as long as 3.x doesn't have any CVEs. May have to
rethink / exclude / etc. if there are.
-->
</dependency>
<dependency>
<groupId>commons-configuration</groupId>
<artifactId>commons-configuration</artifactId>
<version>1.10</version>
<exclusions>
<!-- excluded because multiple dependencies import newer version. -->
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.6</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<!-- Upgrading to 1.4 causes this test case failure: [ERROR] HTTPUtilitiesTest.testGetFileUploads:259. TODO: Figure out why, and fix. -->
<version>1.3.3</version>
<exclusions>
<!-- excluded because we directly import newer version. -->
<exclusion>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<!-- Using 4.2 because 4.3 requires Java 8. Trying to make sure ESAPI supports Java 7+ -->
<version>4.2</version>
</dependency>
<dependency>
<groupId>org.apache-extras.beanshell</groupId>
<artifactId>bsh</artifactId>
<version>2.0b6</version>
</dependency>
<dependency>
<groupId>org.owasp.antisamy</groupId>
<artifactId>antisamy</artifactId>
<version>1.5.8</version>
<exclusions>
<exclusion>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</exclusion>
<exclusion>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.26</version>
</dependency>
<!--
FORCE SPECIFIC VERSIONS OF TRANSITIVE DEPENDENCIES EXCLUDED ABOVE.
This is to force patched versions of these libraries with known CVEs against them.
-->
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.6</version>
</dependency>
<dependency>
<groupId>org.apache.xmlgraphics</groupId>
<artifactId>batik-css</artifactId>
<version>1.11</version>
<exclusions>
<exclusion>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</exclusion>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>2.7.2</version>
<exclusions>
<exclusion>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>2.12.0</version>
</dependency>
<dependency>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
<version>1.4.01</version>
</dependency>
<!-- Dependencies which are ONLY used for JUnit tests -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.61</version>
<scope>test</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-mockito -->
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito2</artifactId>
<version>2.0.0</version>
<scope>test</scope>
<exclusions>
<exclusion>
<!-- A subdependency: org.powermock:powermock-core:2.0.0, results in the import of: org.javassist:javassist:3.24.0-GA
which was compiled for Java 8 by accident. org.javassist:javassist:3.25.0-GA was released for Java 7.
So we exclude it here, and import the version we need below. -->
<groupId>org.javassist</groupId>
<artifactId>javassist</artifactId>
</exclusion>
<!-- The following exclusions and import of mockito-core 2.27.0 result in 100% convergence in the test dependencies, -->
<exclusion>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.powermock</groupId>
<artifactId>powermock-reflect</artifactId>
</exclusion>
<exclusion>
<groupId>net.bytebuddy</groupId>
<artifactId>byte-buddy</artifactId>
</exclusion>
<exclusion>
<groupId>net.bytebuddy</groupId>
<artifactId>byte-buddy-agent</artifactId>
</exclusion>
</exclusions>
<!-- exclusions>
</exclusions -->
</dependency>
<!-- The following imported solely so we can exclude its dependency on: org.objenesis:objenesis, which conflicts with
another import by a dependency of powermock-api-mockito2. -->
<dependency>
<!-- This version is compatible with Java 7, the previous version was not (by accident). -->
<groupId>org.javassist</groupId>
<artifactId>javassist</artifactId>
<version>3.25.0-GA</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>2.27.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-module-junit4</artifactId>
<version>2.0.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-reflect</artifactId>
<version>2.0.0</version>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.objenesis</groupId>
<artifactId>objenesis</artifactId>
</exclusion>
<exclusion>
<groupId>net.bytebuddy</groupId>
<artifactId>byte-buddy</artifactId>
</exclusion>
<exclusion>
<groupId>net.bytebuddy</groupId>
<artifactId>byte-buddy-agent</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.openjdk.jmh</groupId>
<artifactId>jmh-core</artifactId>
<version>1.21</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.openjdk.jmh</groupId>
<artifactId>jmh-generator-annprocess</artifactId>
<version>1.21</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<version>3.1.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>3.1.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>2.5.3</version>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>3.1.11</version>
<dependencies>
<!-- overwrite dependency on spotbugs if you want to specify the version of spotbugs -->
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs</artifactId>
<version>3.1.12</version>
</dependency>
</dependencies>
<executions>
<execution>
<!-- requires Java 8. So only run it if using Java 8 or greater.
