From 27c816df66bf82eede3de32b3a7b15764d95b74b Mon Sep 17 00:00:00 2001
From: Andrzej Jarmoniuk <gh@jarmoniuk.nl>
Date: Sat, 4 Feb 2023 22:05:38 +0100
Subject: [PATCH 1/4] [MENFORCER-466] Changed the default set of dependency
 exclusions to exclude the provided and test scopes and to exclude optional
 dependencies

---
 .../rules/dependency/ResolveUtil.java         | 16 +++++-
 .../invoker.properties                        | 18 ++++++
 .../require-upper-bound-deps-provided/pom.xml | 57 +++++++++++++++++++
 3 files changed, 88 insertions(+), 3 deletions(-)
 create mode 100644 maven-enforcer-plugin/src/it/projects/require-upper-bound-deps-provided/invoker.properties
 create mode 100644 maven-enforcer-plugin/src/it/projects/require-upper-bound-deps-provided/pom.xml

diff --git a/enforcer-rules/src/main/java/org/apache/maven/enforcer/rules/dependency/ResolveUtil.java b/enforcer-rules/src/main/java/org/apache/maven/enforcer/rules/dependency/ResolveUtil.java
index 8eb82780..1337fed3 100644
--- a/enforcer-rules/src/main/java/org/apache/maven/enforcer/rules/dependency/ResolveUtil.java
+++ b/enforcer-rules/src/main/java/org/apache/maven/enforcer/rules/dependency/ResolveUtil.java
@@ -39,9 +39,14 @@
 import org.eclipse.aether.graph.DependencyNode;
 import org.eclipse.aether.util.graph.manager.DependencyManagerUtils;
 import org.eclipse.aether.util.graph.selector.AndDependencySelector;
+import org.eclipse.aether.util.graph.selector.ExclusionDependencySelector;
+import org.eclipse.aether.util.graph.selector.OptionalDependencySelector;
+import org.eclipse.aether.util.graph.selector.ScopeDependencySelector;
 import org.eclipse.aether.util.graph.transformer.ConflictResolver;
 
 import static java.util.Optional.ofNullable;
+import static org.apache.maven.artifact.Artifact.SCOPE_PROVIDED;
+import static org.apache.maven.artifact.Artifact.SCOPE_TEST;
 
 /**
  * Resolver helper class.
@@ -70,6 +75,13 @@ class ResolveUtil {
      * @throws EnforcerRuleException thrown if the lookup fails
      */
     DependencyNode resolveTransitiveDependencies(DependencySelector... selectors) throws EnforcerRuleException {
+        if (selectors.length == 0) {
+            selectors = new DependencySelector[] {
+                new ScopeDependencySelector(SCOPE_TEST, SCOPE_PROVIDED),
+                new OptionalDependencySelector(),
+                new ExclusionDependencySelector()
+            };
+        }
         try {
             MavenProject project = session.getCurrentProject();
             ArtifactTypeRegistry artifactTypeRegistry =
@@ -79,9 +91,7 @@ DependencyNode resolveTransitiveDependencies(DependencySelector... selectors) th
                     new DefaultRepositorySystemSession(session.getRepositorySession());
             repositorySystemSession.setConfigProperty(ConflictResolver.CONFIG_PROP_VERBOSE, true);
             repositorySystemSession.setConfigProperty(DependencyManagerUtils.CONFIG_PROP_VERBOSE, true);
-            if (selectors.length > 0) {
-                repositorySystemSession.setDependencySelector(new AndDependencySelector(selectors));
-            }
+            repositorySystemSession.setDependencySelector(new AndDependencySelector(selectors));
 
             CollectRequest collectRequest = new CollectRequest(
                     project.getDependencies().stream()
diff --git a/maven-enforcer-plugin/src/it/projects/require-upper-bound-deps-provided/invoker.properties b/maven-enforcer-plugin/src/it/projects/require-upper-bound-deps-provided/invoker.properties
new file mode 100644
index 00000000..1dcdc656
--- /dev/null
+++ b/maven-enforcer-plugin/src/it/projects/require-upper-bound-deps-provided/invoker.properties
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.buildResult = success
diff --git a/maven-enforcer-plugin/src/it/projects/require-upper-bound-deps-provided/pom.xml b/maven-enforcer-plugin/src/it/projects/require-upper-bound-deps-provided/pom.xml
new file mode 100644
index 00000000..2adf2026
--- /dev/null
+++ b/maven-enforcer-plugin/src/it/projects/require-upper-bound-deps-provided/pom.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  * Licensed to the Apache Software Foundation (ASF) under one
+  * or more contributor license agreements.  See the NOTICE file
+  * distributed with this work for additional information
+  * regarding copyright ownership.  The ASF licenses this file
+  * to you under the Apache License, Version 2.0 (the
+  * "License"); you may not use this file except in compliance
+  * with the License.  You may obtain a copy of the License at
+  *
+  * http://www.apache.org/licenses/LICENSE-2.0
+  *
+  * Unless required by applicable law or agreed to in writing,
+  * software distributed under the License is distributed on an
+  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  * KIND, either express or implied.  See the License for the
+  * specific language governing permissions and limitations
+  * under the License. 
+  *
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+  <artifactId>menforcer128</artifactId>
+  <version>1.0-SNAPSHOT</version>
+  <packaging>jar</packaging>
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+      <artifactId>menforcer128_api</artifactId>
+      <version>1.4.0</version>
+      <scope>provided</scope>
+    </dependency>
+  </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-enforcer-plugin</artifactId>
+        <version>@project.version@</version>
+        <executions>
+          <execution>
+            <id>enforce</id>
+            <configuration>
+              <rules>
+                <RequireUpperBoundDeps/>
+              </rules>
+            </configuration>
+            <goals>
+              <goal>enforce</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+</project>

