#585: Pin maven plugin versions

.gitattributes

@@ -5,12 +5,23 @@ pk_generated_parent.pom  linguist-generated=true
 dependencies.md          linguist-generated=true
 doc/changes/changelog.md linguist-generated=true
 
-.settings/org.eclipse.jdt.core.prefs linguist-generated=true
-.settings/org.eclipse.jdt.ui.prefs   linguist-generated=true
 doc/images/.svg                      linguist-generated=true
 
 .github/workflows/broken_links_checker.yml linguist-generated=true
 .github/workflows/ci-build.yml             linguist-generated=true
 .github/workflows/release.yml              linguist-generated=true
 .github/workflows/dependencies_check.yml   linguist-generated=true
 .github/workflows/dependencies_update.yml  linguist-generated=true
+
+project-keeper-cli/.settings/org.eclipse.jdt.core.prefs                          linguist-generated=true
+project-keeper-cli/.settings/org.eclipse.jdt.ui.prefs                            linguist-generated=true
+project-keeper-maven-plugin/.settings/org.eclipse.jdt.core.prefs                 linguist-generated=true
+project-keeper-maven-plugin/.settings/org.eclipse.jdt.ui.prefs                   linguist-generated=true
+project-keeper/.settings/org.eclipse.jdt.core.prefs                              linguist-generated=true
+project-keeper/.settings/org.eclipse.jdt.ui.prefs                                linguist-generated=true
+project-keeper/src/main/resources/templates/.settings/org.eclipse.jdt.core.prefs linguist-generated=true
+project-keeper/src/main/resources/templates/.settings/org.eclipse.jdt.ui.prefs   linguist-generated=true
+shared-model-classes/.settings/org.eclipse.jdt.core.prefs                        linguist-generated=true
+shared-model-classes/.settings/org.eclipse.jdt.ui.prefs                          linguist-generated=true
+shared-test-setup/.settings/org.eclipse.jdt.core.prefs                           linguist-generated=true
+shared-test-setup/.settings/org.eclipse.jdt.ui.prefs                             linguist-generated=true

doc/changes/changes_4.3.4.md

@@ -8,12 +8,18 @@ This release fixes vulnerability CVE-2024-47554 in transitive test dependency `c
 
 The release ignores vulnerability CVE-2023-7272 in transitive runtime dependency `org.glassfish:javax.json:1.1.4` via `com.jcabi:jcabi-github:jar:1.9.1` as this is accepted for accessing exasol json documents on GitHub.
 
+The release also pins Maven plugin versions to avoid plugin versions depending on the Maven version.
+
 ### Security
 
 * #586: Fixed vulnerability CVE-2024-47554 in test dependency `commons-io:commons-io:2.11.0`
 * #587: Fixed vulnerability CVE-2024-47554 in test dependency `commons-io:commons-io:2.13.0`
 * #588: Ignore vulnerability CVE-2023-7272 in runtime dependency `org.glassfish:javax.json:1.1.4`
 
+### Bugfixes
+
+* #585: Pinned Maven plugin versions in generated parent pom
+
 ### Documentation
 
 * #582: Documented automatic release process in user guide
@@ -24,12 +30,15 @@ The release ignores vulnerability CVE-2023-7272 in transitive runtime dependency
 
 #### Plugin Dependency Updates
 
+* Updated `org.apache.maven.plugins:maven-deploy-plugin:3.1.2` to `3.1.3`
+* Updated `org.itsallcode:openfasttrace-maven-plugin:1.8.0` to `2.2.0`
 * Added `org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0`
 
 ### Project Keeper Shared Model Classes
 
 #### Compile Dependency Updates
 
+* Updated `org.eclipse.jgit:org.eclipse.jgit:6.7.0.202309050840-r` to `7.0.0.202409031743-r`
 * Updated `org.eclipse:yasson:3.0.3` to `3.0.4`
 
