From 3b2a9223d381c18718a3cb8b64bb17cfa724bf72 Mon Sep 17 00:00:00 2001
From: Slawomir Jaranowski <s.jaranowski@gmail.com>
Date: Mon, 18 May 2026 20:02:05 +0200
Subject: [PATCH 1/5] Add IT for analyze-exclusions with transitive dependency
 exclusion

---
 .../invoker.properties                        | 19 ++++++
 .../analyze-exclusions-gh-1598/pom.xml        | 64 +++++++++++++++++++
 2 files changed, 83 insertions(+)
 create mode 100644 src/it/projects/analyze-exclusions-gh-1598/invoker.properties
 create mode 100644 src/it/projects/analyze-exclusions-gh-1598/pom.xml

diff --git a/src/it/projects/analyze-exclusions-gh-1598/invoker.properties b/src/it/projects/analyze-exclusions-gh-1598/invoker.properties
new file mode 100644
index 000000000..70c436ffc
--- /dev/null
+++ b/src/it/projects/analyze-exclusions-gh-1598/invoker.properties
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+# 
+#   http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.goals = ${project.groupId}:${project.artifactId}:${project.version}:analyze-exclusions -Dmdep.exclusion.fail=true
+invoker.maven.version = !4.0.0+
\ No newline at end of file
diff --git a/src/it/projects/analyze-exclusions-gh-1598/pom.xml b/src/it/projects/analyze-exclusions-gh-1598/pom.xml
new file mode 100644
index 000000000..bf815072a
--- /dev/null
+++ b/src/it/projects/analyze-exclusions-gh-1598/pom.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>org.apache.maven.its.dependency</groupId>
+  <artifactId>test</artifactId>
+  <version>1.0-SNAPSHOT</version>
+
+  <description>
+    Test dependency:analyze-exclusion with exclude which is also excluded by dependencyManagement in transitive dependency
+    https://central.sonatype.com/artifact/org.apache.hadoop/hadoop-project/3.4.3
+    Should be ok with Maven 3.x
+  </description>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.hadoop</groupId>
+      <artifactId>hadoop-client</artifactId>
+      <version>3.4.3</version>
+      <exclusions>
+        <exclusion>
+          <groupId>org.slf4j</groupId>
+          <artifactId>slf4j-reload4j</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <pluginManagement>
+      <plugins>
+        <plugin>
+          <artifactId>maven-dependency-plugin</artifactId>
+          <version>@project.version@</version>
+        </plugin>
+      </plugins>
+    </pluginManagement>
+  </build>
+</project>

From c0e481ae411be6bfc63474883a26c364669cf65a Mon Sep 17 00:00:00 2001
From: Slawomir Jaranowski <s.jaranowski@gmail.com>
Date: Tue, 19 May 2026 07:35:52 +0200
Subject: [PATCH 2/5] Add mock dependencies for analyze-exclusions-gh-1598
 tests

---
 .../repository/hadoop-client-1.0.0-test.pom   | 39 +++++++++++++++
 .../repository/hadoop-common-1.0.0-test.pom   | 35 +++++++++++++
 .../repository/hadoop-project-1.0.0-test.pom  | 50 +++++++++++++++++++
 .../analyze-exclusions-gh-1598/pom.xml        |  6 ++-
 4 files changed, 128 insertions(+), 2 deletions(-)
 create mode 100644 src/it/mrm/repository/hadoop-client-1.0.0-test.pom
 create mode 100644 src/it/mrm/repository/hadoop-common-1.0.0-test.pom
 create mode 100644 src/it/mrm/repository/hadoop-project-1.0.0-test.pom

