You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by jv...@apache.org on 2015/05/01 03:48:34 UTC
maven git commit: MNG-5818: Disallow the programmatic injection of
project dependencies
Repository: maven
Updated Branches:
refs/heads/master 1d148be82 -> 4567c8319
MNG-5818: Disallow the programmatic injection of project dependencies
The first step here is deprecating the publicly accessible method that allows
plugins to inject dependencies. The only plugin I currently know of that does
this is the cobertura-maven-plugin. Looking at that plugin it appears the user
can specify the cobertura dependency for the instrumentation process but if
they do not the plugin attempts to inject the dependency. I believe the path
forward here is making sure these types of plugins instruct their users to
add the dependency explicitly.
I'm going to try and create a call-graph for all of Maven Central with my
first test to see if I can accurately detect all usages of MavenProject.setDependencyArtifacts
of artifact in Maven Central.
Project: http://git-wip-us.apache.org/repos/asf/maven/repo
Commit: http://git-wip-us.apache.org/repos/asf/maven/commit/4567c831
Tree: http://git-wip-us.apache.org/repos/asf/maven/tree/4567c831
Diff: http://git-wip-us.apache.org/repos/asf/maven/diff/4567c831
Branch: refs/heads/master
Commit: 4567c8319e95d58e258e9a8c2067ed9bbe01b58e
Parents: 1d148be
Author: Jason van Zyl <ja...@tesla.io>
Authored: Thu Apr 30 21:39:28 2015 -0400
Committer: Jason van Zyl <ja...@tesla.io>
Committed: Thu Apr 30 21:39:28 2015 -0400
----------------------------------------------------------------------
.../src/main/java/org/apache/maven/project/MavenProject.java | 2 ++
1 file changed, 2 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/maven/blob/4567c831/maven-core/src/main/java/org/apache/maven/project/MavenProject.java
----------------------------------------------------------------------
diff --git a/maven-core/src/main/java/org/apache/maven/project/MavenProject.java b/maven-core/src/main/java/org/apache/maven/project/MavenProject.java
index 8587a5c..32fcae1 100644
--- a/maven-core/src/main/java/org/apache/maven/project/MavenProject.java
+++ b/maven-core/src/main/java/org/apache/maven/project/MavenProject.java
@@ -995,11 +995,13 @@ public class MavenProject
* @return {@link Set} < {@link Artifact} >
* @see #getArtifacts() to get all transitive dependencies
*/
+ @Deprecated
public Set<Artifact> getDependencyArtifacts()
{
return dependencyArtifacts;
}
+ @Deprecated
public void setDependencyArtifacts( Set<Artifact> dependencyArtifacts )
{
this.dependencyArtifacts = dependencyArtifacts;