From 7eb9f999353cf11352e0632c1f512055ec80ee75 Mon Sep 17 00:00:00 2001
From: Chad Wilson <29788154+chadlwilson@users.noreply.github.com>
Date: Mon, 23 Feb 2026 12:29:06 +0800
Subject: [PATCH] chore: avoid use of parent pom and maven properties where it
is unnecessary
Using properties adds confusing indirection to dependencies when tracking things down; plugin management already serves this purpose, so I suggest should reserve use for cases where we want to de-duplicate versions (even though dependabot can help us with this anyway) or add clarity for coupled versions via the properties.
Additionally, it is clearer to manage dependencies for the maven plugin in its own dependencyManagement since this has no effect on the rest of ODC, and doesn't need a parent POM reference.
Signed-off-by: Chad Wilson <29788154+chadlwilson@users.noreply.github.com>
---
core/pom.xml | 1 -
maven/pom.xml | 169 ++++++++++++++++++++++++++++++++---------
pom.xml | 206 ++++++++++----------------------------------------
utils/pom.xml | 1 -
4 files changed, 174 insertions(+), 203 deletions(-)
diff --git a/core/pom.xml b/core/pom.xml
index 12cc2ffe39..8c23b8efbe 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -468,7 +468,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
org.apache.maven.plugins
maven-dependency-plugin
- ${maven-dependency-plugin.version}
copy-test-dependencies
diff --git a/maven/pom.xml b/maven/pom.xml
index 2331480060..b3f6e17809 100644
--- a/maven/pom.xml
+++ b/maven/pom.xml
@@ -28,6 +28,8 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
dependency-check-maven is a Maven Plugin that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the project's dependencies. The plugin will generate a report listing the dependency, any identified Common Platform Enumeration (CPE) identifiers, and the associated Common Vulnerability and Exposure (CVE) entries.
2013
+ 3.6.3
+
3.15.2
${java.home}
@@ -38,8 +40,102 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
HEAD
- 3.6.3
+ ${maven.api.version}
+
+
+
+ org.apache.maven
+ maven-core
+ ${maven.api.version}
+
+
+ org.apache.maven.shared
+ maven-shared-utils
+ 3.4.2
+
+
+ org.apache.maven
+ maven-plugin-api
+ ${maven.api.version}
+
+
+ org.apache.maven.shared
+ file-management
+ 3.2.0
+
+
+ org.apache.maven
+ maven-settings
+ ${maven.api.version}
+
+
+ org.apache.maven
+ maven-model
+ ${maven.api.version}
+
+
+ org.apache.maven
+ maven-artifact
+ ${maven.api.version}
+
+
+ org.apache.maven
+ maven-settings-builder
+ ${maven.api.version}
+
+
+ org.apache.maven.plugin-tools
+ maven-plugin-annotations
+ 3.15.2
+
+
+ org.apache.maven.reporting
+ maven-reporting-api
+ 4.0.0
+
+
+ org.apache.maven.doxia
+ doxia-sink-api
+ 2.0.0
+
+
+ org.apache.maven.shared
+ maven-dependency-tree
+ 3.3.0
+
+
+ org.apache.maven.shared
+ maven-artifact-transfer
+ 0.13.1
+
+
+ org.apache.maven.shared
+ maven-common-artifact-filters
+ 3.4.0
+
+
+ org.codehaus.plexus
+ plexus-utils
+ 4.0.2
+
+
+
+ org.codehaus.plexus
+ plexus-xml
+ 3.0.1
+
+
+ org.apache.maven.plugin-testing
+ maven-plugin-testing-harness
+ 3.5.1
+ test
+
+
+
@@ -84,15 +180,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
-
-
-
- org.apache.maven.plugins
