brunoborges commented on PR #1599: URL: https://github.com/apache/maven-dependency-plugin/pull/1599#issuecomment-4184911171
## Third audit fixes (5b43f82b) ### Fixed: 1. **🔴 Stale docs in `usage.apt.vm`** — Line 721 still claimed `dependency:add` "updates automatically" on duplicate. Fixed to say it fails with a descriptive error. Also removed inconsistent quotes from GAV examples to match `managing-dependencies.apt.vm` style. 2. **🟡 Null check for `project.getFile()`** — Both `AddDependencyMojo` and `RemoveDependencyMojo` dereferenced `targetProject.getFile()` without null check. While `requiresProject=true` ensures a project exists, it does not guarantee a physical POM file. Added null checks with clear `MojoExecutionException` messages. 3. **🟡 Null check for `parentProject.getBasedir()`** — `checkChildModuleDependencies` used `getBasedir()` without null check when constructing child module paths. Added guard that skips the check gracefully with a debug log. 4. **🟡 Null validation in `PomEditor.findDependency()`** — Public API method would NPE on null `groupId`/`artifactId` parameters. Added `IllegalArgumentException` with clear message. All 389 tests pass. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
