[
https://issues.apache.org/jira/browse/MPMD-384?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov closed MPMD-384.
-------------------------------
Resolution: Fixed
Fixed with
[96e5079d50dcb719a2fde687835d5e5c0989c174|https://gitbox.apache.org/repos/asf?p=maven-pmd-plugin.git;a=commit;h=96e5079d50dcb719a2fde687835d5e5c0989c174].
> maven-pmd-plugin is dowloading transitive dependencies of unmanaged version
> ---------------------------------------------------------------------------
>
> Key: MPMD-384
> URL: https://issues.apache.org/jira/browse/MPMD-384
> Project: Maven PMD Plugin
> Issue Type: Bug
> Components: PMD
> Affects Versions: 3.15.0, 3.16.0, 3.17.0, 3.18.0, 3.19.0, 3.20.0, 3.21.0
> Reporter: wei cai
> Assignee: Michael Osipov
> Priority: Major
> Fix For: 3.21.1
>
>
> The app pom introduces A:1.0-RELEASE, and this artifact A has transitive
> dependency B:0.12.0-SNAPSHOT. In app pom, we manage B as version
> 0.13.0-RELEASE.
> When the pmd:3.15.0 and above is being executed, it will resolve
> dependencies, and somehow the B:0.12.0-SNAPSHOT is resolved as a dependency
> instead of B:0.13.0-RELEASE.
> This is not only downloading wrong version, but also means lots of transitive
> dependencies with unmanaged version will be always downloaded (if not in
> cache) causing build slowness. Especially when we are using BF option:
> -Daether.dependencyCollector.impl=bf, this algorithm will skip downloading
> poms of for conflict losers, but maven-pmd-plugin (having this bug) again
> downloads those skipped ones.
> More details about BF:
> https://issues.apache.org/jira/browse/MRESOLVER-324
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
