[shrinkwrap-issues] [JBoss JIRA] (SHRINKWRAP-345) MavenDependencyResolver resolves wrong version or scope for transitive dependencies when using <dependencyManagement>
Karel Piwko (Commented) (JIRA)
jira-events at lists.jboss.org
Mon Oct 24 04:14:45 EDT 2011
[ https://issues.jboss.org/browse/SHRINKWRAP-345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12636788#comment-12636788 ]
Karel Piwko commented on SHRINKWRAP-345:
----------------------------------------
Fixed in https://github.com/kpiwko/resolver/commit/a00fa3ca5c1fad9455c55600650b8e2ad169bd18
Usage:
{code}
@Test
public void testIncludeFromPomWithDependencyManagement() {
File[] jars = DependencyResolvers.use(MavenDependencyResolver.class).useCentralRepo(false)
.loadEffectiveFromPom("target/poms/test-depmngmt-transitive.xml").importAllDependencies().resolveAsFiles();
Assert.assertEquals("Exactly 2 files were resolved", 2, jars.length);
new FileValidationUtil("test-deps-b-2.0.0", "test-deps-c-1.0.0").validate(jars);
}
{code}
Note: API is suspect to change.
> MavenDependencyResolver resolves wrong version or scope for transitive dependencies when using <dependencyManagement>
> ---------------------------------------------------------------------------------------------------------------------
>
> Key: SHRINKWRAP-345
> URL: https://issues.jboss.org/browse/SHRINKWRAP-345
> Project: ShrinkWrap
> Issue Type: Bug
> Components: ext-resolver
> Affects Versions: 1.0.0-beta-5
> Reporter: Mike Pettypiece
> Assignee: Karel Piwko
> Fix For: resolver-2.0.0-alpha-1
>
> Attachments: maven-test.zip
>
>
> Using includesDependenciesFromPom() followed by resolveAsFiles() can produce a transitive dependency with the wrong scope or version if it is defined in the <dependencyManagment> section of the POM.
> e.g.:
> <dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>commons-logging</groupId>
> <artifactId>commons-logging</artifactId>
> <version>1.1</version>
> </dependency>
> </dependencies>
> </dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>commons-beanutils</groupId>
> <artifactId>commons-beanutils</artifactId>
> <version>1.7.0</version>
> <exclusions>
> <exclusion>
> <artifactId>servlet-api</artifactId>
> <groupId>javax.servlet</groupId>
> </exclusion>
> </exclusions>
> </dependency>
> <dependencies>
> common-beanutils depends on common-logging:1.0.3 but we've specified a higher version in the <dependencyManagement> section. A 'mvn package' will put common-logging:1.1 in the WEB-INF/lib directory but the following code will spit out a version of 1.0.3:
> File[] files =
> DependencyResolvers.use( MavenDependencyResolver.class )
> .useCentralRepo( false )
> .configureFrom( System.getProperty( "user.home" ) + "/.m2/settings.xml" )
> .includeDependenciesFromPom( "pom.xml" )
> .resolveAsFiles( new ScopeFilter( "compile", "runtime" ) );
> for ( File f : files )
> {
> System.out.println( f.getName() );
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the shrinkwrap-issues
mailing list