[
https://issues.apache.org/jira/browse/MNG-7789?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17725305#comment-17725305
]
ASF GitHub Bot commented on MNG-7789:
-------------------------------------
slawekjaranowski commented on code in PR #1115:
URL: https://github.com/apache/maven/pull/1115#discussion_r1201865643
##########
maven-core/src/main/java/org/apache/maven/plugin/internal/DefaultPluginDependenciesResolver.java:
##########
@@ -109,34 +110,8 @@ public Artifact resolve(Plugin plugin,
List<RemoteRepository> repositories, Repo
request.setTrace(trace);
ArtifactDescriptorResult result =
repoSystem.readArtifactDescriptor(pluginSession, request);
- if (result.getDependencies() != null) {
- for (org.eclipse.aether.graph.Dependency dependency :
result.getDependencies()) {
- if
("org.apache.maven".equals(dependency.getArtifact().getGroupId())
- &&
"maven-compat".equals(dependency.getArtifact().getArtifactId())
- && !JavaScopes.TEST.equals(dependency.getScope()))
{
- pluginValidationManager.reportPluginValidationIssue(
- session,
- pluginArtifact,
- "Plugin depends on the deprecated Maven 2.x
compatibility layer, which may not be supported in Maven 4.x");
- }
- }
-
- Set<String> mavenArtifacts = result.getDependencies().stream()
- .filter(d -> !JavaScopes.PROVIDED.equals(d.getScope())
&& !JavaScopes.TEST.equals(d.getScope()))
- .map(org.eclipse.aether.graph.Dependency::getArtifact)
- .filter(a -> "org.apache.maven".equals(a.getGroupId()))
- .filter(a ->
!MavenPluginDependenciesValidator.EXPECTED_PROVIDED_SCOPE_EXCLUSIONS_GA.contains(
- a.getGroupId() + ":" + a.getArtifactId()))
- .filter(a -> a.getVersion().startsWith("3."))
- .map(a -> a.getGroupId() + ":" + a.getArtifactId() +
":" + a.getVersion())
- .collect(Collectors.toSet());
-
- if (!mavenArtifacts.isEmpty()) {
- pluginValidationManager.reportPluginValidationIssue(
- session,
- pluginArtifact,
- "Plugin should declare these Maven artifacts in
`provided` scope: " + mavenArtifacts);
- }
+ for (MavenPluginDependenciesValidator dependenciesValidator :
dependenciesValidators) {
+ dependenciesValidator.validate(session, pluginArtifact,
result);
Review Comment:
Not every artifacts is excluded, pleas look:
https://gist.github.com/slawekjaranowski/c65612fca4094ec8a2d09c6db3b8f78a
like this:
```
[DEBUG] Populating class realm
plugin>org.apache.maven.plugins:maven-war-plugin:3.4.0-SNAPSHOT
...
[DEBUG] Included: org.sonatype.sisu:sisu-inject-bean:jar:1.4.2
[DEBUG] Included: org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7
[DEBUG] Included:
org.codehaus.plexus:plexus-component-annotations:jar:1.5.5
[DEBUG] Included: org.sonatype.plexus:plexus-sec-dispatcher:jar:1.3
[DEBUG] Included: org.sonatype.plexus:plexus-cipher:jar:1.4
...
```
> Plugin Dependency Validations use wrong data set
> ------------------------------------------------
>
> Key: MNG-7789
> URL: https://issues.apache.org/jira/browse/MNG-7789
> Project: Maven
> Issue Type: Improvement
> Components: Plugins and Lifecycle
> Affects Versions: 3.9.2
> Reporter: Tamas Cservenak
> Assignee: Tamas Cservenak
> Priority: Major
> Fix For: 3.9.3, 4.0.0-alpha-6, 4.0.0
>
>
> They all use pluginDescriptor/dependencies, that are NOT used to calculate
> plugin dependencies, POM is. Except for one new check (the one added in
> MNG-7786) the others should be refactored to use POM instead.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
