Allow shallow maven dependency scan or max depth

[thomaszub]

Hi,

we have currently an issue with some projects with many nested dependencies and boms. The method resolveDependencies in org.openrewrite.maven.tree.ResolvedPom resolves (as far as I understand) the dependencies at full depth. This leads to a very high number of found dependencies effectively stopping the rewrite-maven-plugin from doing anything.

I would suggest a flag to trigger only a shallow dependency scan or a configurable parameter for a max depth, that could be than configured in the rewrite-maven-plugin. As a remark, I know of the option skipMavenParsing but this deactivates recipes that update the pom, so this is currently not a good option.

For comparison, the Maven command mvn dependency:tree performs only a shallow scan omitting duplicate dependencies in the lower dependency tree.

Kind regards Thomas

[jkschneider]

For comparison, the Maven command mvn dependency:tree performs only a shallow scan omitting duplicate dependencies in the lower dependency tree.

The resolution logic in rewrite-maven does not re-resolve dependencies it has seen previously. The exact logic here is complex, but there is a degree of skipping of subproblems that have already been solved.

the dependencies at full depth. This leads to a very high number of found dependencies effectively stopping the rewrite-maven-plugin from doing anything.

Are we sure that the time spent is in resolution? Was this a profiler result?

[thomaszub]

I can try to get informations from a profiler but not before Monday.

[jkschneider]

[thomaszub]

Fixed with latest main version.