[
https://issues.apache.org/jira/browse/MNG-7789?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17725458#comment-17725458
]
ASF GitHub Bot commented on MNG-7789:
-------------------------------------
cstamas commented on code in PR #1115:
URL: https://github.com/apache/maven/pull/1115#discussion_r1202517112
##########
maven-core/src/main/java/org/apache/maven/plugin/internal/DefaultPluginDependenciesResolver.java:
##########
@@ -109,34 +110,8 @@ public Artifact resolve(Plugin plugin,
List<RemoteRepository> repositories, Repo
request.setTrace(trace);
ArtifactDescriptorResult result =
repoSystem.readArtifactDescriptor(pluginSession, request);
- if (result.getDependencies() != null) {
- for (org.eclipse.aether.graph.Dependency dependency :
result.getDependencies()) {
- if
("org.apache.maven".equals(dependency.getArtifact().getGroupId())
- &&
"maven-compat".equals(dependency.getArtifact().getArtifactId())
- && !JavaScopes.TEST.equals(dependency.getScope()))
{
- pluginValidationManager.reportPluginValidationIssue(
- session,
- pluginArtifact,
- "Plugin depends on the deprecated Maven 2.x
compatibility layer, which may not be supported in Maven 4.x");
- }
- }
-
- Set<String> mavenArtifacts = result.getDependencies().stream()
- .filter(d -> !JavaScopes.PROVIDED.equals(d.getScope())
&& !JavaScopes.TEST.equals(d.getScope()))
- .map(org.eclipse.aether.graph.Dependency::getArtifact)
- .filter(a -> "org.apache.maven".equals(a.getGroupId()))
- .filter(a ->
!MavenPluginDependenciesValidator.EXPECTED_PROVIDED_SCOPE_EXCLUSIONS_GA.contains(
- a.getGroupId() + ":" + a.getArtifactId()))
- .filter(a -> a.getVersion().startsWith("3."))
- .map(a -> a.getGroupId() + ":" + a.getArtifactId() +
":" + a.getVersion())
- .collect(Collectors.toSet());
-
- if (!mavenArtifacts.isEmpty()) {
- pluginValidationManager.reportPluginValidationIssue(
- session,
- pluginArtifact,
- "Plugin should declare these Maven artifacts in
`provided` scope: " + mavenArtifacts);
- }
+ for (MavenPluginDependenciesValidator dependenciesValidator :
dependenciesValidators) {
+ dependenciesValidator.validate(session, pluginArtifact,
result);
Review Comment:
@slawekjaranowski unsure what dependency plugin uses to display tree, but
(to me) it seems it lacks information. Here is the 'verbose" tree that current
resolver emits (in verbose mode): Don't be mislead by war version, as there is
java snippet as well, I manipulate war POM BEFORE collect (basically making
maven-core dep provided in war 3.3.2.
My point is, that "enhanced" DependencyGraphDumper (since 1.9.8) prints out
extra info (more than dep plugin).
This is the "verbose" (and dirty) tree as there was no graph transformation
applied). The fact that line has `(xxx)` at ends, means that node **is
eliminated**, but is left for verbosity.
So we may want to look into here, but IMHO there is no "two sources" and the
dep-tree seems to lack information...
edit: the mising gist
https://gist.github.com/cstamas/ff2c22c8c3289991f5d3b5863bc6a4bd
> Plugin Dependency Validations use wrong data set
> ------------------------------------------------
>
> Key: MNG-7789
> URL: https://issues.apache.org/jira/browse/MNG-7789
> Project: Maven
> Issue Type: Improvement
> Components: Plugins and Lifecycle
> Affects Versions: 3.9.2
> Reporter: Tamas Cservenak
> Assignee: Tamas Cservenak
> Priority: Major
> Fix For: 3.9.3, 4.0.0-alpha-6, 4.0.0
>
>
> They all use pluginDescriptor/dependencies, that are NOT used to calculate
> plugin dependencies, POM is. Except for one new check (the one added in
> MNG-7786) the others should be refactored to use POM instead.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