From 66ed10550b901a07ba72ff83c7dc31c4648116db Mon Sep 17 00:00:00 2001
From: Rick Ossendrijver <rick.ossendrijver@gmail.com>
Date: Mon, 6 Feb 2023 08:27:09 +0100
Subject: [PATCH 2/4] Fix two typos in `banDynamicVersions.apt.vm`

---
 enforcer-rules/src/site/apt/banDynamicVersions.apt.vm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/enforcer-rules/src/site/apt/banDynamicVersions.apt.vm b/enforcer-rules/src/site/apt/banDynamicVersions.apt.vm
index 44d49f4c..ceea68e3 100644
--- a/enforcer-rules/src/site/apt/banDynamicVersions.apt.vm
+++ b/enforcer-rules/src/site/apt/banDynamicVersions.apt.vm
@@ -25,8 +25,8 @@
 
 Ban Dynamic Versions
 
-  This rule bans dependencies having versions which require resolving (i.e. dynamic versions which might change with each build and require 
-  lookup of {{{https://maven.apache.org/ref/3-LATEST/maven-repository-metadata/repository-metadata.html}repositoy metadata}}). Dynamic versions are either 
+  This rule bans dependencies having versions that require resolving (i.e. dynamic versions which might change with each build and require
+  lookup of {{{https://maven.apache.org/ref/3-LATEST/maven-repository-metadata/repository-metadata.html}repository metadata}}). Dynamic versions are either
   
   * {{{https://maven.apache.org/pom.html#Dependency_Version_Requirement_Specification}version ranges}}, i.e. all version strings starting with either <<<[>>> or <<<(>>>,
   

From 1ec2db7d7d7389b45a4c9115de8844c37b4c99d8 Mon Sep 17 00:00:00 2001
From: Lorenz Pahl <l.pahl@outlook.com>
Date: Fri, 3 Feb 2023 21:50:38 +0100
Subject: [PATCH 3/4] (doc) fix banDynamicVersions example

Name in the "ignores" element's end-tag must match the name in the start-tag.
---
 enforcer-rules/src/site/apt/banDynamicVersions.apt.vm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/enforcer-rules/src/site/apt/banDynamicVersions.apt.vm b/enforcer-rules/src/site/apt/banDynamicVersions.apt.vm
index ceea68e3..48f0040e 100644
--- a/enforcer-rules/src/site/apt/banDynamicVersions.apt.vm
+++ b/enforcer-rules/src/site/apt/banDynamicVersions.apt.vm
@@ -93,7 +93,7 @@ Ban Dynamic Versions
                 <banDynamicVersions>
                   <ignores>
                     <ignore>org.apache.maven</ignore>
-                  </ignore>
+                  </ignores>
                   <allowSnapshots>true</allowSnapshots>
                 </banDynamicVersions>
               </rules>

From 6b62f03644fbcdf95eedb97f64ad17ae5d2b73c5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 24 Feb 2023 16:02:56 +0000
Subject: [PATCH 4/4] Bump apache/maven-gh-actions-shared from 2 to 3

Bumps [apache/maven-gh-actions-shared](https://github.com/apache/maven-gh-actions-shared) from 2 to 3.
- [Release notes](https://github.com/apache/maven-gh-actions-shared/releases)
- [Commits](https://github.com/apache/maven-gh-actions-shared/commits/v3)

---
updated-dependencies:
- dependency-name: apache/maven-gh-actions-shared
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/release-drafter.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index 58e5ee49..b44872cf 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -22,4 +22,4 @@ on:
       - master
 jobs:
    update_release_draft:
-      uses: apache/maven-gh-actions-shared/.github/workflows/release-drafter.yml@v2
+      uses: apache/maven-gh-actions-shared/.github/workflows/release-drafter.yml@v3