cstamas opened a new pull request, #12327: URL: https://github.com/apache/maven/pull/12327
This PR aligns classpath ordering with Maven 4 (level order). All Maven 2/3 versions released so far has "pre-order" flattening (historical reasons, Maven 2 did it like that). Maven 3.10.0 switches to Resolver 2, where resolver exposes flattening configuration too, and defaults to safer "level order", preventing issues like described here https://arxiv.org/abs/2407.18760v3 For resolver configuration, see configuration key `aether.system.dependencyVisitor` in https://maven.apache.org/resolver/configuration.html If _full Maven 3 behaviour needed_, user can simply set `-Daether.system.dependencyVisitor=preOrder` and it restores CP ordering to that used in Maven 3.9 and older. This PR changes: * remove scattered "flattening" happening in multiple spots in Maven, it is (and in fact was, but result was thrown away) fully delegating to Resolver. * simplify spots that was doing repeated pre-order flattening (which already happened in plugin dependencies resolver, but result was thrown away. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