 #### Test Dependency Updates
@@ -39,7 +48,20 @@ The release ignores vulnerability CVE-2023-7272 in transitive runtime dependency
 * Updated `org.itsallcode:junit5-system-extensions:1.2.0` to `1.2.2`
 * Updated `org.junit.jupiter:junit-jupiter-engine:5.10.2` to `5.11.2`
 * Updated `org.junit.jupiter:junit-jupiter-params:5.10.2` to `5.11.2`
-* Updated `org.mockito:mockito-core:5.12.0` to `5.14.1`
+* Updated `org.mockito:mockito-core:5.12.0` to `5.14.2`
+* Updated `org.slf4j:slf4j-jdk14:1.7.36` to `2.0.16`
+
+#### Plugin Dependency Updates
+
+* Updated `io.github.zlika:reproducible-build-maven-plugin:0.16` to `0.17`
+* Updated `org.apache.maven.plugins:maven-clean-plugin:2.5` to `3.4.0`
+* Updated `org.apache.maven.plugins:maven-gpg-plugin:3.2.4` to `3.2.7`
+* Updated `org.apache.maven.plugins:maven-install-plugin:2.4` to `3.1.3`
+* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.7.0` to `3.10.1`
+* Updated `org.apache.maven.plugins:maven-resources-plugin:2.6` to `3.3.1`
+* Updated `org.apache.maven.plugins:maven-site-plugin:3.3` to `3.9.1`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.2.5` to `3.5.1`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.16.2` to `2.17.1`
 
 ### Project Keeper Core
 
@@ -63,7 +85,22 @@ The release ignores vulnerability CVE-2023-7272 in transitive runtime dependency
 * Updated `org.junit-pioneer:junit-pioneer:2.2.0` to `2.3.0`
 * Updated `org.junit.jupiter:junit-jupiter-engine:5.10.2` to `5.11.2`
 * Updated `org.junit.jupiter:junit-jupiter-params:5.10.2` to `5.11.2`
-* Updated `org.mockito:mockito-junit-jupiter:5.12.0` to `5.14.1`
+* Updated `org.mockito:mockito-junit-jupiter:5.12.0` to `5.14.2`
+* Updated `org.slf4j:slf4j-jdk14:1.7.36` to `2.0.16`
+
+#### Plugin Dependency Updates
+
+* Updated `io.github.zlika:reproducible-build-maven-plugin:0.16` to `0.17`
+* Updated `org.apache.maven.plugins:maven-clean-plugin:2.5` to `3.4.0`
+* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.2.5` to `3.5.1`
+* Updated `org.apache.maven.plugins:maven-gpg-plugin:3.2.4` to `3.2.7`
+* Updated `org.apache.maven.plugins:maven-install-plugin:2.4` to `3.1.3`
+* Updated `org.apache.maven.plugins:maven-jar-plugin:3.4.1` to `3.4.2`
+* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.7.0` to `3.10.1`
+* Updated `org.apache.maven.plugins:maven-resources-plugin:2.6` to `3.3.1`
+* Updated `org.apache.maven.plugins:maven-site-plugin:3.3` to `3.9.1`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.2.5` to `3.5.1`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.16.2` to `2.17.1`
 
 ### Project Keeper Command Line Interface
 
@@ -72,13 +109,32 @@ The release ignores vulnerability CVE-2023-7272 in transitive runtime dependency
 * Updated `com.exasol:project-keeper-core:4.3.3` to `4.3.4`
 * Updated `org.apache.maven:maven-model:3.9.7` to `3.9.9`
 
+#### Runtime Dependency Updates
+
+* Added `org.slf4j:slf4j-api:2.0.16`
+* Updated `org.slf4j:slf4j-jdk14:1.7.36` to `2.0.16`
+
 #### Test Dependency Updates
 
 * Updated `com.exasol:project-keeper-shared-test-setup:4.3.3` to `4.3.4`
 * Updated `org.hamcrest:hamcrest:2.2` to `3.0`
 * Updated `org.junit.jupiter:junit-jupiter-engine:5.10.2` to `5.11.2`
 * Updated `org.junit.jupiter:junit-jupiter-params:5.10.2` to `5.11.2`
 