This property set in a profile below. -->
<phase>${PhaseIfJava8plus}</phase>
</execution>
</executions>
<configuration>
<findbugsXmlOutput>true</findbugsXmlOutput>
<findbugsXmlWithMessages>true</findbugsXmlWithMessages>
<xmlOutput>true</xmlOutput>
<threshold>Low</threshold>
<effort>Max</effort>
<relaxed>false</relaxed>
</configuration>
</plugin>
<plugin>
<groupId>net.sourceforge.maven-taglib</groupId>
<artifactId>maven-taglib-plugin</artifactId>
<version>2.4</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-changelog-plugin</artifactId>
<version>2.3</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>3.1.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.0</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
<testSource>1.7</testSource>
<testTarget>1.7</testTarget>
<debug>true</debug>
<showWarnings>true</showWarnings>
<showDeprecation>false</showDeprecation>
<compilerArgs>
<!-- This fails:
<arg>-Xmaxwarns 2000</arg>
Must be passed as two separate args, as shown
below.
-->
<arg>-Xmaxwarns</arg>
<arg>2000</arg>
<arg>
<!-- Eventually desire is to use just
-Xlint:all
here, but for now, this is just to cross off
another criteria for CII Badging process.
However, this is main reason we increased
maxwarns above.
-->
-Xlint:all,-deprecation,-rawtypes,-unchecked
</arg>
</compilerArgs>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>2.8.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-eclipse-plugin</artifactId>
<version>2.10</version>
<configuration>
<downloadSources>true</downloadSources>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.0.0-M2</version>
<dependencies>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>extra-enforcer-rules</artifactId>
<version>1.2</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>enforce-bytecode-version</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<enforceBytecodeVersion>
<maxJdkVersion>1.7</maxJdkVersion>
</enforceBytecodeVersion>
</rules>
<fail>true</fail>
</configuration>
</execution>
<execution>
<id>enforce-jdk-version</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireJavaVersion>
<version>1.7</version>
<message>
ESAPI 2.x now uses the JDK1.7 for it's baseline. Please make sure that your
JAVA_HOME environment variable is pointed to a JDK1.7 distribution.
</message>
</requireJavaVersion>
</rules>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.6</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals> <goal>sign</goal> </goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<version>2.5.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.1.0</version>
<configuration>
<archive>
<manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
</manifest>
</archive>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.1.0</version>
<configuration>
<source>7</source>
<doclint>none</doclint>
</configuration>
<!-- generate esapi-VERSION.javadoc.jar -->
<executions>
<execution>
<id>attach-javadocs</id>
<phase>package</phase>
<goals><goal>jar</goal></goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jxr-plugin</artifactId>
<version>3.0.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.11.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-project-info-reports-plugin</artifactId>
<version>3.0.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>3.1.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<version>3.7.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.0.1</version>
<executions>
<execution>
<id>attach-sources</id>
<phase>package</phase>
<goals><goal>jar-no-fork</goal></goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-report-plugin</artifactId>
<version>2.22.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.22.1</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
<version>2.7</version>
<configuration>
<formats>
<format>html</format>
<format>xml</format>
</formats>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>jdepend-maven-plugin</artifactId>
<version>2.0</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.7</version>
</plugin>
<plugin>
<groupId>org.eluder.coveralls</groupId>
<artifactId>coveralls-maven-plugin</artifactId>
<version>4.3.0</version>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>5.0.0</version>
<configuration>
<failBuildOnCVSS>5.9</failBuildOnCVSS>
<suppressionFile>./suppressions.xml</suppressionFile>
</configuration>
<executions>
<execution>
<!-- This version of Dep Ck requires Java 8. So only run it if using Java 8 or greater.
