From bbdf514162a8a2db70f5b418dbbcc89b0a710159 Mon Sep 17 00:00:00 2001 From: Tamas Cservenak Date: Mon, 18 May 2026 21:39:56 +0200 Subject: [PATCH] Bugfix: false positives in analyze-exclusions Fixes #1598 --- .../dependency/exclusion/AnalyzeExclusionsMojo.java | 3 ++- .../plugins/dependency/utils/ResolverUtil.java | 13 +++++++++++++ .../exclusion/AnalyzeExclusionsMojoTest.java | 4 ++-- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/apache/maven/plugins/dependency/exclusion/AnalyzeExclusionsMojo.java b/src/main/java/org/apache/maven/plugins/dependency/exclusion/AnalyzeExclusionsMojo.java index 164505055..145d8a8ff 100644 --- a/src/main/java/org/apache/maven/plugins/dependency/exclusion/AnalyzeExclusionsMojo.java +++ b/src/main/java/org/apache/maven/plugins/dependency/exclusion/AnalyzeExclusionsMojo.java @@ -144,7 +144,8 @@ public void execute() throws MojoExecutionException { Collection actualDependencies; try { - actualDependencies = resolverUtil.collectDependencies( + actualDependencies = resolverUtil.collectDependenciesWithDirectDependencies( + null, RepositoryUtils.toDependency(currentCoordinates.getDependency(), artifactTypeRegistry) .setExclusions(null)); } catch (DependencyCollectionException e) { diff --git a/src/main/java/org/apache/maven/plugins/dependency/utils/ResolverUtil.java b/src/main/java/org/apache/maven/plugins/dependency/utils/ResolverUtil.java index e135b47a3..253f16df8 100644 --- a/src/main/java/org/apache/maven/plugins/dependency/utils/ResolverUtil.java +++ b/src/main/java/org/apache/maven/plugins/dependency/utils/ResolverUtil.java @@ -24,6 +24,7 @@ import javax.inject.Singleton; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.LinkedHashSet; @@ -86,11 +87,23 @@ public ResolverUtil(RepositorySystem repositorySystem, Provider ma * @return a resolved dependencies collections */ public Collection collectDependencies(Dependency root) throws DependencyCollectionException { + return collectDependenciesWithDirectDependencies(root); + } + + /** + * Collects the transitive dependencies. + * + * @param root a root dependency for collections + * @return a resolved dependencies collections + */ + public Collection collectDependenciesWithDirectDependencies(Dependency root, Dependency... dependencies) + throws DependencyCollectionException { MavenSession session = mavenSessionProvider.get(); CollectRequest request = new CollectRequest(root, session.getCurrentProject().getRemoteProjectRepositories()); + Arrays.stream(dependencies).forEach(request::addDependency); CollectResult result = repositorySystem.collectDependencies(session.getRepositorySession(), request); PreorderNodeListGenerator nodeListGenerator = new PreorderNodeListGenerator(); diff --git a/src/test/java/org/apache/maven/plugins/dependency/exclusion/AnalyzeExclusionsMojoTest.java b/src/test/java/org/apache/maven/plugins/dependency/exclusion/AnalyzeExclusionsMojoTest.java index 95616bfd3..0fdb60ca4 100644 --- a/src/test/java/org/apache/maven/plugins/dependency/exclusion/AnalyzeExclusionsMojoTest.java +++ b/src/test/java/org/apache/maven/plugins/dependency/exclusion/AnalyzeExclusionsMojoTest.java @@ -139,7 +139,7 @@ void testShallNotReportInvalidExclusionForWildcardGroupIdAndArtifactId(AnalyzeEx dependencyWithWildcardExclusion.addExclusion(exclusion("*", "*")); when(project.getDependencies()).thenReturn(Collections.singletonList(dependencyWithWildcardExclusion)); - when(resolverUtil.collectDependencies(any())) + when(resolverUtil.collectDependenciesWithDirectDependencies(any(), any())) .thenReturn(Collections.singletonList(new org.eclipse.aether.graph.Dependency( new DefaultArtifact("whatever", "ok", "jar", "1.0"), ""))); @@ -168,7 +168,7 @@ void testShallNotLogWhenExclusionIsValid(AnalyzeExclusionsMojo mojo) throws Exce dependencies.add(dependency); when(project.getDependencies()).thenReturn(dependencies); - when(resolverUtil.collectDependencies(any())) + when(resolverUtil.collectDependenciesWithDirectDependencies(any(), any())) .thenReturn(Collections.singletonList( new org.eclipse.aether.graph.Dependency(new DefaultArtifact("ok", "ok", "jar", "1.0"), "")));