+#### Plugin Dependency Updates
+
+* Updated `io.github.zlika:reproducible-build-maven-plugin:0.16` to `0.17`
+* Updated `org.apache.maven.plugins:maven-clean-plugin:2.5` to `3.4.0`
+* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.2.5` to `3.5.1`
+* Updated `org.apache.maven.plugins:maven-gpg-plugin:3.2.4` to `3.2.7`
+* Updated `org.apache.maven.plugins:maven-install-plugin:2.4` to `3.1.3`
+* Updated `org.apache.maven.plugins:maven-jar-plugin:3.4.1` to `3.4.2`
+* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.7.0` to `3.10.1`
+* Updated `org.apache.maven.plugins:maven-resources-plugin:2.6` to `3.3.1`
+* Updated `org.apache.maven.plugins:maven-site-plugin:3.3` to `3.9.1`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.2.5` to `3.5.1`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.16.2` to `2.17.1`
+
 ### Project Keeper Maven Plugin
 
 #### Compile Dependency Updates
@@ -91,22 +147,55 @@ The release ignores vulnerability CVE-2023-7272 in transitive runtime dependency
 * Updated `org.hamcrest:hamcrest:2.2` to `3.0`
 * Updated `org.junit.jupiter:junit-jupiter-engine:5.10.2` to `5.11.2`
 * Updated `org.junit.jupiter:junit-jupiter-params:5.10.2` to `5.11.2`
-* Updated `org.mockito:mockito-core:5.12.0` to `5.14.1`
+* Updated `org.mockito:mockito-core:5.12.0` to `5.14.2`
+* Updated `org.slf4j:slf4j-jdk14:1.7.36` to `2.0.16`
+
+#### Plugin Dependency Updates
+
+* Updated `io.github.zlika:reproducible-build-maven-plugin:0.16` to `0.17`
+* Updated `org.apache.maven.plugins:maven-clean-plugin:2.5` to `3.4.0`
+* Updated `org.apache.maven.plugins:maven-dependency-plugin:3.6.1` to `3.8.0`
+* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.2.5` to `3.5.1`
+* Updated `org.apache.maven.plugins:maven-gpg-plugin:3.2.4` to `3.2.7`
+* Updated `org.apache.maven.plugins:maven-install-plugin:2.4` to `3.1.3`
+* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.7.0` to `3.10.1`
+* Updated `org.apache.maven.plugins:maven-plugin-plugin:3.13.1` to `3.15.0`
+* Updated `org.apache.maven.plugins:maven-resources-plugin:2.6` to `3.3.1`
+* Updated `org.apache.maven.plugins:maven-site-plugin:3.3` to `3.9.1`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.2.5` to `3.5.1`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.16.2` to `2.17.1`
 
 ### Project Keeper Java Project Crawler
 
 #### Compile Dependency Updates
 
 * Updated `com.exasol:project-keeper-shared-model-classes:4.3.3` to `4.3.4`
+* Updated `org.eclipse.jgit:org.eclipse.jgit:6.7.0.202309050840-r` to `7.0.0.202409031743-r`
 
