[shrinkwrap-issues] [JBoss JIRA] (SHRINKWRAP-345) MavenDependencyResolver resolves wrong version or scope for transitive dependencies when using <dependencyManagement>

Mike Pettypiece (Updated) (JIRA) jira-events at lists.jboss.org
Thu Oct 20 17:11:45 EDT 2011 

     [ https://issues.jboss.org/browse/SHRINKWRAP-345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mike Pettypiece updated SHRINKWRAP-345:
---------------------------------------

    Attachment: maven-test.zip


Example project
                
> MavenDependencyResolver resolves wrong version or scope for transitive dependencies when using <dependencyManagement>
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: SHRINKWRAP-345
>                 URL: https://issues.jboss.org/browse/SHRINKWRAP-345
>             Project: ShrinkWrap
>          Issue Type: Bug
>          Components: ext-resolver
>    Affects Versions: resolver-1.1.0-alpha-1
>            Reporter: Mike Pettypiece
>         Attachments: maven-test.zip
>
>
> Using includesDependenciesFromPom() followed by resolveAsFiles() can produce a transitive dependency with the wrong scope or version if it is defined in the <dependencyManagment> section of the POM.
> e.g.:
>     <dependencyManagement>
>         <dependencies>
>             <dependency>
>                 <groupId>commons-logging</groupId>
>                 <artifactId>commons-logging</artifactId>
>                 <version>1.1</version>
>             </dependency>
>         </dependencies>
>     </dependencyManagement>
>     <dependencies>
>         <dependency>
>             <groupId>commons-beanutils</groupId>
>             <artifactId>commons-beanutils</artifactId>
>             <version>1.7.0</version>
>             <exclusions>
>                 <exclusion>
>                     <artifactId>servlet-api</artifactId>
>                     <groupId>javax.servlet</groupId>
>                 </exclusion>
>             </exclusions>
>         </dependency>
>     <dependencies>
> common-beanutils depends on common-logging:1.0.3 but we've specified a higher version in the <dependencyManagement> section.  A 'mvn package' will put common-logging:1.1 in the WEB-INF/lib directory but the following code will spit out a version of 1.0.3:
>         File[] files =
>         DependencyResolvers.use( MavenDependencyResolver.class )
>         .useCentralRepo( false )
>         .configureFrom( System.getProperty( "user.home" ) + "/.m2/settings.xml" )
>         .includeDependenciesFromPom( "pom.xml" )
>         .resolveAsFiles( new ScopeFilter( "compile", "runtime" ) );
>         for ( File f : files )
>         {
>             System.out.println( f.getName() );
>         }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the shrinkwrap-issues mailing list