gnodet opened a new pull request, #12309:
URL: https://github.com/apache/maven/pull/12309
Complete the backport of #12084 on `maven-4.0.x`.
## Problem
Importing a BOM whose `dependencyManagement` contains a managed dependency
with an unresolved `${…}` property placeholder (e.g. `${osgi.version}`) causes
an "Invalid Collect Request: null" error, even when that dependency is never
actually used.
The fix from #12084 (`bb28b1748c`) was backported as `2dd2693500`, but the
backport was **incomplete**: on `maven-4.0.x`, the architecture still uses a
separate `ArtifactDescriptorReaderDelegate` class that adds dependencies and
managed dependencies to the `ArtifactDescriptorResult` **without filtering**
for uninterpolated expressions. The post-hoc
`filterUninterpolatedDependencies()` in `DefaultArtifactDescriptorReader` runs
after, but by then the uninterpolated deps have already reached the validator.
Additionally, `DefaultProjectDependenciesResolver` had the same gap —
managed dependencies with uninterpolated expressions were added to the
`CollectRequest` without filtering.
## Fix
- Add inline filtering in
`ArtifactDescriptorReaderDelegate.populateResult()` before
`addDependency()`/`addManagedDependency()` calls
- Add inline filtering in `DefaultProjectDependenciesResolver` before
`addManagedDependency()` calls
- Also filter repositories with uninterpolated IDs/URLs in the delegate
- Add IT `MavenITgh12305InvalidCollectRequestUninterpolatedManagedDepsTest`
that imports a BOM declaring `org.osgi:osgi.core:${osgi.version}` without
defining the property
Fixes #12305
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
