[shrinkwrap-issues] [JBoss JIRA] (SHRINKWRAP-345) MavenDependencyResolver resolves wrong version or scope for transitive dependencies when using <dependencyManagement>
Mike Pettypiece (Commented) (JIRA)
jira-events at lists.jboss.org
Thu Oct 20 17:15:45 EDT 2011
[ https://issues.jboss.org/browse/SHRINKWRAP-345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12636264#comment-12636264 ]
Mike Pettypiece commented on SHRINKWRAP-345:
--------------------------------------------
This appears to occur because the transitive dependencies are not loaded in includedDependenciesFromPom(). By the time the transitive dependencies are loaded (in resolveAsFiles()) none of the POM dependencyManagement information is available.
> MavenDependencyResolver resolves wrong version or scope for transitive dependencies when using <dependencyManagement>
> ---------------------------------------------------------------------------------------------------------------------
>
> Key: SHRINKWRAP-345
> URL: https://issues.jboss.org/browse/SHRINKWRAP-345
> Project: ShrinkWrap
> Issue Type: Bug
> Components: ext-resolver
> Affects Versions: resolver-1.1.0-alpha-1
> Reporter: Mike Pettypiece
> Attachments: maven-test.zip
>
>
> Using includesDependenciesFromPom() followed by resolveAsFiles() can produce a transitive dependency with the wrong scope or version if it is defined in the <dependencyManagment> section of the POM.
> e.g.:
> <dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>commons-logging</groupId>
> <artifactId>commons-logging</artifactId>
> <version>1.1</version>
> </dependency>
> </dependencies>
> </dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>commons-beanutils</groupId>
> <artifactId>commons-beanutils</artifactId>
> <version>1.7.0</version>
> <exclusions>
> <exclusion>
> <artifactId>servlet-api</artifactId>
> <groupId>javax.servlet</groupId>
> </exclusion>
> </exclusions>
> </dependency>
> <dependencies>
> common-beanutils depends on common-logging:1.0.3 but we've specified a higher version in the <dependencyManagement> section. A 'mvn package' will put common-logging:1.1 in the WEB-INF/lib directory but the following code will spit out a version of 1.0.3:
> File[] files =
> DependencyResolvers.use( MavenDependencyResolver.class )
> .useCentralRepo( false )
> .configureFrom( System.getProperty( "user.home" ) + "/.m2/settings.xml" )
> .includeDependenciesFromPom( "pom.xml" )
> .resolveAsFiles( new ScopeFilter( "compile", "runtime" ) );
> for ( File f : files )
> {
> System.out.println( f.getName() );
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the shrinkwrap-issues
mailing list