- maven-plugin-report-plugin
- ${version.maven-plugin-plugin}
-
-
-
org.owasp
@@ -120,24 +207,23 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
provided
- org.apache.maven.doxia
- doxia-sink-api
+ org.apache.maven.plugin-tools
+ maven-plugin-annotations
+ provided
- org.apache.maven.shared
- file-management
-
-
- org.codehaus.plexus
- plexus-utils
+ org.apache.maven
+ maven-model
+ provided
- org.codehaus.plexus
- plexus-xml
+ org.apache.maven
+ maven-artifact
+ provided
- org.apache.maven.plugin-tools
- maven-plugin-annotations
+ org.apache.maven
+ maven-settings-builder
provided
@@ -145,31 +231,28 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
maven-reporting-api
- org.apache.maven
- maven-settings-builder
+ org.apache.maven.doxia
+ doxia-sink-api
org.apache.maven.shared
- maven-dependency-tree
+ file-management
- org.apache.maven.plugin-testing
- maven-plugin-testing-harness
- test
+ org.codehaus.plexus
+ plexus-utils
- org.apache.maven.shared
- maven-artifact-transfer
+ org.codehaus.plexus
+ plexus-xml
- org.apache.maven
- maven-model
- provided
+ org.apache.maven.shared
+ maven-dependency-tree
- org.apache.maven
- maven-artifact
- provided
+ org.apache.maven.shared
+ maven-artifact-transfer
org.apache.maven.shared
@@ -187,7 +270,21 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
com.github.package-url
packageurl-java
+
+ org.apache.maven.plugin-testing
+ maven-plugin-testing-harness
+ test
+
+
+
+
+ org.apache.maven.plugins
+ maven-plugin-report-plugin
+ ${version.maven-plugin-plugin}
+
+
+
FullIntegrationTesting
diff --git a/pom.xml b/pom.xml
index 19d3339f6f..be5049563c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -116,58 +116,31 @@ Copyright (c) 2012 - Jeremy Long
2026-01-09T12:38:08Z
UTF-8
UTF-8
- github
- 9.12.3
- 1.10.15
-
-
- 2.0.17
- 1.5.25
-
- 3.6.3
- 3.6.0
- 9.3
- 2.0.0
- 3.2.0
+
+ 3.6.0
+ 9.3
3.10.0
3.12.0
-
- 2.5
3.9.0
- 3.5.5
0.8.14
4.9.8.2
- 3.2.2
- 2.21.0
- 2.4.240
- 1.11.0
- 2.21.0
- 3.20.0
- 1.15.0
+
+
+ 2.0.17
+ 1.5.25
+
+ 9.12.3
+
+ 2.4.240
+ 42.7.10
+ 9.6.0
+
+ 1.10.15
5.5.1
5.3.6
- 3.2.1
- 1.2.3
5.14.3
- 3.0
- 5.21.0
- 1.22.1
- 1.27.1
- 3.2.0
- 3.5.1
- 3.15.2
- 4.0.0
- 2.4.1
- 3.3.0
- 1.1.7
- 0.13.1
- 3.4.0
- 4.3.1
- 3.0.4
- 2.21.1
- 42.7.10
- 9.6.0
+
@@ -299,7 +272,7 @@ Copyright (c) 2012 - Jeremy Long
org.apache.maven.plugins
maven-surefire-plugin
- 3.5.4
+ 3.5.5
org.apache.maven.plugins
@@ -332,12 +305,12 @@ Copyright (c) 2012 - Jeremy Long
org.apache.maven.plugins
maven-checkstyle-plugin
- ${reporting.checkstyle-plugin.version}
+ ${maven-checkstyle-plugin.version}
com.puppycrawl.tools
checkstyle
- ${reporting.checkstyle.tool.version}
+ ${checkstyle.tool.version}
@@ -349,7 +322,7 @@ Copyright (c) 2012 - Jeremy Long
org.codehaus.gmavenplus
gmavenplus-plugin
- ${gmavenplus-plugin.version}
+ 4.3.1
org.apache.groovy
@@ -362,7 +335,7 @@ Copyright (c) 2012 - Jeremy Long
org.codehaus.mojo
versions-maven-plugin
- ${versions-maven-plugin.version}
+ 2.21.0
.*-(alpha|beta|M|rc)[-0-9]+
@@ -512,7 +485,6 @@ Copyright (c) 2012 - Jeremy Long
org.apache.maven.plugins
maven-javadoc-plugin
- ${maven-javadoc-plugin.version}
false
Copyright© 2012-21 Jeremy Long. All Rights Reserved.
