WARNINGs with Maven 3.9+

calendar Jun 24, 2023 · 5 min read  ·
Share on: linkedin copy

You might be surprised that all of a sudden that some WARNINGs are being emitted by your Maven build (at the end; Starting with Maven 3.9.1 and 3.9.2) like the following:

 1...
 2[INFO] Finished at: 2023-06-24T20:14:18+02:00
 3[INFO] ------------------------------------------------------------------------
 4[WARNING] 
 5[WARNING] Plugin validation issues were detected in 3 plugin(s)
 6[WARNING] 
 7[WARNING]  * org.jacoco:jacoco-maven-plugin:0.8.10
 8[WARNING]  * org.apache.maven.plugins:maven-site-plugin:3.12.1
 9[WARNING]  * org.codehaus.mojo:exec-maven-plugin:3.0.0
10[WARNING] 
11[WARNING] For more or less details, use 'maven.plugin.validation' property with one of the values (case insensitive): [BRIEF, DEFAULT, VERBOSE]
12[WARNING]

Those WARNINGs which are emitted, are not for you as user of those plugins. They are intended for the plugin maintainers/authors, because that means those plugins are using old API's or out-of-date artifacts or missing other things. The reason for that is that those old API's etc. are not supported in future Apache Maven Versions. This means starting with Maven 4 those plugins will not work anymore. Currently only alpha versions are available, but that would mean those plugins will not continue to work.

To reassure you as a user, the maintainers and authors of the plugins are required to bring their plugins up-to-date. You might help here as a user because some maintainers might not be aware of such issues. In such cases it could be helpful to report it to them.

If you like to know more about the details, as a user, you can simply rerun the previous command line execution with the supplemental parameters:

1mvn clean package -Dmaven.plugin.validation=VERBOSE

That will print out much more details like the following:

 1[INFO] ------------------------------------------------------------------------
 2[INFO] Total time:  0.724 s
 3[INFO] Finished at: 2023-06-24T18:25:20+02:00
 4[INFO] ------------------------------------------------------------------------
 5[WARNING] 
 6[WARNING] Plugin validation issues were detected in 3 plugin(s)
 7[WARNING] 
 8[WARNING]  * org.jacoco:jacoco-maven-plugin:0.8.10
 9[WARNING]   Declared at location(s):
10[WARNING]    * com.soebes.smpp:smpp:6.0.3-SNAPSHOT (pom.xml) @ line 497
11[WARNING]   Used in module(s):
12[WARNING]    * com.soebes.smpp:smpp:6.0.3-SNAPSHOT (pom.xml)
13[WARNING]   Plugin issue(s):
14[WARNING]    * Plugin is a Maven 2.x plugin, which will be not supported in Maven 4.x
15[WARNING]    * Plugin mixes multiple Maven versions: [3.0, 2.0.2]
16[WARNING]    * Plugin should declare these Maven artifacts in `provided` scope: [org.apache.maven:maven-repository-metadata:3.0, org.apache.maven:maven-artifact:3.0]
17[WARNING]    * Plugin depends on plexus-container-default, which is EOL
18[WARNING] 
19[WARNING]  * org.apache.maven.plugins:maven-site-plugin:3.12.1
20[WARNING]   Declared at location(s):
21[WARNING]    * com.soebes.smpp:smpp:6.0.3-SNAPSHOT (pom.xml) @ line 593
22[WARNING]   Used in module(s):
23[WARNING]    * com.soebes.smpp:smpp:6.0.3-SNAPSHOT (pom.xml)
24[WARNING]   Plugin issue(s):
25[WARNING]    * Plugin depends on the deprecated Maven 2.x compatibility layer, which may not be supported in Maven 4.x
26[WARNING]    * Plugin depends on plexus-container-default, which is EOL
27[WARNING]   Mojo issue(s):
28[WARNING]    * Mojo site:attach-descriptor (org.apache.maven.plugins.site.descriptor.SiteDescriptorAttachMojo)
29[WARNING]      - Parameter 'localRepository' uses deprecated parameter expression '${localRepository}': ArtifactRepository type is deprecated and its use in Mojos should be avoided.
30[WARNING] 
31[WARNING]  * org.codehaus.mojo:exec-maven-plugin:3.0.0
32[WARNING]   Declared at location(s):
33[WARNING]    * unknown
34[WARNING]   Used in module(s):
35[WARNING]    * com.soebes.smpp:smpp:6.0.3-SNAPSHOT (pom.xml)
36[WARNING]   Plugin issue(s):
37[WARNING]    * Plugin should declare these Maven artifacts in `provided` scope: [org.apache.maven:maven-settings-builder:3.0, org.apache.maven:maven-repository-metadata:3.0, org.apache.maven:maven-artifact:3.0, org.apache.maven:maven-settings:3.0, org.apache.maven:maven-plugin-api:3.0, org.apache.maven:maven-aether-provider:3.0, org.apache.maven:maven-model:3.0, org.apache.maven:maven-core:3.0, org.apache.maven:maven-model-builder:3.0]
38[WARNING] 
39[WARNING] 
40[WARNING] Fix reported issues by adjusting plugin configuration or by upgrading above listed plugins. If no upgrade available, please notify plugin maintainers about reported issues.
41[WARNING] For more or less details, use 'maven.plugin.validation' property with one of the values (case insensitive): [BRIEF, DEFAULT, VERBOSE]
42[WARNING]

