jarmoniuk
commented
1 year ago @slawekjaranowski The plugin itself must define a dependency version in its dependencies or dependency management.
This does trigger the error and will be helped with the patch.
For this to work though as an it, the plugin needs to be executed.
<pluginManagement>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.7.3.4</version>
<dependencies>
<!-- overwrite dependency on spotbugs if you want to
specify the version of spotbugs -->
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs</artifactId>
</dependency>
</dependencies>
</plugin>
</plugins>
</pluginManagement>In this case, it does define the dependency on com.github.spotbugs:spotbugs:${spotbugsVersion}. -- see https://repo1.maven.org/maven2/com/github/spotbugs/spotbugs-maven-plugin/4.7.3.4/spotbugs-maven-plugin-4.7.3.4.pom
EDIT: No, it will still fail if we actually try executing the plugin
slawekjaranowski
In case a dependency version is specified in dependencyManagement, a dependency can be versionless.
Dependency updates goals would then attempt to find an updated version to a versionless dependency, which would fail with an NPE or, if that is prevented, an attempt would have been made to find an update to version specified as [,0], which would be any version.
Preventing both issues.
@slawekjaranowski please review.