 #### Test Dependency Updates
 
 * Updated `com.exasol:maven-plugin-integration-testing:1.1.2` to `1.1.3`
 * Updated `org.hamcrest:hamcrest:2.2` to `3.0`
 * Updated `org.junit.jupiter:junit-jupiter-engine:5.10.2` to `5.11.2`
 * Updated `org.junit.jupiter:junit-jupiter-params:5.10.2` to `5.11.2`
-* Updated `org.mockito:mockito-core:5.12.0` to `5.14.1`
-* Updated `org.mockito:mockito-junit-jupiter:5.12.0` to `5.14.1`
+* Updated `org.mockito:mockito-core:5.12.0` to `5.14.2`
+* Updated `org.mockito:mockito-junit-jupiter:5.12.0` to `5.14.2`
+* Updated `org.slf4j:slf4j-jdk14:1.7.36` to `2.0.16`
+
+#### Plugin Dependency Updates
+
+* Updated `io.github.zlika:reproducible-build-maven-plugin:0.16` to `0.17`
+* Updated `org.apache.maven.plugins:maven-clean-plugin:2.5` to `3.4.0`
+* Updated `org.apache.maven.plugins:maven-dependency-plugin:3.6.1` to `3.8.0`
+* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.2.5` to `3.5.1`
+* Updated `org.apache.maven.plugins:maven-gpg-plugin:3.2.4` to `3.2.7`
+* Updated `org.apache.maven.plugins:maven-install-plugin:2.4` to `3.1.3`
+* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.7.0` to `3.10.1`
+* Updated `org.apache.maven.plugins:maven-plugin-plugin:3.13.1` to `3.15.0`
+* Updated `org.apache.maven.plugins:maven-resources-plugin:2.6` to `3.3.1`
+* Updated `org.apache.maven.plugins:maven-site-plugin:3.3` to `3.9.1`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.2.5` to `3.5.1`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.16.2` to `2.17.1`
 
 ### Project Keeper Shared Test Setup
 
@@ -115,3 +204,13 @@ The release ignores vulnerability CVE-2023-7272 in transitive runtime dependency
 * Updated `com.exasol:project-keeper-shared-model-classes:4.3.3` to `4.3.4`
 * Updated `org.hamcrest:hamcrest:2.2` to `3.0`
 * Updated `org.yaml:snakeyaml:2.2` to `2.3`
+
+#### Plugin Dependency Updates
+
+* Updated `io.github.zlika:reproducible-build-maven-plugin:0.16` to `0.17`
+* Updated `org.apache.maven.plugins:maven-clean-plugin:2.5` to `3.4.0`
+* Updated `org.apache.maven.plugins:maven-install-plugin:2.4` to `3.1.3`
+* Updated `org.apache.maven.plugins:maven-resources-plugin:2.6` to `3.3.1`
+* Updated `org.apache.maven.plugins:maven-site-plugin:3.3` to `3.9.1`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.2.5` to `3.5.1`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.16.2` to `2.17.1`