diff --git a/src/it/mrm/repository/hadoop-client-1.0.0-test.pom b/src/it/mrm/repository/hadoop-client-1.0.0-test.pom
new file mode 100644
index 000000000..601ba87a3
--- /dev/null
+++ b/src/it/mrm/repository/hadoop-client-1.0.0-test.pom
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License. See accompanying LICENSE file.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.apache.maven.its.dependency</groupId>
+    <artifactId>hadoop-project</artifactId>
+    <version>1.0.0-test</version>
+  </parent>
+
+  <artifactId>hadoop-client</artifactId>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.maven.its.dependency</groupId>
+      <artifactId>hadoop-common</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>org.slf4j</groupId>
+          <artifactId>slf4j-log4j12</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+  </dependencies>
+</project>
+
diff --git a/src/it/mrm/repository/hadoop-common-1.0.0-test.pom b/src/it/mrm/repository/hadoop-common-1.0.0-test.pom
new file mode 100644
index 000000000..552b232e6
--- /dev/null
+++ b/src/it/mrm/repository/hadoop-common-1.0.0-test.pom
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License. See accompanying LICENSE file.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
+                      https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.apache.maven.its.dependency</groupId>
+    <artifactId>hadoop-project</artifactId>
+    <version>1.0.0-test</version>
+  </parent>
+
+  <artifactId>hadoop-common</artifactId>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-reload4j</artifactId>
+    </dependency>
+  </dependencies>
+</project>
+
diff --git a/src/it/mrm/repository/hadoop-project-1.0.0-test.pom b/src/it/mrm/repository/hadoop-project-1.0.0-test.pom
new file mode 100644
index 000000000..cc3adc0d6
--- /dev/null
+++ b/src/it/mrm/repository/hadoop-project-1.0.0-test.pom
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License. See accompanying LICENSE file.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
+                      https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>org.apache.maven.its.dependency</groupId>
+  <artifactId>hadoop-project</artifactId>
+  <version>1.0.0-test</version>
+  <description>Apache Hadoop Project POM</description>
+  <name>Apache Hadoop Project POM</name>
+  <packaging>pom</packaging>
+  <inceptionYear>2008</inceptionYear>
+
+  <dependencyManagement>
+    <dependencies>
+      <dependency>
+        <groupId>org.apache.maven.its.dependency</groupId>
+        <artifactId>hadoop-common</artifactId>
+        <version>1.0.0-test</version>
+        <exclusions>
+          <exclusion>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-reload4j</artifactId>
+          </exclusion>
+        </exclusions>
+      </dependency>
+
+      <dependency>
+        <groupId>org.slf4j</groupId>
+        <artifactId>slf4j-reload4j</artifactId>
+        <version>1.7.36</version>
+      </dependency>
+    </dependencies>
+  </dependencyManagement>
+
+</project>
diff --git a/src/it/projects/analyze-exclusions-gh-1598/pom.xml b/src/it/projects/analyze-exclusions-gh-1598/pom.xml
index bf815072a..c92a2bf23 100644
--- a/src/it/projects/analyze-exclusions-gh-1598/pom.xml
+++ b/src/it/projects/analyze-exclusions-gh-1598/pom.xml
@@ -33,15 +33,17 @@
     Should be ok with Maven 3.x
   </description>
 
+  <url>https://github.com/apache/maven-dependency-plugin/issues/1598</url>
+
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
   </properties>
 
   <dependencies>
     <dependency>
-      <groupId>org.apache.hadoop</groupId>
+      <groupId>org.apache.maven.its.dependency</groupId>
       <artifactId>hadoop-client</artifactId>
-      <version>3.4.3</version>
+      <version>1.0.0-test</version>
       <exclusions>
         <exclusion>
           <groupId>org.slf4j</groupId>

From 3f2726303a88314bfd66448dab37b2546edf7412 Mon Sep 17 00:00:00 2001
From: Slawomir Jaranowski <s.jaranowski@gmail.com>
Date: Tue, 19 May 2026 08:28:37 +0200
Subject: [PATCH 3/5] Add fix

---
 .../plugins/dependency/utils/ResolverUtil.java | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/apache/maven/plugins/dependency/utils/ResolverUtil.java b/src/main/java/org/apache/maven/plugins/dependency/utils/ResolverUtil.java
index e135b47a3..eb4714f26 100644
--- a/src/main/java/org/apache/maven/plugins/dependency/utils/ResolverUtil.java
+++ b/src/main/java/org/apache/maven/plugins/dependency/utils/ResolverUtil.java
@@ -80,17 +80,23 @@ public ResolverUtil(RepositorySystem repositorySystem, Provider<MavenSession> ma
     }
 
     /**
-     * Collects the transitive dependencies.
+     * Collects the transitive dependencies for the current project dependency.
      *
-     * @param root a root dependency for collections
-     * @return a resolved dependencies collections
+     * @param dependency a dependency for collections
+     * @return a resolved dependencies collection
      */
-    public Collection<Dependency> collectDependencies(Dependency root) throws DependencyCollectionException {
+    public Collection<Dependency> collectDependencies(Dependency dependency) throws DependencyCollectionException {
 
         MavenSession session = mavenSessionProvider.get();
+        MavenProject currentProject = session.getCurrentProject();
 