This property set in a profile below. -->
<phase>${PhaseIfJava8plus}</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
<reporting>
<plugins>
<plugin>
<groupId>net.sourceforge.maven-taglib</groupId>
<artifactId>maven-taglib-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-changelog-plugin</artifactId>
<configuration>
<issueIDRegexPattern>[Ii]ssue[# ]*(\d)+</issueIDRegexPattern>
<issueLinkUrl>https://github.com/ESAPI/esapi-java-legacy/issues/%ISSUE%</issueLinkUrl>
<type>date</type>
<dates>
<!-- Should be date of previous official release -->
<date>2015-02-05 00:00:00</date>
</dates>
</configuration>
</plugin>
<plugin>
<!-- Generate /site/apidocs and /site/testapidocs -->
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<configuration>
<doclint>none</doclint>
<source>7</source>
</configuration>
</plugin>
<plugin>
<!-- This plugin required in reporting section, as other maven reporting plugins use the Source XRef this plugin generates.
Without it, you get these errors when running mvn site: [WARNING] Unable to locate Source XRef to link to - DISABLED -->
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jxr-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<configuration>
<targetJdk>1.7</targetJdk>
<sourceEncoding>utf-8</sourceEncoding>
<!-- excludeFromFailureFile>exclude-pmd.properties</excludeFromFailureFile -->
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-project-info-reports-plugin</artifactId>
<reportSets>
<reportSet>
<reports>
<report>dependency-convergence</report>
</reports>
</reportSet>
</reportSets>
<configuration>
<!-- setting this is supposed to make generating this report much faster, but didn't affect me without it, so I turned it off (DRW) -->
<!-- dependencyLocationsEnabled>false</dependencyLocationsEnabled -->
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-report-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
</plugin>
<plugin>
<!-- Using this introduces these errors: Skipped "JDepend" report (jdepend-maven-plugin:2.0:generate), file "jdepend-report.html" already exists.
but don't know how to eliminate them, without disabling this plugin. -->
<groupId>org.codehaus.mojo</groupId>
<artifactId>jdepend-maven-plugin</artifactId>
</plugin>
<!-- Check for updates to dependencies and report on them. -->
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<reportSets>
<reportSet>
<reports>
<report>dependency-updates-report</report>
<report>plugin-updates-report</report>
<report>property-updates-report</report>
</reports>
</reportSet>
</reportSets>
</plugin>
</plugins>
</reporting>
<profiles>
<profile>
<activation>
<jdk>[1.8,)</jdk>
</activation>
<properties>
<PhaseIfJava8plus>site</PhaseIfJava8plus>
</properties>
</profile>
<profile>
<!-- Activate to sign jars and build distributable download. -->
<id>dist</id>
<!-- This profile is activated when mvn release:perform is called from the command line
to actually do a release. If you need this profile active for some reason outside
of performing a release, use mvn <command> -Pdist
-->
<activation>
<property>
<name>performRelease</name>
<value>true</value>
</property>
</activation>
<build>
<plugins>
<plugin>
<artifactId>maven-jar-plugin</artifactId>
<!--
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
-->
<configuration>
<!--
<keystore>codesign.keystore</keystore>
<alias>owasp foundation, inc.'s godaddy.com, inc. id</alias>
<verify>true</verify>
-->
<archive>
<manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
</manifest>
<manifestEntries>
<Sealed>true</Sealed>
</manifestEntries>
</archive>
</configuration>
</plugin>
<!-- For building the distribution zip file. -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptors>
<descriptor>src/main/assembly/dist.xml</descriptor>
</descriptors>
</configuration>
<executions>
<execution>
<id>make-dist</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- Performs a full release. See release documentation for information on how to
perform an ESAPI release using Maven -->
<!--
mvn release:prepare was not working as expected, so I'm commenting this out and we
are doing all this SCM magic manually for now. - kevin wall, 2019-04-09
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>2.5.3</version>
<configuration>
<tagBase>https://github.com/ESAPI/esapi-java-legacy/tags</tagBase>
</configuration>
</plugin>
-->
</plugins>
</build>
</profile>
</profiles>
</project>
|