maven-project-crawler/.settings/org.eclipse.jdt.core.prefs

@@ -1,22 +1,27 @@
 eclipse.preferences.version=1
+org.eclipse.jdt.core.builder.annotationPath.allLocations=disabled
 org.eclipse.jdt.core.compiler.annotation.inheritNullAnnotations=disabled
 org.eclipse.jdt.core.compiler.annotation.missingNonNullByDefaultAnnotation=ignore
-org.eclipse.jdt.core.compiler.annotation.nonnull=org.eclipse.jdt.annotation.NonNull
+org.eclipse.jdt.core.compiler.annotation.nonnull=javax.annotation.Nonnull
 org.eclipse.jdt.core.compiler.annotation.nonnull.secondary=
-org.eclipse.jdt.core.compiler.annotation.nonnullbydefault=org.eclipse.jdt.annotation.NonNullByDefault
+org.eclipse.jdt.core.compiler.annotation.nonnullbydefault=javax.annotation.ParametersAreNonnullByDefault
 org.eclipse.jdt.core.compiler.annotation.nonnullbydefault.secondary=
-org.eclipse.jdt.core.compiler.annotation.nullable=org.eclipse.jdt.annotation.Nullable
+org.eclipse.jdt.core.compiler.annotation.notowning=org.eclipse.jdt.annotation.NotOwning
+org.eclipse.jdt.core.compiler.annotation.nullable=javax.annotation.Nullable
 org.eclipse.jdt.core.compiler.annotation.nullable.secondary=
-org.eclipse.jdt.core.compiler.annotation.nullanalysis=disabled
+org.eclipse.jdt.core.compiler.annotation.nullanalysis=enabled
+org.eclipse.jdt.core.compiler.annotation.owning=org.eclipse.jdt.annotation.Owning
+org.eclipse.jdt.core.compiler.annotation.resourceanalysis=disabled
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
-org.eclipse.jdt.core.compiler.codegen.methodParameters=do not generate
+org.eclipse.jdt.core.compiler.codegen.methodParameters=generate
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=17
 org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
 org.eclipse.jdt.core.compiler.compliance=17
 org.eclipse.jdt.core.compiler.debug.lineNumber=generate
 org.eclipse.jdt.core.compiler.debug.localVariable=generate
 org.eclipse.jdt.core.compiler.debug.sourceFile=generate
 org.eclipse.jdt.core.compiler.problem.APILeak=warning
+org.eclipse.jdt.core.compiler.problem.annotatedTypeArgumentToUnannotated=info
 org.eclipse.jdt.core.compiler.problem.annotationSuperInterface=warning
 org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
 org.eclipse.jdt.core.compiler.problem.autoboxing=ignore
@@ -39,8 +44,10 @@ org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
 org.eclipse.jdt.core.compiler.problem.hiddenCatchBlock=warning
 org.eclipse.jdt.core.compiler.problem.includeNullInfoFromAsserts=disabled
 org.eclipse.jdt.core.compiler.problem.incompatibleNonInheritedInterfaceMethod=warning
+org.eclipse.jdt.core.compiler.problem.incompatibleOwningContract=warning
 org.eclipse.jdt.core.compiler.problem.incompleteEnumSwitch=warning
 org.eclipse.jdt.core.compiler.problem.indirectStaticAccess=ignore
+org.eclipse.jdt.core.compiler.problem.insufficientResourceAnalysis=warning
 org.eclipse.jdt.core.compiler.problem.localVariableHiding=ignore
 org.eclipse.jdt.core.compiler.problem.methodWithConstructorName=warning
 org.eclipse.jdt.core.compiler.problem.missingDefaultCase=ignore
@@ -56,15 +63,15 @@ org.eclipse.jdt.core.compiler.problem.noImplicitStringConversion=warning
 org.eclipse.jdt.core.compiler.problem.nonExternalizedStringLiteral=ignore
 org.eclipse.jdt.core.compiler.problem.nonnullParameterAnnotationDropped=warning
 org.eclipse.jdt.core.compiler.problem.nonnullTypeVariableFromLegacyInvocation=warning
-org.eclipse.jdt.core.compiler.problem.nullAnnotationInferenceConflict=error
+org.eclipse.jdt.core.compiler.problem.nullAnnotationInferenceConflict=warning
 org.eclipse.jdt.core.compiler.problem.nullReference=warning
-org.eclipse.jdt.core.compiler.problem.nullSpecViolation=error
-org.eclipse.jdt.core.compiler.problem.nullUncheckedConversion=warning
+org.eclipse.jdt.core.compiler.problem.nullSpecViolation=warning
+org.eclipse.jdt.core.compiler.problem.nullUncheckedConversion=ignore
 org.eclipse.jdt.core.compiler.problem.overridingPackageDefaultMethod=warning
 org.eclipse.jdt.core.compiler.problem.parameterAssignment=ignore
 org.eclipse.jdt.core.compiler.problem.pessimisticNullAnalysisForFreeTypeVariables=warning
 org.eclipse.jdt.core.compiler.problem.possibleAccidentalBooleanAssignment=ignore
-org.eclipse.jdt.core.compiler.problem.potentialNullReference=ignore
+org.eclipse.jdt.core.compiler.problem.potentialNullReference=warning
 org.eclipse.jdt.core.compiler.problem.potentiallyUnclosedCloseable=ignore
 org.eclipse.jdt.core.compiler.problem.rawTypeReference=warning
 org.eclipse.jdt.core.compiler.problem.redundantNullAnnotation=warning
@@ -78,7 +85,8 @@ org.eclipse.jdt.core.compiler.problem.specialParameterHidingField=disabled
 org.eclipse.jdt.core.compiler.problem.staticAccessReceiver=warning
 org.eclipse.jdt.core.compiler.problem.suppressOptionalErrors=disabled
 org.eclipse.jdt.core.compiler.problem.suppressWarnings=enabled
-org.eclipse.jdt.core.compiler.problem.syntacticNullAnalysisForFields=disabled
+org.eclipse.jdt.core.compiler.problem.suppressWarningsNotFullyAnalysed=info
+org.eclipse.jdt.core.compiler.problem.syntacticNullAnalysisForFields=enabled
 org.eclipse.jdt.core.compiler.problem.syntheticAccessEmulation=ignore
 org.eclipse.jdt.core.compiler.problem.terminalDeprecation=warning
 org.eclipse.jdt.core.compiler.problem.typeParameterHiding=warning
@@ -112,7 +120,7 @@ org.eclipse.jdt.core.compiler.problem.unusedTypeParameter=ignore
 org.eclipse.jdt.core.compiler.problem.unusedWarningToken=warning
 org.eclipse.jdt.core.compiler.problem.varargsArgumentNeedCast=warning
 org.eclipse.jdt.core.compiler.processAnnotations=disabled
-org.eclipse.jdt.core.compiler.release=disabled
+org.eclipse.jdt.core.compiler.release=enabled
 org.eclipse.jdt.core.compiler.source=17
 org.eclipse.jdt.core.formatter.align_assignment_statements_on_columns=false
 org.eclipse.jdt.core.formatter.align_fields_grouping_blank_lines=2147483647

