Skip to content

Comments

chore: avoid use of parent pom and maven properties where unnecessary#8322

Open
chadlwilson wants to merge 1 commit intodependency-check:mainfrom
chadlwilson:simplify-properties
Open

chore: avoid use of parent pom and maven properties where unnecessary#8322
chadlwilson wants to merge 1 commit intodependency-check:mainfrom
chadlwilson:simplify-properties

Conversation

@chadlwilson
Copy link
Collaborator

Description of Change

IMHO our current way of using properties

  • adds unnecessarily confusing indirection to dependencies when tracking dependency clashes down
  • sometimes for plugins separates versions from the configuration that may be specific to that version you might want to see when reviewing a dependabot PR
  • tends to cause merge conflicts across dependabot PRs (minor nitpick)

Parent POM pluginManagement already serves this purpose for the most part, so I suggest should we reserve use of properties for cases where we really need to de-duplicate versions (even though dependabot can help us with updating such duplicates anyway) or add clarity for coupled versions via the properties.

Additionally, it is clearer to manage the special dependencies for the maven plugin in its own dependencyManagement since this has no effect on the rest of ODC, doesn't need the parent POM to reference; and has its own considerations to consider in isolation.

Appreciate this is a bit irritating to review, but can rest assured that if I accidentally downgraded anything that dependabot will re-upgrade it :-)

Related issues

N/A

Have test cases been added to cover the new functionality?

yes

@boring-cyborg boring-cyborg bot added core changes to core maven changes to the maven plugin utils changes to utils labels Feb 23, 2026
@chadlwilson chadlwilson changed the title chore: avoid use of parent pom and maven properties where it is unnec… chore: avoid use of parent pom and maven properties where it is unnecessary Feb 23, 2026
@chadlwilson chadlwilson changed the title chore: avoid use of parent pom and maven properties where it is unnecessary chore: avoid use of parent pom and maven properties where unnecessary Feb 23, 2026
@chadlwilson chadlwilson force-pushed the simplify-properties branch 2 times, most recently from b598a36 to d3bffe8 Compare February 23, 2026 12:22
…essary

Using properties adds confusing indirection to dependencies when tracking things down; plugin management already serves this purpose, so I suggest should reserve use for cases where we want to de-duplicate versions (even though dependabot can help us with this anyway) or add clarity for coupled versions via the properties.

Additionally, it is clearer to manage dependencies for the maven plugin in its own dependencyManagement since this has no effect on the rest of ODC, and doesn't need a parent POM reference.

Signed-off-by: Chad Wilson <29788154+chadlwilson@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

core changes to core maven changes to the maven plugin utils changes to utils

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant