sanjana2505006 opened a new pull request, #15341: URL: https://github.com/apache/grails-core/pull/15341
This PR introduces the **Dependency Analysis Gradle Plugin (DAGP)** to the build system to identify and guard against duplicate classes. This addresses the security risks associated with "Maven-Hijack" type attacks and helps ensure deterministic runtime behavior by preventing multiple dependencies from providing the same fully qualified class names. # Key Changes: - Applied the `com.autonomousapps.dependency-analysis` plugin (v3.5.1) to the root project. - Enabled the plugin specifically for the `:grails-core` module to provide a targetted security guard for the main codebase. - Configured global issue severity to `fail` in the `dependencyAnalysis` block to ensure any detected duplicates break the build. Verification: Ran `./gradlew :grails-core:projectHealth`, which successfully caught an existing duplicate class conflict in the `:grails-core` module (between `jcl-over-slf4j` and `spring-jcl`). This confirms the guard is active and effective. This PR fixes #15329 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