maven-project-crawler/.settings/org.eclipse.jdt.ui.prefs

@@ -76,6 +76,7 @@ sp_cleanup.add_missing_nls_tags=false
 sp_cleanup.add_missing_override_annotations=true
 sp_cleanup.add_missing_override_annotations_interface_methods=true
 sp_cleanup.add_serial_version_id=false
+sp_cleanup.also_simplify_lambda=false
 sp_cleanup.always_use_blocks=true
 sp_cleanup.always_use_parentheses_in_expressions=true
 sp_cleanup.always_use_this_for_non_static_field_access=true
@@ -130,6 +131,7 @@ sp_cleanup.one_if_rather_than_duplicate_blocks_that_fall_through=false
 sp_cleanup.operand_factorization=false
 sp_cleanup.organize_imports=true
 sp_cleanup.overridden_assignment=false
+sp_cleanup.overridden_assignment_move_decl=false
 sp_cleanup.plain_replacement=false
 sp_cleanup.precompile_regex=false
 sp_cleanup.primitive_comparison=false
@@ -159,10 +161,12 @@ sp_cleanup.remove_unnecessary_casts=true
 sp_cleanup.remove_unnecessary_nls_tags=true
 sp_cleanup.remove_unused_imports=true
 sp_cleanup.remove_unused_local_variables=false
+sp_cleanup.remove_unused_method_parameters=false
 sp_cleanup.remove_unused_private_fields=true
 sp_cleanup.remove_unused_private_members=false
 sp_cleanup.remove_unused_private_methods=true
 sp_cleanup.remove_unused_private_types=true
+sp_cleanup.replace_deprecated_calls=false
 sp_cleanup.return_expression=false
 sp_cleanup.simplify_lambda_expression_and_method_ref=false
 sp_cleanup.single_used_field=false
@@ -174,6 +178,8 @@ sp_cleanup.strictly_equal_or_different=false
 sp_cleanup.stringbuffer_to_stringbuilder=false
 sp_cleanup.stringbuilder=false
 sp_cleanup.stringbuilder_for_local_vars=false
+sp_cleanup.stringconcat_stringbuffer_stringbuilder=false
+sp_cleanup.stringconcat_to_textblock=false
 sp_cleanup.substring=false
 sp_cleanup.switch=false
 sp_cleanup.system_property=false