Skip to content

Commit 51d8939

Browse files
Fix false positive in analyze-exclusions with transitive dependency exclusion (#1628)
* Add IT for analyze-exclusions with transitive dependency exclusion * Add mock dependencies for analyze-exclusions-gh-1598 tests * Add fix * Use null as root node * restore exclusion in example
1 parent 02b865b commit 51d8939

6 files changed

Lines changed: 215 additions & 4 deletions

File tree

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
Licensed under the Apache License, Version 2.0 (the "License");
4+
you may not use this file except in compliance with the License.
5+
You may obtain a copy of the License at
6+
7+
http://www.apache.org/licenses/LICENSE-2.0
8+
9+
Unless required by applicable law or agreed to in writing, software
10+
distributed under the License is distributed on an "AS IS" BASIS,
11+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
See the License for the specific language governing permissions and
13+
limitations under the License. See accompanying LICENSE file.
14+
-->
15+
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
16+
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
17+
<modelVersion>4.0.0</modelVersion>
18+
<parent>
19+
<groupId>org.apache.maven.its.dependency</groupId>
20+
<artifactId>hadoop-project</artifactId>
21+
<version>1.0.0-test</version>
22+
</parent>
23+
24+
<artifactId>hadoop-client</artifactId>
25+
26+
<dependencies>
27+
<dependency>
28+
<groupId>org.apache.maven.its.dependency</groupId>
29+
<artifactId>hadoop-common</artifactId>
30+
<exclusions>
31+
<exclusion>
32+
<groupId>org.slf4j</groupId>
33+
<artifactId>slf4j-log4j12</artifactId>
34+
</exclusion>
35+
</exclusions>
36+
</dependency>
37+
</dependencies>
38+
</project>
39+
Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
Licensed under the Apache License, Version 2.0 (the "License");
4+
you may not use this file except in compliance with the License.
5+
You may obtain a copy of the License at
6+
7+
http://www.apache.org/licenses/LICENSE-2.0
8+
9+
Unless required by applicable law or agreed to in writing, software
10+
distributed under the License is distributed on an "AS IS" BASIS,
11+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
See the License for the specific language governing permissions and
13+
limitations under the License. See accompanying LICENSE file.
14+
-->
15+
<project xmlns="http://maven.apache.org/POM/4.0.0"
16+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
17+
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
18+
https://maven.apache.org/xsd/maven-4.0.0.xsd">
19+
<modelVersion>4.0.0</modelVersion>
20+
<parent>
21+
<groupId>org.apache.maven.its.dependency</groupId>
22+
<artifactId>hadoop-project</artifactId>
23+
<version>1.0.0-test</version>
24+
</parent>
25+
26+
<artifactId>hadoop-common</artifactId>
27+
28+
<dependencies>
29+
<dependency>
30+
<groupId>org.slf4j</groupId>
31+
<artifactId>slf4j-reload4j</artifactId>
32+
</dependency>
33+
</dependencies>
34+
</project>
35+
Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
Licensed under the Apache License, Version 2.0 (the "License");
4+
you may not use this file except in compliance with the License.
5+
You may obtain a copy of the License at
6+
7+
http://www.apache.org/licenses/LICENSE-2.0
8+
9+
Unless required by applicable law or agreed to in writing, software
10+
distributed under the License is distributed on an "AS IS" BASIS,
11+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
See the License for the specific language governing permissions and
13+
limitations under the License. See accompanying LICENSE file.
14+
-->
15+
<project xmlns="http://maven.apache.org/POM/4.0.0"
16+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
17+
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
18+
https://maven.apache.org/xsd/maven-4.0.0.xsd">
19+
<modelVersion>4.0.0</modelVersion>
20+
<groupId>org.apache.maven.its.dependency</groupId>
21+
<artifactId>hadoop-project</artifactId>
22+
<version>1.0.0-test</version>
23+
<description>Apache Hadoop Project POM</description>
24+
<name>Apache Hadoop Project POM</name>
25+
<packaging>pom</packaging>
26+
<inceptionYear>2008</inceptionYear>
27+
28+
<dependencyManagement>
29+
<dependencies>
30+
<dependency>
31+
<groupId>org.apache.maven.its.dependency</groupId>
32+
<artifactId>hadoop-common</artifactId>
33+
<version>1.0.0-test</version>
34+
<exclusions>
35+
<exclusion>
36+
<groupId>org.slf4j</groupId>
37+
<artifactId>slf4j-reload4j</artifactId>
38+
</exclusion>
39+
</exclusions>
40+
</dependency>
41+
42+
<dependency>
43+
<groupId>org.slf4j</groupId>
44+
<artifactId>slf4j-reload4j</artifactId>
45+
<version>1.7.36</version>
