maven-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject maven git commit: MNG-5818: Disallow the programmatic injection of project dependencies
Date Fri, 01 May 2015 01:48:34 GMT
Repository: maven
Updated Branches:
  refs/heads/master 1d148be82 -> 4567c8319

MNG-5818: Disallow the programmatic injection of project dependencies

The first step here is deprecating the publicly accessible method that allows
plugins to inject dependencies. The only plugin I currently know of that does
this is the cobertura-maven-plugin. Looking at that plugin it appears the user
can specify the cobertura dependency for the instrumentation process but if
they do not the plugin attempts to inject the dependency. I believe the path
forward here is making sure these types of plugins instruct their users to
add the dependency explicitly.

I'm going to try and create a call-graph for all of Maven Central with my
first test to see if I can accurately detect all usages of MavenProject.setDependencyArtifacts
of artifact in Maven Central.


Branch: refs/heads/master
Commit: 4567c8319e95d58e258e9a8c2067ed9bbe01b58e
Parents: 1d148be
Author: Jason van Zyl <>
Authored: Thu Apr 30 21:39:28 2015 -0400
Committer: Jason van Zyl <>
Committed: Thu Apr 30 21:39:28 2015 -0400

 .../src/main/java/org/apache/maven/project/       | 2 ++
 1 file changed, 2 insertions(+)
diff --git a/maven-core/src/main/java/org/apache/maven/project/ b/maven-core/src/main/java/org/apache/maven/project/
index 8587a5c..32fcae1 100644
--- a/maven-core/src/main/java/org/apache/maven/project/
+++ b/maven-core/src/main/java/org/apache/maven/project/
@@ -995,11 +995,13 @@ public class MavenProject
      * @return {@link Set} &lt; {@link Artifact} >
      * @see #getArtifacts() to get all transitive dependencies
+    @Deprecated
     public Set<Artifact> getDependencyArtifacts()
         return dependencyArtifacts;
+    @Deprecated
     public void setDependencyArtifacts( Set<Artifact> dependencyArtifacts )
         this.dependencyArtifacts = dependencyArtifacts;

View raw message