chore: avoid use of parent pom and maven properties where unnecessary#8322
Merged
nhumblot merged 2 commits intodependency-check:mainfrom Feb 25, 2026
Merged
Conversation
boring-cyborg
Bot
added
core
chadlwilson
changed the title
chadlwilson
changed the title
chadlwilson
force-pushed
the
simplify-properties
branch
2 times, most recently
from
b598a36 to
d3bffe8
Compare
…essary Using properties adds confusing indirection to dependencies when tracking things down; plugin management already serves this purpose, so I suggest should reserve use for cases where we want to de-duplicate versions (even though dependabot can help us with this anyway) or add clarity for coupled versions via the properties. Additionally, it is clearer to manage dependencies for the maven plugin in its own dependencyManagement since this has no effect on the rest of ODC, and doesn't need a parent POM reference. Signed-off-by: Chad Wilson <[email protected]>
chadlwilson
force-pushed
the
simplify-properties
branch
from
d3bffe8 to
7eb9f99
Compare
nhumblot
previously approved these changes
Feb 25, 2026
jeremylong
previously approved these changes
Feb 25, 2026
chadlwilson
dismissed stale reviews from jeremylong and nhumblot
via
e1e2674
This is a provided dependency alongside the API version; so don't think we need to actively manage this now. Was originally added in 081d21d to address a conflict which seems to no longer exist. Signed-off-by: Chad Wilson <[email protected]>
chadlwilson
force-pushed
the
simplify-properties
branch
from
e1e2674 to
2da15bb
Compare
nhumblot
approved these changes
Feb 25, 2026
Collaborator
nhumblot
left a comment
nhumblot
left a comment
There was a problem hiding this comment.
praise: thanks for the reactivity!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of Change
IMHO our current way of using properties
Parent POM
pluginManagement/dependencyManagementalready serves this purpose for the most part, so I suggest should we reserve use of properties for cases where we really need to de-duplicate versions (even though dependabot can help us with updating such duplicates anyway) or add clarity for coupled versions via the properties.Additionally, it is clearer to manage the special dependencies for the maven plugin in its own
dependencyManagementsince this has no effect on the rest of ODC, doesn't need the parent POM to reference; and has its own considerations to consider in isolation.Appreciate this is a bit irritating to review, but can rest assured that if I accidentally downgraded anything that dependabot will re-upgrade it :-)
Related issues
N/A
Have test cases been added to cover the new functionality?
yes