diff --git a/README.md b/README.md
index 6b8c7b7..a562326 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@
-LicenseScan Maven plugin audits the dependencies and the transitive dependencies for the Runtime and Compile scopes of a Maven project,
+LicenseScan Maven Plugin audits the dependencies and the transitive dependencies for the Runtime and Compile scopes of a Maven project,
and allows to fail the build if a license is detected belonging to the configured denylist.
The plugin has a single goal called `audit`. The goal can be linked at any stage of the Maven lifecycle with the appropriate `` configuration.
@@ -23,7 +23,7 @@ To attach the plugin to your Maven project, add the following block in your `pom
com.github.carlomorelli
licensescan-maven-plugin
- 3.1
+ 3.2
true
@@ -85,7 +85,7 @@ Together with the log console output, the LicenseScan plugin also generates comp
The generated report is a formatted HTML single page document (similar to JaCoCo or Checkstyle reports)
`index.html` where the user can visualize the plugin analysis in a easier way. For programmatic analysis,
a JSON output file is generated alongside the HTML report.
-The HTML report is built using [Moustache](https://github.com/spullara/mustache.java) template engine.
+The HTML report is built using [Mustache](https://github.com/spullara/mustache.java) template engine.
## How to use the denylist properly
A license that we want to forbid can be indicated in the denylist either with a flat string (that will then be matched exactly as it is indicated), ot with a regular expression.
@@ -99,6 +99,11 @@ A license that we want to forbid can be indicated in the denylist either with a
## Changelog
+### Version 3.2
+* Fail build when artifacts have no dependencies
+* Parametrize the version number used by the test-project pom.xmls
+* Fixed regression on Transient Artifacts visualization during build log
+
### Version 3.1
* (_Experimental_) Generate JSON and HTML Report outputs.
* Internal code cleanup of non-inclusive terms.
@@ -130,6 +135,6 @@ I developed this plugin in the spare time and I don't always have to chance to s
Although LicenseScan Maven Plugin is pretty safe to use, as it works only in scanning mode, remember: USE AT YOUR OWN RISK.
I'm always interested in voices from the customers.
-Let me know if you find this plugin useful!
+Let me know if you find this plugin useful! 🙌🏼
--Carlo
diff --git a/pom.xml b/pom.xml
index 8847141..e34ed3e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
com.github.carlomorelli
licensescan-maven-plugin
maven-plugin
- 3.1
+ 3.2
licensescan-maven-plugin
http://maven.apache.org
diff --git a/src/main/java/com/csoft/utils/ArtifactUtils.java b/src/main/java/com/csoft/utils/ArtifactUtils.java
index 19f58f5..d402be6 100644
--- a/src/main/java/com/csoft/utils/ArtifactUtils.java
+++ b/src/main/java/com/csoft/utils/ArtifactUtils.java
@@ -18,6 +18,8 @@ private ArtifactUtils() {}
* @return Set of dependencies.
*/
public static Set getTransitiveDependencies(final MavenProject mavenProject) {
+ //NOTE: we have to wrap MavenProject::getArtifacts and ::getDependencyArtifacts output sets into
+ //an HashSet to make sure that we Set::removeAll behaves predictibly.
Set transitiveDependencies = new HashSet<>(mavenProject.getArtifacts());
transitiveDependencies.removeAll(new HashSet<>(mavenProject.getDependencyArtifacts()));
return transitiveDependencies;
@@ -31,6 +33,8 @@ public static Set getTransitiveDependencies(final MavenProject mavenPr
* @return Set of dependencies.
*/
public static Set getCumulativeDependencies(final MavenProject mavenProject) {
+ //NOTE: we have to wrap MavenProject::getArtifacts and ::getDependencyArtifacts output sets into
+ //an HashSet to make sure that we Set::addAll behaves predictibly.
Set cumulativeDependencies = new HashSet<>(mavenProject.getArtifacts());
cumulativeDependencies.addAll(new HashSet<>(mavenProject.getDependencyArtifacts()));
return cumulativeDependencies;