Don't flag HTTPS xsi:schemaLocations as invalid

[sewe]

After 52917c0ec97a8dbb26e9eabc87b607f680ad18eb the tidy-maven-plugin now uses HTTPS for xsi:schemaLocations (good). But ironically tidy:check itself still insists that only HTTP xsi:schemaLocations are valid (bad):

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

is valid, but

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">

is not.

Also, tidy:format reverts https://maven.apache.org/xsd/maven-4.0.0.xsd back to http://maven.apache.org/xsd/maven-4.0.0.xsd, which it shouldn’t.

[dmitry-timofeev]

The http://maven.apache.org/developers/conventions/code.html#POM_Code_Convention which this plugin enforces now uses https for the Maven POM XSD.

It seems reasonable to make tidy-maven-plugin do the opposite of its present behaviour: to rewrite http to https in https://maven.apache.org/xsd/maven-4.0.0.xsd"

[dmitry-timofeev]

I considered patching that, but it appeared it was already fixed 3 years ago in 52917c0ec97a8dbb26e9eabc87b607f680ad18eb:

https://github.com/mojohaus/tidy-maven-plugin/blob/52917c0ec97a8dbb26e9eabc87b607f680ad18eb/src/main/java/org/codehaus/mojo/tidy/task/EnsureSingleLineProjectStartTag.java#L33

This change is just unreleased. Would anyone of the maintainers please release a new version? Probably, a 2.0.0 — since it will fail previously passing builds.

[dbwiddis]

This change is just unreleased. Would anyone of the maintainers please release a new version? Probably, a 2.0.0 — since it will fail previously passing builds.

As of March 2020, Maven no longer supports http. Https is not only a good idea, it's mandatory.

The current version of the tidy plugin actively breaks builds when used.

[sewe]

As of March 2020, Maven no longer supports http. Https is not only a good idea, it's mandatory.

The current version of the tidy plugin actively breaks builds when used.

I cannot confirm this with version 1.1.0.

Are you sure that you are only changing the schema’s location to https: and not also the namespace URI itself? That is just an identifier and not used for network communication. As such it must not be changed but needs to stay at http::

<project xmlns="http://maven.apache.org/POM/4.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">

[sewe]

Spoke to soon. The tidy:pom goal indeed rewrites the schema’s location from https: back to http:; only my IDE didn’t refresh its editors. So the bug still persists in version 1.1.0. :cry:

[ctrueden]

@sewe wrote:

The tidy:pom goal indeed rewrites the schema’s location from https: back to http:

I tried to fix this behavior with #53.

Edit: The behavior was already fixed on the main branch, so my PR was unnecessary. It's just that we need a tidy-maven-plugin 1.1.1 release now.

[slawekjaranowski]

For reference #54 - will be released soon, so I close this issue.