46+
</dependency>
47+
</dependencies>
48+
</dependencyManagement>
49+
50+
</project>
Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
# Licensed to the Apache Software Foundation (ASF) under one
2+
# or more contributor license agreements. See the NOTICE file
3+
# distributed with this work for additional information
4+
# regarding copyright ownership. The ASF licenses this file
5+
# to you under the Apache License, Version 2.0 (the
6+
# "License"); you may not use this file except in compliance
7+
# with the License. You may obtain a copy of the License at
8+
#
9+
# http://www.apache.org/licenses/LICENSE-2.0
10+
#
11+
# Unless required by applicable law or agreed to in writing,
12+
# software distributed under the License is distributed on an
13+
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14+
# KIND, either express or implied. See the License for the
15+
# specific language governing permissions and limitations
16+
# under the License.
17+
18+
invoker.goals = ${project.groupId}:${project.artifactId}:${project.version}:analyze-exclusions -Dmdep.exclusion.fail=true
19+
invoker.maven.version = !4.0.0+
Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
~ Licensed to the Apache Software Foundation (ASF) under one
4+
~ or more contributor license agreements. See the NOTICE file
5+
~ distributed with this work for additional information
6+
~ regarding copyright ownership. The ASF licenses this file
7+
~ to you under the Apache License, Version 2.0 (the
8+
~ "License"); you may not use this file except in compliance
9+
~ with the License. You may obtain a copy of the License at
10+
~
11+
~ http://www.apache.org/licenses/LICENSE-2.0
12+
~
13+
~ Unless required by applicable law or agreed to in writing,
14+
~ software distributed under the License is distributed on an
15+
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16+
~ KIND, either express or implied. See the License for the
17+
~ specific language governing permissions and limitations
18+
~ under the License.
19+
-->
20+
21+
<project xmlns="http://maven.apache.org/POM/4.0.0"
22+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
23+
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
24+
<modelVersion>4.0.0</modelVersion>
25+
26+
<groupId>org.apache.maven.its.dependency</groupId>
27+
<artifactId>test</artifactId>
28+
<version>1.0-SNAPSHOT</version>
29+
30+
<description>
31+
Test dependency:analyze-exclusion with exclude which is also excluded by dependencyManagement in transitive dependency
32+
https://central.sonatype.com/artifact/org.apache.hadoop/hadoop-project/3.4.3
33+
Should be ok with Maven 3.x
34+
</description>
35+
36+
<url>https://github.com/apache/maven-dependency-plugin/issues/1598</url>
37+
38+
<properties>
39+
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
40+
</properties>
41+
42+
<dependencies>
43+
<dependency>
44+
<groupId>org.apache.maven.its.dependency</groupId>
45+
<artifactId>hadoop-client</artifactId>
46+
<version>1.0.0-test</version>
47+
<exclusions>
48+
<exclusion>
49+
<groupId>org.slf4j</groupId>
50+
<artifactId>slf4j-reload4j</artifactId>
51+
</exclusion>
52+
</exclusions>
53+
</dependency>
54+
</dependencies>
55+
56+
<build>
57+
<pluginManagement>
58+
<plugins>
59+
<plugin>
60+
<artifactId>maven-dependency-plugin</artifactId>
61+
<version>@project.version@</version>
62+
</plugin>
63+
</plugins>
64+
</pluginManagement>
65+
</build>
66+
</project>

src/main/java/org/apache/maven/plugins/dependency/utils/ResolverUtil.java

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -82,15 +82,17 @@ public ResolverUtil(RepositorySystem repositorySystem, Provider<MavenSession> ma
8282
/**
8383
* Collects the transitive dependencies.
8484
*
85-
* @param root a root dependency for collections
86-
* @return a resolved dependencies collections
85+
* @param dependency a dependency for collections
86+
* @return a resolved dependencies collection
8787
*/
88-
public Collection<Dependency> collectDependencies(Dependency root) throws DependencyCollectionException {
88+
public Collection<Dependency> collectDependencies(Dependency dependency) throws DependencyCollectionException {
8989

9090
MavenSession session = mavenSessionProvider.get();
9191

9292
CollectRequest request =
93-
new CollectRequest(root, session.getCurrentProject().getRemoteProjectRepositories());
93+
new CollectRequest(null, session.getCurrentProject().getRemoteProjectRepositories());
94+
request.addDependency(dependency);
95+
9496
CollectResult result = repositorySystem.collectDependencies(session.getRepositorySession(), request);
9597

9698
PreorderNodeListGenerator nodeListGenerator = new PreorderNodeListGenerator();

0 commit comments

Comments
 (0)