Develop Reference

Old version of checkstyle detected. Consider updating to >= v8.30

Small question regarding a SonarQube + Checkstyle warning please.
Currently, in my app, in my pom, I use the following Checkstyle plugin:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.1.2</version>
<configuration>
<outputFile>.out/reports/checkstyle/checkstyle-result.xml</outputFile>
<outputDirectory>target/reports/checkstyle</outputDirectory>
<outputFileFormat>xml</outputFileFormat>
</configuration>
</plugin>
This plugin is doing its job, no worries there.
When I run SonarQube though, I get this warning
Old version of checkstyle detected. Consider updating to >= v8.30
For more information see: https://maven.apache.org/plugins/maven-checkstyle-plugin/examples/upgrading-checkstyle.html
I obviously went to read the website, but I am still having hard time understanding.
The Checkstyle plugin I have is the latest known, version 3.1.2, checked on Maven central etc.
In SonarQube, I am running on the latest version, 8.9 LTS, with the latest version of Checkstyle plugin as well.
What am I missing please? Am I using some kind of wrong plugin?

It is a SonarQube plugin named sonar-checkstyle which needs to be installed or upgraded at the SonarQube server instance. The current version is 8.40.
Note: Refer to
https://docs.sonarqube.org/latest/setup/install-plugin/
https://docs.sonarqube.org/latest/instance-administration/plugin-version-matrix/
https://github.com/checkstyle/sonar-checkstyle
https://github.com/checkstyle/sonar-checkstyle/releases
Edit 1
Step 1
Firstly, there is a cache directory at <user_home>/.sonar/cache (for me on the Windows 10 is C:\Users\<myuser>\.sonar\cache), please delete all sub directories under this cache directory with purpose to let the org.sonarsource.scanner.maven:sonar-maven-plugin latest version download it from our SonarQube server instance and ensure that all related plugins are new and fresh after upgrading/installing at the SonarQube server instance. (Do not forget to restart it after finishing upgrading/installing to ensure all new are re-loaded)
Step 2
Secondly, make sure that we do not specify the org.sonarsource.scanner.maven:sonar-maven-plugin in our project pom.xml neither at the parent nor anywhere else with purpose to ensure that during executing, it will be a latest version which matches to our SonarQube server instance version.
Anyhow the formal document (https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-maven/) also mentions about How to Fix Version of Maven Plugin as the following: -
How to Fix Version of Maven Plugin
It is recommended to lock down versions of Maven plugins:
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>
<!--Version that matched with our Sonar server instance version -->
</version>
</plugin>
</plugins>
</pluginManagement>
</build>
The latest version is able to be browsed at https://search.maven.org/artifact/org.codehaus.mojo/sonar-maven-plugin or https://search.maven.org/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin The latest is version 3.9.0.2155 (Note: the version ?.y.z is matched with our Sonar server instance version)
Step 3
Last but not least, if our project is a multi-module projects there is a mentioned at the formal document (https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-maven/) as the following: -
In some situations you may want to run the sonar:sonar goal as a
dedicated step. Be sure to use install as first step for multi-module
projects
mvn clean install
mvn sonar:sonar ...
Then there will be 2 steps here, mvn clean install first so that it is completed and then mvn sonar:sonar ... later on.
Edit 2
The maven-checkstyle-plugin is also able to specify the checkstyle version as mentioned at https://maven.apache.org/plugins/maven-checkstyle-plugin/examples/upgrading-checkstyle.html with the significant sentence as
Maven Checkstyle plugin comes with a default Checkstyle version: for
maven-checkstyle-plugin 3.1.2, Checkstyle 8.29 is used by default.
Then the configuration for the maven-checkstyle-plugin will be like the following: -
<project>
...
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.1.2</version>
<dependencies>
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<version>...choose your version...</version>
</dependency>
</dependencies>
</plugin>
</plugins>
</pluginManagement>
<build>
...
</project>
The latest version is able to be browsed at https://search.maven.org/artifact/com.puppycrawl.tools/checkstyle The latest is version 8.42.

What happens if you do not specify the version of the maven plugin?

What will happen if spring boot 2 in pom.xml does not indicate the version of the plugin. Will it automatically use the latest version? For example maven-surefire-plugin.
<build>
<!--Закомментировать если сборка с Java-->
<sourceDirectory>${project.basedir}/src/main/kotlin</sourceDirectory>
<testSourceDirectory>${project.basedir}/src/test/kotlin</testSourceDirectory>
<!---->
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
</plugin>

From maven 3.x documentation
When a plugin was invoked without an explicit version given in the POM
or on the command line, Maven 2.x used to pick the latest version
available where the latest version could either be a release or a
snapshot. For the sake of stability, Maven 3.x prefers the latest
release version over the latest snapshot version.
Given the threat of non-reproducible builds imposed by automatic
plugin version resolution, this feature is scheduled for removal as
far as plugin declarations in the POM are concerned. Users of Maven
3.x will find it output a warning when missing plugin versions are detected to encourage the addition of plugin versions to the POM or
one of its parent POMs. The Enforcer rule requirePluginVersions can be
used additionally check for missing plugin versions in the POM.

