Merge remote-tracking branch 'origin/master' into feature/RAT-293_son…

…arCloud

Fetch release 0.15

.github/workflows/maven.yml

@@ -31,17 +31,19 @@ jobs:
         os: [ubuntu-latest, windows-latest]
 # RAT-296: disable JDK10 due to
 # Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
-        java: [8, 11, 12, 13, 14, 15]
+#
+# Java 17 disabled, because we are running into https://bugs.openjdk.java.net/browse/JDK-8270866
+        java: [8, 11, 12, 13, 14, 15, 16]
       fail-fast: false
 
     runs-on: ${{ matrix.os }}
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Set up JDK
-        uses: actions/setup-java@v2.5.0
+        uses: actions/setup-java@v3.4.1
         with:
           distribution: adopt
           java-version: ${{ matrix.java }}
@@ -50,3 +52,8 @@ jobs:
       - name: Build with Maven
         run: mvn -e -B -V clean package site
 
+# as of 20220505:  Invalid workflow file
+# The workflow is not valid. .github/workflows/maven.yml (Line: 55, Col: 1): Unexpected value 'notifications'
+#notifications:
+#   jobs: [email protected]
+

.travis.yml

@@ -1,13 +1,9 @@
 language: java
-dist: trusty
+dist: focal 
 sudo: required
 
 jobs:
     include:
-        - name: "Java 8"
-          jdk: openjdk8
-          script: mvn -e -B -V clean package site
-
-        - name: "Java 14"
-          jdk: openjdk14
+        - name: "Java 16"
+          jdk: openjdk16
           script: mvn -e -B -V clean package site

Jenkinsfile

@@ -41,7 +41,7 @@ pipeline {
 
     tools {
         maven 'maven_3_latest'
-        jdk 'jdk_14_latest'
+        jdk 'jdk_16_latest'
     }
 
     options {

README.md

@@ -65,4 +65,4 @@ stylesheets or keep in close touch with the code.
 
 If you want to contribute, feel free to branch from master and provide a pull request via Github.
 You should file a contributor license agreement in order to properly handle your input.
-Apart from that you could file an issue in ASF's Jira under the project "RAT".
+Apart from that you can file an issue in ASF's Jira: [project RAT](https://issues.apache.org/jira/browse/RAT)

RELEASE-NOTES.txt

@@ -1,7 +1,7 @@
-              Apache Creadur Rat 0.13
+              Apache Creadur Rat 0.15
                   RELEASE NOTES
 
-The Apache Creadur Rat team is pleased to announce the release of Apache Creadur Rat 0.13
+The Apache Creadur Rat team is pleased to announce the release of Apache Creadur Rat 0.15
 
 Apache Rat is a release audit tool. It improves accuracy and efficiency when checking
 releases. It is heuristic in nature: making guesses about possible problems. It
@@ -15,25 +15,30 @@ Note that binary compatibility is not guaranteed between 0.x releases.
 Apache Rat is developed by the Apache Creadur project, a language and build
 agnostic home for software distribution comprehension and audit tools.
 
-Changes in this version include:
+This release fixes a warning during site builds and updates various dependencies.
 
-New features:
-o RAT-228:  Fixing broken Ant unit test setup and making tests run more deterministic. Thanks to Romain Manni-Bucau.
-o RAT-245:  Update to latest available and compatible Apache ANT 1.9.12 to get bugfixes and newer JDK support.
-o RAT-245:  Update to latest available and compatible Apache ANT 1.9.11 to get bugfixes and newer JDK support.
-o RAT-245:  Update to latest available and compatible Apache ANT 1.9.10 due to CVE-2017-5645.
-o RAT-243:  Add .checkstyle to Eclipse default exclusions. Thanks to Matthew Ouyang.
-o RAT-241:  Reduce default log level of used exclusions to debug, only print totals into the maven log like includes. Thanks to Andrew Gaul.
-o RAT-233:  Recognize XML-based .Net Core xproj files. Thanks to Stefan Bodewig.
-o RAT-226:  Update to latest available and compatible Apache ANT 1.9.9.
+Changes in this version include:
 