-        CollectRequest request =
-                new CollectRequest(root, session.getCurrentProject().getRemoteProjectRepositories());
+        Dependency root = null;
+        if (currentProject.getArtifact() != null) {
+            root = RepositoryUtils.toDependency(currentProject.getArtifact(), null);
+        }
+
+        CollectRequest request = new CollectRequest(root, currentProject.getRemoteProjectRepositories());
+        request.addDependency(dependency);
         CollectResult result = repositorySystem.collectDependencies(session.getRepositorySession(), request);
 
         PreorderNodeListGenerator nodeListGenerator = new PreorderNodeListGenerator();

From 2211db0520d7b3a12f7e5465222e32208e66161a Mon Sep 17 00:00:00 2001
From: Slawomir Jaranowski <s.jaranowski@gmail.com>
Date: Tue, 19 May 2026 13:07:32 +0200
Subject: [PATCH 4/5] Use null as root node

---
 src/it/mrm/repository/hadoop-client-1.0.0-test.pom   |  6 ------
 .../maven/plugins/dependency/utils/ResolverUtil.java | 12 ++++--------
 2 files changed, 4 insertions(+), 14 deletions(-)

diff --git a/src/it/mrm/repository/hadoop-client-1.0.0-test.pom b/src/it/mrm/repository/hadoop-client-1.0.0-test.pom
index 601ba87a3..a596ec13c 100644
--- a/src/it/mrm/repository/hadoop-client-1.0.0-test.pom
+++ b/src/it/mrm/repository/hadoop-client-1.0.0-test.pom
@@ -27,12 +27,6 @@
     <dependency>
       <groupId>org.apache.maven.its.dependency</groupId>
       <artifactId>hadoop-common</artifactId>
-      <exclusions>
-        <exclusion>
-          <groupId>org.slf4j</groupId>
-          <artifactId>slf4j-log4j12</artifactId>
-        </exclusion>
-      </exclusions>
     </dependency>
   </dependencies>
 </project>
diff --git a/src/main/java/org/apache/maven/plugins/dependency/utils/ResolverUtil.java b/src/main/java/org/apache/maven/plugins/dependency/utils/ResolverUtil.java
index eb4714f26..8ff22350f 100644
--- a/src/main/java/org/apache/maven/plugins/dependency/utils/ResolverUtil.java
+++ b/src/main/java/org/apache/maven/plugins/dependency/utils/ResolverUtil.java
@@ -80,7 +80,7 @@ public ResolverUtil(RepositorySystem repositorySystem, Provider<MavenSession> ma
     }
 
     /**
-     * Collects the transitive dependencies for the current project dependency.
+     * Collects the transitive dependencies.
      *
      * @param dependency a dependency for collections
      * @return a resolved dependencies collection
@@ -88,15 +88,11 @@ public ResolverUtil(RepositorySystem repositorySystem, Provider<MavenSession> ma
     public Collection<Dependency> collectDependencies(Dependency dependency) throws DependencyCollectionException {
 
         MavenSession session = mavenSessionProvider.get();
-        MavenProject currentProject = session.getCurrentProject();
 
-        Dependency root = null;
-        if (currentProject.getArtifact() != null) {
-            root = RepositoryUtils.toDependency(currentProject.getArtifact(), null);
-        }
-
-        CollectRequest request = new CollectRequest(root, currentProject.getRemoteProjectRepositories());
+        CollectRequest request =
+                new CollectRequest(null, session.getCurrentProject().getRemoteProjectRepositories());
         request.addDependency(dependency);
+
         CollectResult result = repositorySystem.collectDependencies(session.getRepositorySession(), request);
 
         PreorderNodeListGenerator nodeListGenerator = new PreorderNodeListGenerator();

From 8e2682cd9ae5762918c0cd7676488c98a08248b7 Mon Sep 17 00:00:00 2001
From: Slawomir Jaranowski <s.jaranowski@gmail.com>
Date: Tue, 19 May 2026 16:54:35 +0200
Subject: [PATCH 5/5] restore exclusion in example

---
 src/it/mrm/repository/hadoop-client-1.0.0-test.pom | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/it/mrm/repository/hadoop-client-1.0.0-test.pom b/src/it/mrm/repository/hadoop-client-1.0.0-test.pom
index a596ec13c..601ba87a3 100644
--- a/src/it/mrm/repository/hadoop-client-1.0.0-test.pom
+++ b/src/it/mrm/repository/hadoop-client-1.0.0-test.pom
@@ -27,6 +27,12 @@
     <dependency>
       <groupId>org.apache.maven.its.dependency</groupId>
       <artifactId>hadoop-common</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>org.slf4j</groupId>
+          <artifactId>slf4j-log4j12</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
   </dependencies>
 </project>