From e88843450e972a020906f22b611d5f602563fec0 Mon Sep 17 00:00:00 2001 From: Robert Stupp Date: Mon, 21 Mar 2022 15:38:03 +0100 Subject: [PATCH] [MSHADE-413] Fix endless loop caused by manipulating shared objects Maven objects (like `Dependency` or `Model`) returned by Maven must not be modified. Doing so will result in endless loops or incorrect builds. --- .../apache/maven/plugins/shade/mojo/ShadeMojo.java | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/apache/maven/plugins/shade/mojo/ShadeMojo.java b/src/main/java/org/apache/maven/plugins/shade/mojo/ShadeMojo.java index d717253f..b6e0ff35 100644 --- a/src/main/java/org/apache/maven/plugins/shade/mojo/ShadeMojo.java +++ b/src/main/java/org/apache/maven/plugins/shade/mojo/ShadeMojo.java @@ -1083,14 +1083,20 @@ private void createDependencyReducedPom( Set artifactsToRemove ) // we'll figure out the exclusions in a bit. transitiveDeps.add( dep ); } - List origDeps = project.getDependencies(); - if ( promoteTransitiveDependencies ) + Model model = project.getOriginalModel(); + + // MSHADE-413: Must not use objects (for example `Model` or `Dependency`) that are "owned + // by Maven" and being used by other projects/plugins. Modifying those will break the + // correctness of the build - or cause an endless loop. + List origDeps = new ArrayList<>(); + List source = promoteTransitiveDependencies ? transitiveDeps : project.getDependencies(); + for ( Dependency d : source ) { - origDeps = transitiveDeps; + origDeps.add( d.clone() ); } + model = model.clone(); - Model model = project.getOriginalModel(); // MSHADE-185: We will remove all system scoped dependencies which usually // have some kind of property usage. At this time the properties within // such things are already evaluated.