brunoborges commented on PR #1599:
URL:
https://github.com/apache/maven-dependency-plugin/pull/1599#issuecomment-4184878919
## Second audit fixes (7cbd853e)
Ran a second full audit of all add/remove source files and documentation
after the first round of fixes.
### Fixed:
1. **🔴 Stale documentation: "Updating an Existing Dependency" section** —
The entire section (lines 95-112 in `managing-dependencies.apt.vm`) described
nonexistent behavior: update-on-duplicate semantics and a `NONE` sentinel for
clearing fields. In reality, `dependency:add` *fails* on duplicates and no NONE
sentinel exists. Replaced with accurate "Duplicate Detection" and "Optional
Dependencies" sections.
2. **🔴 Empty-string type/classifier breaks model sync** — When Maven sets
unspecified `-Dtype` or `-Dclassifier` to empty string (rather than null), the
model sync in `RemoveDependencyMojo` and `existsInResolvedModel` in
`AbstractDependencyMojo` would fail to match dependencies with default type
`"jar"` because `"".equals("jar")` is false. Fixed by normalizing empty strings
to their default values (`"jar"` for type, `""` for classifier).
3. **🟡 NPE in `PomEditor.findProfile(null)`** — `findProfile()` is a public
API method that would throw NPE if called with null. Current callers guard
against this, but added a null guard for defensive correctness.
4. **🟢 `File.delete()` return value ignored** — `PomEditor.save()` used
`tempFile.delete()` whose return value was silently ignored. Replaced with
`Files.deleteIfExists()` which throws on failure.
5. **🟢 `-Doptional` parameter undocumented** — Added documentation for the
`optional` parameter in `managing-dependencies.apt.vm`.
All 389 tests pass.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