It's a bit overwhelming. So let us focus on one plugin first: (extracted the part for the jacoco-maven-plugin):

 1[WARNING]  * org.jacoco:jacoco-maven-plugin:0.8.10
 2[WARNING]   Declared at location(s):
 3[WARNING]    * com.soebes.smpp:smpp:6.0.3-SNAPSHOT (pom.xml) @ line 497
 4[WARNING]   Used in module(s):
 5[WARNING]    * com.soebes.smpp:smpp:6.0.3-SNAPSHOT (pom.xml)
 6[WARNING]   Plugin issue(s):
 7[WARNING]    * Plugin is a Maven 2.x plugin, which will be not supported in Maven 4.x
 8[WARNING]    * Plugin mixes multiple Maven versions: [3.0, 2.0.2]
 9[WARNING]    * Plugin should declare these Maven artifacts in `provided` scope: [org.apache.maven:maven-repository-metadata:3.0, org.apache.maven:maven-artifact:3.0]
10[WARNING]    * Plugin depends on plexus-container-default, which is EOL
11[WARNING]

The part with : Plugin issue(s): shows the interesting parts. One hint is interesting: * Plugin is a Maven 2.x plugin, which will be not supported in Maven 4.x. That means the plugin supports Maven 2 which is end of life since 2014! And Since 2010 there is Maven 3+ available. Furthermore, artifacts in the plugin have been declared wrong. More accurate the scope has been defined wrong. Apart from that it depends on a long time EOL component plexus-container-default.

So taking a look into the next reported plugin. The maven-site-plugin:

 1[WARNING]  * org.apache.maven.plugins:maven-site-plugin:3.12.1
 2[WARNING]   Declared at location(s):
 3[WARNING]    * com.soebes.smpp:smpp:6.0.3-SNAPSHOT (pom.xml) @ line 593
 4[WARNING]   Used in module(s):
 5[WARNING]    * com.soebes.smpp:smpp:6.0.3-SNAPSHOT (pom.xml)
 6[WARNING]   Plugin issue(s):
 7[WARNING]    * Plugin depends on the deprecated Maven 2.x compatibility layer, which may not be supported in Maven 4.x
 8[WARNING]    * Plugin depends on plexus-container-default, which is EOL
 9[WARNING]   Mojo issue(s):
10[WARNING]    * Mojo site:attach-descriptor (org.apache.maven.plugins.site.descriptor.SiteDescriptorAttachMojo)
11[WARNING]      - Parameter 'localRepository' uses deprecated parameter expression '${localRepository}': ArtifactRepository type is deprecated and its use in Mojos should be avoided.
12[WARNING]

Yes this plugin has the same issue to support Maven 2 compatibility layer which will not work in Maven 4 anymore. And not to forget also depends on the component plexus-container-default as mentioned before. This plugin also defines parameter with a deprecated parameter expression. Luckily for that plugin already exists a compatible replacement version maven-site-plugin.

Ok, the last plugin reported is the exec-maven-plugin:

1[WARNING]  * org.codehaus.mojo:exec-maven-plugin:3.0.0
2[WARNING]   Declared at location(s):
3[WARNING]    * unknown
4[WARNING]   Used in module(s):
5[WARNING]    * com.soebes.smpp:smpp:6.0.3-SNAPSHOT (pom.xml)
6[WARNING]   Plugin issue(s):
7[WARNING]    * Plugin should declare these Maven artifacts in `provided` scope: [org.apache.maven:maven-settings-builder:3.0, org.apache.maven:maven-repository-metadata:3.0, org.apache.maven:maven-artifact:3.0, org.apache.maven:maven-settings:3.0, org.apache.maven:maven-plugin-api:3.0, org.apache.maven:maven-aether-provider:3.0, org.apache.maven:maven-model:3.0, org.apache.maven:maven-core:3.0, org.apache.maven:maven-model-builder:3.0]
8[WARNING]

The exec-maven-plugin uses "only" the wrong scope for some dependencies fortunately there exists a newer version (3.1.0) of the exec-maven-plugin.

Update: Starting with Maven 3.9.3 you should activate those warning if you are interested in checking the plugins in your build. You can simply achieve that by using the following command line execution:

1mvn verify -Dmaven.plugin.validation=VERBOSE

So if you see such warning you might help the whole community by reporting such issues to the plugin maintainer/author if not yet reported to make them aware about the issue. That makes sure that those plugins continue to work with Apache Maven 4.