Skip to content

Commit f476b6d

Browse files
committed
fix: resolve overridden plugin dependencies correctly (#8570)
1 parent 3cfebef commit f476b6d

1 file changed

Lines changed: 9 additions & 0 deletions

File tree

maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@
3434
import org.apache.maven.doxia.sink.Sink;
3535
import org.apache.maven.execution.MavenSession;
3636
import org.apache.maven.model.License;
37+
import org.apache.maven.model.Plugin;
3738
import org.apache.maven.plugin.AbstractMojo;
3839
import org.apache.maven.plugin.MojoExecution;
3940
import org.apache.maven.plugin.MojoExecutionException;
@@ -1546,6 +1547,14 @@ protected Set<Artifact> resolveArtifactDependencies(final org.eclipse.aether.art
15461547
collectRequest.setRoot(new org.eclipse.aether.graph.Dependency(rootArtifact, null));
15471548
collectRequest.setRepositories(project.getRemoteProjectRepositories());
15481549

1550+
final Plugin projectPlugin = project.getPlugin(rootArtifact.getGroupId() + ":" + rootArtifact.getArtifactId());
1551+
1552+
if (projectPlugin != null) {
1553+
for (org.apache.maven.model.Dependency dep : projectPlugin.getDependencies()) {
1554+
collectRequest.addDependency(RepositoryUtils.toDependency(dep, session.getRepositorySession().getArtifactTypeRegistry()));
1555+
}
1556+
}
1557+
15491558
final DependencyResult dependencyResult = repoSystem.resolveDependencies(
15501559
session.getRepositorySession(), new DependencyRequest(collectRequest, null));
15511560

0 commit comments

Comments
 (0)