 Fixed Bugs:
-o RAT-242:  Use UTF-8 as default encoding for RAT Ant reports. Thanks to Matthias Bläsing.
-o RAT-234:  Do not treat TypeScript files as binary. Thanks to ajbanck.
-o RAT-240:  Overhauled CLI module to allow file based exclusions with wildcards and explicit file names.
-o RAT-222:  Download section does not work if SNAPSHOT is deployed, add download of previous RAT release.
-o RAT-224:  Fixed example on webpage abozt usage of custom licenses. Thanks to John Patrick.
-o RAT-223:  Add support for Golang and Perl module files. Thanks to Eric Friedrich.
+o RAT-309:  Site builds could not be generated properly due to API changes: solution was to upgrade Maven Reporting API to 3.1.1 and use details of Maven Reporting Implementation 3.2.0 in RAT's Mojo hierarchy. Thanks to Michael Osipov, Gary Gregory.
+o RAT-309:  Updated internal data structures from deprecated ArrayStack to JDK's ArrayDeque.
+o RAT-306:  Add note about hierarchy of changelogs in RAT project structure when publishing the project webpage.
+o RAT-307:  Update to focal (Ubuntu 20.04) on Travis to circumvent build errors and be able to use more modern JDK versions. Deprecate openJDK8 build with focal as it is not supported on Travis.
+
+Changes:
+o RAT-305:  Update maven-project-info-reports-plugin from 3.3.0 to 3.4.1. Thanks to dependabot.
+o RAT-305:  Update maven-javadoc-plugin from 3.4.0 to 3.4.1. Thanks to dependabot.
+o RAT-305:  Update maven-jxr-plugin from 3.2.0 to 3.3.0. Thanks to dependabot.
+o RAT-305:  Update animal-sniffer-maven-plugin from 1.21 to 1.22. Thanks to dependabot.
+o RAT-305:  Update maven-site-plugin from 3.12.0 to 3.12.1. Thanks to dependabot.
+o RAT-305:  Update maven-pmd-plugin from 3.16.0 to 3.18.0. Thanks to dependabot.
+o RAT-305:  Update mockito-core from 4.6.0 to 4.7.0. Thanks to dependabot.
+o RAT-305:  Update extra-enforcer-rules from 1.5.1 to 1.6.1. Thanks to dependabot.
+o RAT-305:  Update Apache parent pom from 26 to 27. Thanks to dependabot.
+o RAT-305:  Update wagon-ssh from 3.5.1 to 3.5.2. Thanks to dependabot.
+o RAT-305:  Update maven-enforcer-plugin from 3.0.0 to 3.1.0. Thanks to dependabot.
+o RAT-305:  Update actions/setup-java from 3.3.0 to 3.4.1. Thanks to dependabot.
+o RAT-310:  Fix deprecation warnings in tests. Use hamcrest's annotations instead of ones from JUnit.
 
