Skip to content

[MPMD-384] maven-pmd-plugin is dowloading transitive dependencies of unmanaged version #352

New issue
New issue
Closed
Closed
[MPMD-384] maven-pmd-plugin is dowloading transitive dependencies of unmanaged version#352
Assignees
michael-o
Labels
bugSomething isn't workingpriority:majorMajor loss of function
Milestone
3.21.2
@jira-importer

Description

@jira-importer
jira-importer
opened on Aug 4, 2023

wei cai opened MPMD-384 and commented

The app pom introduces A:1.0-RELEASE, and this artifact A has transitive dependency B:0.12.0-SNAPSHOT. In app pom, we manage B as version 0.13.0-RELEASE.

When the pmd:3.15.0 and above is being executed, it will resolve dependencies, and somehow the B:0.12.0-SNAPSHOT is resolved as a dependency instead of  B:0.13.0-RELEASE.

This is not only downloading wrong version, but also means lots of transitive dependencies with unmanaged version will be always downloaded (if not in cache) causing build slowness. Especially when we are using BF option: -Daether.dependencyCollector.impl=bf, this algorithm will skip downloading poms of for conflict losers, but maven-pmd-plugin (having this bug) again downloads those skipped ones.

More details about BF:
https://issues.apache.org/jira/browse/MRESOLVER-324

Affects: 3.15.0, 3.16.0, 3.17.0, 3.18.0, 3.19.0, 3.20.0, 3.21.0

Remote Links:

Backported to: 3.21.1

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingpriority:majorMajor loss of function

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions