mirror of
https://github.com/apache/maven.git
synced 2025-02-14 22:16:27 +00:00
4567c8319e
The first step here is deprecating the publicly accessible method that allows plugins to inject dependencies. The only plugin I currently know of that does this is the cobertura-maven-plugin. Looking at that plugin it appears the user can specify the cobertura dependency for the instrumentation process but if they do not the plugin attempts to inject the dependency. I believe the path forward here is making sure these types of plugins instruct their users to add the dependency explicitly. I'm going to try and create a call-graph for all of Maven Central with my first test to see if I can accurately detect all usages of MavenProject.setDependencyArtifacts of artifact in Maven Central.