[
https://issues.apache.org/jira/browse/MPMD-384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17751060#comment-17751060
]
ASF GitHub Bot commented on MPMD-384:
-------------------------------------
caiwei-ebay opened a new pull request, #135:
URL: https://github.com/apache/maven-pmd-plugin/pull/135
… unmanaged version
Following this checklist to help us incorporate your
contribution quickly and easily:
- [ ] Make sure there is a [JIRA
issue](https://issues.apache.org/jira/browse/MPMD) filed
for the change (usually before you start working on it). Trivial
changes like typos do not
require a JIRA issue. Your pull request should address just this
issue, without
pulling in other changes.
- [ ] Each commit in the pull request should have a meaningful subject line
and body.
- [ ] Format the pull request title like `[MPMD-XXX] - Subject of the JIRA
Ticket`,
where you replace `MPMD-XXX` with the appropriate JIRA issue. Best
practice
is to use the JIRA issue title in the pull request title and in the
first line of the
commit message.
- [ ] Write a pull request description that is detailed enough to
understand what the pull request does, how, and why.
- [ ] Run `mvn clean verify` to make sure basic checks pass. A more
thorough check will
be performed on your pull request automatically.
- [ ] You have run the integration tests successfully (`mvn -Prun-its clean
verify`).
If your pull request is about ~20 lines of code you don't need to sign an
[Individual Contributor License
Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure
please ask on the developers list.
To make clear that you license your contribution under
the [Apache License Version 2.0, January
2004](http://www.apache.org/licenses/LICENSE-2.0)
you have to acknowledge this by using the following check-box.
- [ ] I hereby declare this contribution to be licenced under the [Apache
License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
- [ ] In any other case, please file an [Apache Individual Contributor
License Agreement](https://www.apache.org/licenses/icla.pdf).
> maven-pmd-plugin is dowloading transitive dependencies of unmanaged version
> ---------------------------------------------------------------------------
>
> Key: MPMD-384
> URL: https://issues.apache.org/jira/browse/MPMD-384
> Project: Maven PMD Plugin
> Issue Type: Bug
> Components: PMD
> Affects Versions: 3.15.0, 3.16.0, 3.17.0, 3.18.0, 3.19.0, 3.20.0, 3.21.0
> Reporter: wei cai
> Priority: Major
>
> The app pom introduces A:1.0-RELEASE, and this artifact A has transitive
> dependency B{*}:0.12.0-SNAPSHOT.{*} In app pom, we manage B as version
> 0.13.0-RELEASE.
> When the *pmd:3.15.0* and above is being executed, it will resolve
> dependencies, and somehow the B{*}:0.12.0-SNAPSHOT{*} is resolved as a
> dependency instead of B{*}:0.13.0-RELEASE.{*}
> This means lots of transitive dependencies with unmanaged version will be
> downloaded.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