It really depends what your parent is. Spring Boot's parent has pluginManagement for a number of plugins (including surefire) so it will use that version. This is a fixed version and it depends on the Spring Boot version you're using.
There is no guarantee that it will be the latest, even if you use the latest Spring Boot version as we try to be consistent with our upgrade policy. You can figure this out yourself via mvn help:effective-pom.

Java 11 Eclipse finds automatic module, Maven does not

I'm attempting to upgrade a 15 year old Maven multimodule project to Java 11, and the module system that was introduced in Java 9. Since the project is built using Maven, all dependencies are pretty clear. First I want to do this using the automatic module names, in order not to also introduce upgraded artifacts (if not absolutely required).
Eclipse is pretty helpful in this process, autocompleting the automatic module names in the module-info.java. For example:
requires dom4j;
But if I compile with Maven, I get errors about that it cannot find the modules Eclipse just autocompleted in there.
module-info.java:[29,18] module not found: dom4j
I am using Maven's compiler plugin 3.7.0 (3.8.0 gives a NullPointerException as per https://jira.apache.org/jira/browse/MCOMPILER-355) I suspect Maven is setting the jars up on the classpath instead of on the modulepath, but the compiler's plugin debug output does not log that.
How can I make Maven correctly handle those modules?

I was running into the same issue. Adding
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.1</version>
</plugin>
</plugins>
</build>
to my pom solved the problem for me...
Maven version 3.9.0 seems to be buggy and will not find the module although the dependency is using an Automatic-Module-Name. Downgrading to version 3.8.1 helps.

mvn clean tomcat:run command

When I run "mvn clean tomcat:run" (without specifying any tomcat version) command from command prompt for running my web application, it download tomcat 6.0.29 version dependency as shown below:
org/apache/tomcat/juli/6.0.29/juli-6.0.29.pom
org/apache/tomcat/annotations-api/6.0.29/annotations-api-6.0.29.pom
org/apache/tomcat/catalina-ha/6.0.29/catalina-ha-6.0.29.pom
org/apache/tomcat/coyote/6.0.29/coyote-6.0.29.pom
org/apache/tomcat/tribes/6.0.29/tribes-6.0.29.pom
org/apache/tomcat/jasper-el/6.0.29/jasper-el-6.0.29.pom
org/apache/tomcat/dbcp/6.0.29/dbcp-6.0.29.pom
pom.xml file of the application does not contain any tomcat version it require to run
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.0.2</version>
<configuration>
<source>1.6</source>
<target>1.6</target>
</configuration>
</plugin>
</plugins>
<finalName>esa</finalName>
</build>
So my query is how does it decide to download particular this tomcat version dependency.

Probably the default settings of the tomcat plugin you run.
Try running mvn tomcat:help -Ddetails to see what version of the plugin you use, and how it can be configured.
I think it is an earlier version of the plugin, and you can now use explicit versions, such as
mvn org.apache.tomcat.maven:tomcat6-maven-plugin:2.0:run
mvn org.apache.tomcat.maven:tomcat7-maven-plugin:2.0:run
(or the shorter form)

Seems, you are running the tomcat-maven-plugin from codehaus, whihc has tomcat 6.0.29 built-in. (Seems there was no activity since 2010.)
You should try the tomcat7 plugin from apache.
Regards
Tibor

In command line for maven use --debug option to get explanation of build process. For our case output looks like:
...[DEBUG] Resolving plugin prefix tomcat from [org.apache.maven.plugins, org.codehaus.mojo]
...
[DEBUG] Resolved plugin version for org.codehaus.mojo:tomcat-maven-plugin to 1.1 from repository central (http://repo.maven.apache.org/maven2, releases)...
Actually to explain why we've got tomcat v1.1 without specifying anything about tomcat, remember that maven build process has been customized with build plugins. And each build plugins has own build plugins. So it is enough to examine effective pom file to get clear understanding that almost empty initial pom.xml has quite big effective pom.xml.
To overcome issue just use explicit version of the tomcat plugin.

Why is the maven project info reports plugin creating a superfluous folder?

When I run mvn site, the maven-project-info-reports-plugin is creating a folder in my project base folder called "${project.basedir}". My plugin is defined like so with no extra configuration:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-project-info-reports-plugin</artifactId>
<version>${version.maven-project-info-reports-plugin}</version>
</plugin>
When this happens, the site generation gives me a warning:
[WARNING] The repository url 'file://${project.basedir}' is invalid -
Repository 'studio.repository' will be blacklisted.
Why is this oddly-named folder being created, and how can I prevent it from being created? What other configuration can I look at that might be related to this plugin?
UPDATE (the plugin is version 2.2, the latest as far as I know as of this writing)

There is a (dated) discussion in maven mailing list which looks related. The issue seems to be due to using repository mirrors.
You would want to try with the latest version of the plugin, as well as the workaround suggested, which is to set <dependencyLocationEnabled> to false.