[
https://issues.apache.org/jira/browse/MPMD-384?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
wei cai updated MPMD-384:
-------------------------
Description:
The app pom introduces A:1.0-RELEASE, and this artifact A has transitive
dependency B:0.12.0-SNAPSHOT. In app pom, we manage B as version 0.13.0-RELEASE.
When the pmd:3.15.0 and above is being executed, it will resolve dependencies,
and somehow the B:0.12.0-SNAPSHOT is resolved as a dependency instead of
B:0.13.0-RELEASE.
This is not only downloading wrong version, but also means lots of transitive
dependencies with unmanaged version will be always downloaded (if not in cache)
causing build slowness. Especially when we are using BF option:
-Daether.dependencyCollector.impl=bf, this algorithm will skip downloading poms
of for conflict losers, but maven-pmd-plugin (having this bug) again downloads
those skipped ones.
More details about BF:
https://issues.apache.org/jira/browse/MRESOLVER-324
was:
The app pom introduces A:1.0-RELEASE, and this artifact A has transitive
dependency B:0.12.0-SNAPSHOT. In app pom, we manage B as version 0.13.0-RELEASE.
When the pmd:3.15.0 and above is being executed, it will resolve dependencies,
and somehow the B:0.12.0-SNAPSHOT is resolved as a dependency instead of
B:0.13.0-RELEASE.
This means lots of transitive dependencies with unmanaged version will be
always downloaded (if not in cache) causing build slowness when we are using BF
option: -Daether.dependencyCollector.impl=bf.
More details about BF:
https://issues.apache.org/jira/browse/MRESOLVER-324
> maven-pmd-plugin is dowloading transitive dependencies of unmanaged version
> ---------------------------------------------------------------------------
>
> Key: MPMD-384
> URL: https://issues.apache.org/jira/browse/MPMD-384
> Project: Maven PMD Plugin
> Issue Type: Bug
> Components: PMD
> Affects Versions: 3.15.0, 3.16.0, 3.17.0, 3.18.0, 3.19.0, 3.20.0, 3.21.0
> Reporter: wei cai
> Priority: Major
>
> The app pom introduces A:1.0-RELEASE, and this artifact A has transitive
> dependency B:0.12.0-SNAPSHOT. In app pom, we manage B as version
> 0.13.0-RELEASE.
> When the pmd:3.15.0 and above is being executed, it will resolve
> dependencies, and somehow the B:0.12.0-SNAPSHOT is resolved as a dependency
> instead of B:0.13.0-RELEASE.
> This is not only downloading wrong version, but also means lots of transitive
> dependencies with unmanaged version will be always downloaded (if not in
> cache) causing build slowness. Especially when we are using BF option:
> -Daether.dependencyCollector.impl=bf, this algorithm will skip downloading
> poms of for conflict losers, but maven-pmd-plugin (having this bug) again
> downloads those skipped ones.
> More details about BF:
> https://issues.apache.org/jira/browse/MRESOLVER-324
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
