You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by jv...@apache.org on 2015/05/01 03:48:34 UTC

maven git commit: MNG-5818: Disallow the programmatic injection of project dependencies

Repository: maven
Updated Branches:
  refs/heads/master 1d148be82 -> 4567c8319


MNG-5818: Disallow the programmatic injection of project dependencies

The first step here is deprecating the publicly accessible method that allows
plugins to inject dependencies. The only plugin I currently know of that does
this is the cobertura-maven-plugin. Looking at that plugin it appears the user
can specify the cobertura dependency for the instrumentation process but if
they do not the plugin attempts to inject the dependency. I believe the path
forward here is making sure these types of plugins instruct their users to
add the dependency explicitly.

I'm going to try and create a call-graph for all of Maven Central with my
first test to see if I can accurately detect all usages of MavenProject.setDependencyArtifacts
of artifact in Maven Central.


Project: http://git-wip-us.apache.org/repos/asf/maven/repo
Commit: http://git-wip-us.apache.org/repos/asf/maven/commit/4567c831
Tree: http://git-wip-us.apache.org/repos/asf/maven/tree/4567c831
Diff: http://git-wip-us.apache.org/repos/asf/maven/diff/4567c831

Branch: refs/heads/master
Commit: 4567c8319e95d58e258e9a8c2067ed9bbe01b58e
Parents: 1d148be
Author: Jason van Zyl <ja...@tesla.io>
Authored: Thu Apr 30 21:39:28 2015 -0400
Committer: Jason van Zyl <ja...@tesla.io>
Committed: Thu Apr 30 21:39:28 2015 -0400

----------------------------------------------------------------------
 .../src/main/java/org/apache/maven/project/MavenProject.java       | 2 ++
 1 file changed, 2 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/maven/blob/4567c831/maven-core/src/main/java/org/apache/maven/project/MavenProject.java
----------------------------------------------------------------------
diff --git a/maven-core/src/main/java/org/apache/maven/project/MavenProject.java b/maven-core/src/main/java/org/apache/maven/project/MavenProject.java
index 8587a5c..32fcae1 100644
--- a/maven-core/src/main/java/org/apache/maven/project/MavenProject.java
+++ b/maven-core/src/main/java/org/apache/maven/project/MavenProject.java
@@ -995,11 +995,13 @@ public class MavenProject
      * @return {@link Set} &lt; {@link Artifact} >
      * @see #getArtifacts() to get all transitive dependencies
      */
+    @Deprecated
     public Set<Artifact> getDependencyArtifacts()
     {
         return dependencyArtifacts;
     }
 
+    @Deprecated
     public void setDependencyArtifacts( Set<Artifact> dependencyArtifacts )
     {
         this.dependencyArtifacts = dependencyArtifacts;