maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] jglick opened a new pull request #32: [MENFORCER-298] Ensure bannedDependencies does not corrupt the classpath when using timestamped snapshots
Date Mon, 05 Mar 2018 20:32:59 GMT
jglick opened a new pull request #32: [MENFORCER-298] Ensure bannedDependencies does not corrupt
the classpath when using timestamped snapshots
URL: https://github.com/apache/maven-enforcer/pull/32
 
 
   See background in [MENFORCER-298](https://issues.apache.org/jira/browse/MENFORCER-298).
   
   This patch is confirmed to fix the problem on the originally discovered test case. It does
not purport to fix problems when using
   
   ```xml
   <searchTransitive>false</searchTransitive>
   ```
   
   nor with other calls to `buildDependencyGraph`, notably from `banTransitiveDependencies`
or `banCircularDependencies` in `extra-enforcer-rules`. Those _might_ be fixable using `MavenProject.getDependencyArtifacts`
and/or `Artifact.getDependencyTrail`.
   
   I attempted to write an IT to reproduce the bug but failed: `mrm-maven-plugin` refused
to serve the snapshot JAR artifacts needed for my test even though I tried placing them, along
with POMs and `maven-metadata.xml`, in `maven-enforcer-plugin/src/it/mrm/repository/` using
   
   * a flat directory structure, as in current ITs in this repo
   * an unpacked JAR format-2 layout as the [mrm documentation seems to suggest](http://www.mojohaus.org/mrm/mrm-maven-plugin/examples/invoker-tests.html)
   * same, but with prepacked JARs, as `maven-integration-testing` does
   
   I just copied the basic test setup from `MavenITmng4189UniqueVersionSnapshotTest` with
minor modifications. If anyone is interested I can file a PR showing my attempt.
   
   @stephenc suggested that my simple call to `MavenProject.getArtifacts` might have some
undesirable side effects relating to overeager download of dependencies. Whatever the case,
my patch does not regress any of the existing unit or integration tests.
   
   @reviewbybees for my colleagues

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message