 
 Historical list of changes: https://creadur.apache.org/rat/changes-report.html

RELEASE_NOTES.txt

@@ -1,3 +1,90 @@
+Rat 0.15
+========
+This release fixes a warning during site builds and updates various dependencies.
+
+Fixed Bugs:
+o RAT-309:  Site builds could not be generated properly due to API changes: solution was to upgrade Maven Reporting API to 3.1.1 and use details of Maven Reporting Implementation 3.2.0 in RAT's Mojo hierarchy. Thanks to Michael Osipov, Gary Gregory.
+o RAT-309:  Updated internal data structures from deprecated ArrayStack to JDK's ArrayDeque.
+o RAT-306:  Add note about hierarchy of changelogs in RAT project structure when publishing the project webpage.
+o RAT-307:  Update to focal (Ubuntu 20.04) on Travis to circumvent build errors and be able to use more modern JDK versions. Deprecate openJDK8 build with focal as it is not supported on Travis.
+
+Changes:
+o RAT-305:  Update maven-project-info-reports-plugin from 3.3.0 to 3.4.1. Thanks to dependabot.
+o RAT-305:  Update maven-javadoc-plugin from 3.4.0 to 3.4.1. Thanks to dependabot.
+o RAT-305:  Update maven-jxr-plugin from 3.2.0 to 3.3.0. Thanks to dependabot.
+o RAT-305:  Update animal-sniffer-maven-plugin from 1.21 to 1.22. Thanks to dependabot.
+o RAT-305:  Update maven-site-plugin from 3.12.0 to 3.12.1. Thanks to dependabot.
+o RAT-305:  Update maven-pmd-plugin from 3.16.0 to 3.18.0. Thanks to dependabot.
+o RAT-305:  Update mockito-core from 4.6.0 to 4.7.0. Thanks to dependabot.
+o RAT-305:  Update extra-enforcer-rules from 1.5.1 to 1.6.1. Thanks to dependabot.
+o RAT-305:  Update Apache parent pom from 26 to 27. Thanks to dependabot.
+o RAT-305:  Update wagon-ssh from 3.5.1 to 3.5.2. Thanks to dependabot.
+o RAT-305:  Update maven-enforcer-plugin from 3.0.0 to 3.1.0. Thanks to dependabot.
+o RAT-305:  Update actions/setup-java from 3.3.0 to 3.4.1. Thanks to dependabot.
+o RAT-310:  Fix deprecation warnings in tests. Use hamcrest's annotations instead of ones from JUnit.
+
+Rat 0.14
+========
+This release contains dependency updates, bugfixes and many improvements apart from infrastructure updates at ASF.
+
+New features:
+* RAT-288:  Adapt logging output to be more compliant with future Maven versions as debug is deprecated and verbose is the recommended way to go. Thanks to Michael Osipov.
+* RAT-297:  Update maven-reporting-api from 3.0 to 3.1.0 and remove usage of deprecated Sink API. Thanks to Michael Osipov.
+* RAT-289:  Enable dependabot integration - write access is forbidden, but email alerts and pull requests should be ok.
+* RAT-279:  Migrate vom Travis CI.org to Travis-ci.com.
+* RAT-271:  Move all Creadur projects to new Jenkins infrastructure at ASF and migrate from Subversion to Gitbox/Github. Please update your repository URLs and use the new default branch master in all projects.
+* RAT-270:  Change default behaviour to output erroneous files to console. Can be disabled by setting rat.consoleOutput to false.
+* RAT-266:  Add .factorypath to Eclipse-default exclusions. Thanks to Michael Osipov.
+* RAT-254:  Properly finish move to gitbox/github, get rid of SVN references and adapt main branch to master and fix all Jenkins build jobs for RAT.
+* RAT-244:  Update compiler level to 1.7 to allow building with more recent JDKs. Update plugins and dependencies to more modern versions to fix security issues (CVE-warnings).
+* RAT-212:  Add alternative https URLs in Apache License, Version 2.0 to allow automatic recognition as valid ASF2.0. Thanks to Niels Basjes.
+* RAT-250:  Update to latest available and compatible Apache ANT 1.9.14 to get bugfixes.
+o INFRA-17348: SCM repository has been moved from svn.apache.org (Subversion) to gitbox.apache.org (Git)
+
+Fixed Bugs:
+* RAT-290:  Update maven-jxr-plugin from 2.5 to 3.2.0. Thanks to dependabot.
+* RAT-290:  Update maven-antrun-plugin from 3.0.0 to 3.1.1. Thanks to dependabot.
+* RAT-290:  Update github actions/checkout from 2 to 3. Thanks to dependabot.
+* RAT-290:  Update github actions/setup-java from 2.5.0 to 3.3.0. Thanks to dependabot.
+* RAT-290:  Update maven-pmd-plugin from 3.14.0 to 3.16.0. Thanks to dependabot.
+* RAT-290:  Update maven-javadoc-plugin from 3.3.1 to 3.4.0. Thanks to dependabot.
+* RAT-290:  Update maven-compiler-plugin from 3.8.1 to 3.10.1. Thanks to dependabot.
+* RAT-290:  Update wagon-ssh from 3.5.0 to 3.5.1. Thanks to dependabot.
+* RAT-290:  Update maven-site-plugin from 3.9.1 to 3.12.0. Thanks to dependabot.
+* RAT-290:  Update maven-project-info-reports-plugin from 3.1.1 to 3.3.0. Thanks to dependabot.
+* RAT-290:  Update mockito-core from 3.11.2 to 4.6.0. Thanks to dependabot.
+* RAT-290:  Update ASF parent from 23 to 26. Thanks to dependabot.
+* RAT-273:  Some tests were based on the assumption, that the value of file.encoding
+            can be changed on runtime. (Won't work nowadays, beginning with Java 16.)
+            Removed this assumption in favour of a proper surefire configuration.
+* RAT-273:  Workaround for an incompatibility in the java.io.LineNumberReader, which is
+            being replaced by the org.apache.rat.header.LineNumberReader.
+* RAT-290:  Update animal-sniffer-maven-plugin from 1.20 to 1.21. Thanks to Jin Xu/Xeno Amess.
+* RAT-296:  Use Github Actions for matrix builds on Windows and ubuntu with JDK 8,11,12,13,14,15. Simplify Travis integration to avoid dockerhub-related build failures.
+* RAT-274:  Update to latest Apache Ant 1.10.12.
+* RAT-291:  Fix links to Travis builds for all creadur projects.
+* RAT-290:  Update maven-dependency-plugin from 3.1.1 to 3.2.0. Thanks to dependabot.
+* RAT-290:  Update plexus-utils from 3.0.21 to 3.4.1. Thanks to dependabot.
+* RAT-290:  Update commons-cli from 1.4 to 1.5.0. Thanks to dependabot.
+* RAT-290:  Update maven-plugin-annotation and maven-plugin-plugin from 3.6.1 to 3.6.2. Thanks to dependabot.
+* RAT-275:  Update to doxia 1.11.1 in order to get CVE-2020-13956-httpclient problem fixes in doxia.
+* RAT-283:  Update plugin versions and dependencies in order to run properly with Java8 as minimal compiler level.
+* RAT-286:  Update to maven-plugin-plugin v3.6.1 in order to circumvent error during maven site builds.
+* RAT-285:  Update to latest Apache Ant 1.10.11 in order to fix issues related to dependency commons-compress in Ant itself.
+* RAT-207:  Properly report thread-safeness to Maven. Thanks to Xavier Dury.
+* RAT-281:  Update to latest Commons IO to fix CVE-2021-29425 (Moderate severity).
+* RAT-274:  Update to latest Apache Ant 1.10.10.
+* RAT-277:  Update to junit 4.13.1 to fix CVE-2020-15250.
+* RAT-158:  Update to new ASF parent 23 in order to get rid of doxia version management that generated warnings.
+* RAT-274:  Update to latest Apache Ant 1.10.9 to fix CVE-2020-11979. Update to JDK8 as minimal version/compiler version.
+* RAT-269:  Update to latest Apache Ant to fix CVE-2020-1945.
+* RAT-268:  Allow handling of pom-file-only projects by not assuming that all modules are in directories. Thanks to Robert Scholte.
+* RAT-267:  Report ignored lines from exclusion file to stderr instead of std to not generate erroneous JSON. Thanks to Fabio Utzig.
+* RAT-262:  Treat JSON data as binary to avoid reports of missing licenses.
+* RAT-260:  Change to docker image when building on Travis to avoid JDK version mixup in traditional build setup. Thanks to Kamil Breguła.
+* RAT-258:  Update to latest commons-compress to fix CVE-2019-12402.
+* RAT-257:  Adapt help text for CLI usage of RAT.
+
 Rat 0.13
 =========
 

