The big issue here that needs verification and/or fixing is that when a direct dependency is marked scope == provided, the transitive dependencies below that provided-scope dependency still need to be resolved for the purposes of testing.
For example, assume I'm developing an extension for Maven and I declare a direct dependency on maven-core with scope == provided. My real interest in maven-core is DefaultMaven, to be used to spawn separate, second-level builds (I know, there are many many other reasons this might not work, but just go with it). In this case, maven-core has a dependency on maven-project which is critical.
DefaultMaven depends on DefaultMavenProjectBuilder to read POMs and return MavenProject instances. If I create unit tests that attempt to execute my extension class, those unit tests will require the maven-project artifact (along with many others) to be present before a valid runtime environment for the unit test can be created. If maven-project is excluded from dependency resolution, the unit test will fail with a NoClassDefFoundError.
The place where a problem could arise in all of this is when/if my direct dependency with provided scope itself declares a dependency with scope == provided. Surefire most likely cannot create a valid runtime environment in this case unless it traverses every provided- and non-provided-scope dependency. Since the code makes the assumption that those provided-scope dependencies will be present at runtime, the calculation for creating that runtime environment for the purposes of unit testing may become very difficult.
Bug
Closed
Major
The big issue here that needs verification and/or fixing is that when a direct dependency is marked scope == provided, the transitive dependencies below that provided-scope dependency still need to be resolved for the purposes of testing.
For example, assume I'm developing an extension for Maven and I declare a direct dependency on maven-core with scope == provided. My real interest in maven-core is DefaultMaven, to be used to spawn separate, second-level builds (I know, there are many many other reasons this might not work, but just go with it). In this case, maven-core has a dependency on maven-project which is critical.
DefaultMaven depends on DefaultMavenProjectBuilder to read POMs and return MavenProject instances. If I create unit tests that attempt to execute my extension class, those unit tests will require the maven-project artifact (along with many others) to be present before a valid runtime environment for the unit test can be created. If maven-project is excluded from dependency resolution, the unit test will fail with a NoClassDefFoundError.
The place where a problem could arise in all of this is when/if my direct dependency with provided scope itself declares a dependency with scope == provided. Surefire most likely cannot create a valid runtime environment in this case unless it traverses every provided- and non-provided-scope dependency. Since the code makes the assumption that those provided-scope dependencies will be present at runtime, the calculation for creating that runtime environment for the purposes of unit testing may become very difficult.