@@ -709,7 +681,6 @@ Copyright (c) 2012 - Jeremy Long
false
org.apache.maven.plugins
maven-antrun-plugin
- ${maven-antrun-plugin.version}
copy-xsd
@@ -754,7 +725,6 @@ Copyright (c) 2012 - Jeremy Long
org.apache.maven.plugins
maven-checkstyle-plugin
- ${reporting.checkstyle-plugin.version}
false
@@ -826,12 +796,13 @@ Copyright (c) 2012 - Jeremy Long
org.apache.maven.plugins
maven-jxr-plugin
- ${maven-jxr-plugin.version}
+
+ 2.5
org.apache.maven.plugins
maven-checkstyle-plugin
- ${reporting.checkstyle-plugin.version}
+ ${maven-checkstyle-plugin.version}
false
false
@@ -863,7 +834,7 @@ Copyright (c) 2012 - Jeremy Long
org.apache.maven.plugins
maven-surefire-report-plugin
- ${maven-surefire-report-plugin.version}
+ 3.5.5
@@ -901,7 +872,7 @@ Copyright (c) 2012 - Jeremy Long
org.codehaus.mojo
taglist-maven-plugin
- ${taglist-maven-plugin.version}
+ 3.2.2
@@ -951,7 +922,7 @@ Copyright (c) 2012 - Jeremy Long
org.apache.commons
commons-jcs3-core
- ${commons-jcs-core.version}
+ 3.2.1
org.apache.httpcomponents.client5
@@ -1039,48 +1010,34 @@ Copyright (c) 2012 - Jeremy Long
com.h2database
h2
- ${com.h2database.version}
+ ${driver.h2database.version}
commons-cli
commons-cli
- ${commons-cli.version}
-
-
- org.codehaus.plexus
- plexus-utils
- 4.0.2
-
-
-
- org.codehaus.plexus
- plexus-xml
- 3.0.1
+ 1.11.0
com.fasterxml.jackson
jackson-bom
- ${jackson.version}
+ 2.21.1
pom
import
commons-io
commons-io
- ${commons-io.version}
+ 2.21.0
org.apache.commons
commons-lang3
- ${commons-lang3.version}
+ 3.20.0
org.apache.commons
commons-text
- ${commons-text.version}
+ 1.15.0
ch.qos.logback
@@ -1095,7 +1052,7 @@ Copyright (c) 2012 - Jeremy Long
org.mockito
mockito-bom
- ${mockito.version}
+ 5.21.0
pom
import
@@ -1109,7 +1066,7 @@ Copyright (c) 2012 - Jeremy Long
org.apache.commons
commons-compress
- ${commons-compress.version}
+ 1.27.1
org.apache.ant
@@ -1151,7 +1108,7 @@ Copyright (c) 2012 - Jeremy Long
com.h3xstream.retirejs
retirejs-core
- ${com.h3xstream.retirejs.core.version}
+ 3.0.4
@@ -1165,66 +1122,6 @@ Copyright (c) 2012 - Jeremy Long
json
20251224
-
- org.apache.maven
- maven-core
- ${maven.api.version}
-
-
- org.apache.maven.shared
- maven-shared-utils
- 3.4.2
-
-
- org.apache.maven
- maven-plugin-api
- ${maven.api.version}
-
-
- org.apache.maven.shared
- file-management
- ${org.apache.maven.shared.file-management.version}
-
-
- org.apache.maven
- maven-settings
- ${maven.api.version}
-
-
- org.apache.maven
- maven-model
- ${maven.api.version}
- provided
-
-
- org.apache.maven
- maven-artifact
- ${maven.api.version}
- provided
-
-
- org.apache.maven
- maven-settings-builder
- ${maven.api.version}
- provided
-
-
- org.apache.maven.plugin-testing
- maven-plugin-testing-harness
- ${maven-plugin-testing-harness.version}
- test
-
-
- org.apache.maven.plugin-tools
- maven-plugin-annotations
- ${maven-plugin-annotations.version}
- provided
-
-
- org.apache.maven.reporting
- maven-reporting-api
- ${maven-reporting-api.version}
-
org.apache.commons
commons-collections4
@@ -1233,29 +1130,23 @@ Copyright (c) 2012 - Jeremy Long
org.apache.velocity
velocity-engine-core
- ${org.apache.velocity.version}
-
-
-
- org.apache.maven.shared
- maven-dependency-tree
- ${maven-dependency-tree.version}
+ 2.4.1
org.eclipse.parsson
jakarta.json
- ${org.eclipse.parsson.jakarta.json.version}
+ 1.1.7
org.hamcrest
hamcrest
- ${hamcrest.version}
+ 3.0
test
org.jsoup
jsoup
- ${jsoup.version}
+ 1.22.1
org.slf4j
@@ -1272,21 +1163,6 @@ Copyright (c) 2012 - Jeremy Long
jcl-over-slf4j
${slf4j.version}
-
- org.apache.maven.shared
- maven-artifact-transfer
- ${maven-artifact-transfer.version}
-
-
- org.apache.maven.shared
- maven-common-artifact-filters
- ${maven-common-artifact-filters.version}
-
-
- org.apache.maven.doxia
- doxia-sink-api
- ${doxia-base.version}
-
org.sonatype.ossindex
ossindex-service-client
@@ -1326,7 +1202,7 @@ Copyright (c) 2012 - Jeremy Long
com.hankcs
aho-corasick-double-array-trie
- ${aho-corasick-double-array-trie.version}
+ 1.2.3
org.eclipse.packager
diff --git a/utils/pom.xml b/utils/pom.xml
index a45e43efad..91587f5eff 100644
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -90,7 +90,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
org.apache.maven.plugins
maven-dependency-plugin
- ${maven-dependency-plugin.version}