apache-rat-api/pom.xml

@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.apache.rat</groupId>
     <artifactId>apache-rat-project</artifactId>
-    <version>0.14-SNAPSHOT</version>
+    <version>0.16-SNAPSHOT</version>
   </parent>
   <packaging>jar</packaging>
 

apache-rat-api/src/test/java/org/apache/rat/api/domain/LicenseFamilyBuilderTest.java

@@ -19,8 +19,8 @@
 package org.apache.rat.api.domain;
 
 import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertThat;
 
 import org.junit.Test;
 

apache-rat-api/src/test/java/org/apache/rat/api/domain/RatLicenseFamilyTest.java

@@ -30,7 +30,7 @@
 import static org.apache.rat.api.domain.RatLicenseFamily.W3C;
 import static org.apache.rat.api.domain.RatLicenseFamily.W3C_DOCUMENTATION;
 import static org.hamcrest.CoreMatchers.is;
-import static org.junit.Assert.assertThat;
+import static org.hamcrest.MatcherAssert.assertThat;
 
 import org.junit.Test;
 

apache-rat-core/pom.xml

@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.apache.rat</groupId>
     <artifactId>apache-rat-project</artifactId>
-    <version>0.14-SNAPSHOT</version>
+    <version>0.16-SNAPSHOT</version>
   </parent>
   <artifactId>apache-rat-core</artifactId>
   <packaging>jar</packaging>

apache-rat-core/src/main/java/org/apache/rat/header/FilteringSequenceFactory.java

