gnodet opened a new pull request, #12350: URL: https://github.com/apache/maven/pull/12350
## Summary - Fix mvnup injecting spurious `<pluginManagement>` entries for plugins inherited from remote parent POMs that the project does not control - Collect locally declared plugin keys and skip effective model plugins not in local POMs - Plugins declared locally (even without version) are still eligible for upgrade Fixes #11606 ## Details When mvnup runs on a project like httpcomponents-client (which inherits from `httpcomponents-parent:14`), it was injecting pluginManagement entries for 4 plugins (`maven-remote-resources-plugin`, `maven-surefire-plugin`, `maven-failsafe-plugin`, `maven-shade-plugin`) even though they were only defined in the remote parent POM. After this fix, only plugins that are actually declared in the local project's POMs (in `build/plugins` or `build/pluginManagement/plugins`) are considered for effective model-based upgrades. Plugins that appear only through remote parent inheritance are skipped. ## Test plan - [x] Updated existing tests to verify no injection for remote-parent-only plugins - [x] Added new test: locally declared plugin without version still gets pluginManagement injection - [x] All 421 maven-cli tests pass - [x] Verified reproducer: httpcomponents-client no longer gets 3 spurious plugins injected 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