@@ -39,6 +39,10 @@ public FilteringSequenceFactory(final int capacity, final CharFilter filter) {
     }
 
     public CharSequence filter(Reader reader) throws IOException {
+    	return filter(new LineNumberReader(reader));
+    }
+
+    public CharSequence filter(LineNumberReader reader) throws IOException {
         buffer.clear();
         boolean eof = false;
         while(!eof) {

apache-rat-core/src/main/java/org/apache/rat/header/HeaderMatcher.java

@@ -19,7 +19,6 @@
 package org.apache.rat.header;
 
 import java.io.IOException;
-import java.io.LineNumberReader;
 import java.io.Reader;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -60,7 +59,6 @@ public void read(Reader reader) throws IOException {
             lines = -1;
         }
         if (headers != null) {
-            final int length = headers.length;
             for (final HeaderBean headerBean : headers) {
                 if (headerBean != null) {
                     final Pattern headerPattern = headerBean.getHeaderPattern();

apache-rat-core/src/main/java/org/apache/rat/header/LineNumberReader.java

@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one   *
+ * or more contributor license agreements.  See the NOTICE file *
+ * distributed with this work for additional information        *
+ * regarding copyright ownership.  The ASF licenses this file   *
+ * to you under the Apache License, Version 2.0 (the            *
+ * "License"); you may not use this file except in compliance   *
+ * with the License.  You may obtain a copy of the License at   *
+ *                                                              *
+ *   http://www.apache.org/licenses/LICENSE-2.0                 *
+ *                                                              *
+ * Unless required by applicable law or agreed to in writing,   *
+ * software distributed under the License is distributed on an  *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY       *
+ * KIND, either express or implied.  See the License for the    *
+ * specific language governing permissions and limitations      *
+ * under the License.                                           *
+ */ 
+package org.apache.rat.header;
+
+import java.io.IOException;
+import java.io.Reader;
+
+/** Replacement for {@link java.io.LineNumberReader}. This class
+ * provides a workaround for an incompatibility in the
+ * {@link java.io.LineNumberReader}: If the last line in a file
+ * isn't terminated with LF, or CR, or CRLF, then that line
+ * is counted in Java 16, and beyond, but wasn't counted before.
+ * This implementation is compatible with the latter variant,
+ * thus providing upwards compatibility for RAT.
+ */
+public class LineNumberReader {
+	private final Reader parent;
+	private boolean previousCharWasCR = false;
+	private int lineNumber = 0;
+
+	public LineNumberReader(Reader pReader) {
+		parent = pReader;
+	}
+
+	public int read() throws IOException {
+		final int c = parent.read();
+		switch(c) {
+		case 13:
+			previousCharWasCR = true;
+			++lineNumber;
+			break;
+		case 10:
+			if (!previousCharWasCR) {
+				++lineNumber;
+			}
+			previousCharWasCR = false;
+			break;
+		default:
+			previousCharWasCR = false;
+			break;
+		}
+		return c;
+	}
+
+	public int getLineNumber() {
+		return lineNumber;
+	}
+}

apache-rat-core/src/main/java/org/apache/rat/report/xml/writer/impl/base/XmlWriter.java

@@ -18,13 +18,13 @@
  */
 package org.apache.rat.report.xml.writer.impl.base;
 
-import org.apache.commons.collections4.ArrayStack;
 import org.apache.rat.report.xml.writer.IXmlWriter;
 import org.apache.rat.report.xml.writer.InvalidXmlException;
 import org.apache.rat.report.xml.writer.OperationNotAllowedException;
 
 import java.io.IOException;
 import java.io.Writer;
+import java.util.ArrayDeque;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Set;
@@ -400,7 +400,7 @@ public final class XmlWriter implements IXmlWriter {
     }
 
     private final Writer writer;
-    private final ArrayStack elementNames;
+    private final ArrayDeque elementNames;
     private final Set<CharSequence> currentAttributes = new HashSet<>();
 
     boolean elementsWritten = false;
@@ -409,7 +409,7 @@ public final class XmlWriter implements IXmlWriter {
 
     public XmlWriter(final Writer writer) {
         this.writer = writer;
-        this.elementNames = new ArrayStack();
+        this.elementNames = new ArrayDeque<CharSequence>();
     }
 
     /**

apache-rat-core/src/test/java/org/apache/rat/header/HeaderMatcherTest.java

@@ -30,13 +30,11 @@
 
 public class HeaderMatcherTest {
 
-    private int capacity;
     private HeaderMatcher matcher;
     private SimpleCharFilter filter;
 
     @Before
     public void setUp() throws Exception {
-        capacity = 20;
         filter = new SimpleCharFilter();
         matcher = new HeaderMatcher(filter, 20);
     }