[shrinkwrap-issues] [JBoss JIRA] (SHRINKRES-292) BOM pollutes dependencyManagement

Rich DiCroce (Jira) issues at jboss.org
Thu Nov 8 14:39:00 EST 2018


     [ https://issues.jboss.org/browse/SHRINKRES-292?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rich DiCroce updated SHRINKRES-292:
-----------------------------------
    Description: 
SHRINKRES-256 added a dependency on org.apache.maven:maven to the Shrinkwrap Resolvers BOM. This was a poor idea. It pollutes the dependencyManagement of any projects relying on the SWR BOM with artifacts that have nothing to do with SWR. This includes a lot of commonly used libraries (Guava, commons-lang3, Mockito, etc).

If a project relying on the SWR BOM also has a transitive dependency on any of those libraries, the version specified by org.apache.maven:maven will be used, which seems like a bad thing to me. And if a project relying on the SWR BOM also has a direct dependency on any of those libraries, Eclipse complains about overriding managed versions.

  was:
SHRINKRES-256 added a dependency on org.apache.maven:maven to the Shrinkwrap Resolvers BOM. This was a poor idea. It pollutes the dependencyManagement of any projects relying on the SWR BOM with artifacts that have nothing to do with SWR. This includes a lot of commonly used libraries (Guava, commons-lang3, Mockito, etc).

If a project relying on the SWR BOM also has a transitive dependency on any of those libraries, the version specified by org.apache.maven:maven will be used, which seems like a bad thing to me. And if a project relying on the SWR BOM also has a direct dependency on any of those libraries, Eclipse complains about overriding managed versions.

The SWR BOM 



> BOM pollutes dependencyManagement
> ---------------------------------
>
>                 Key: SHRINKRES-292
>                 URL: https://issues.jboss.org/browse/SHRINKRES-292
>             Project: ShrinkWrap Resolvers
>          Issue Type: Bug
>    Affects Versions: 3.1.3
>            Reporter: Rich DiCroce
>            Priority: Major
>
> SHRINKRES-256 added a dependency on org.apache.maven:maven to the Shrinkwrap Resolvers BOM. This was a poor idea. It pollutes the dependencyManagement of any projects relying on the SWR BOM with artifacts that have nothing to do with SWR. This includes a lot of commonly used libraries (Guava, commons-lang3, Mockito, etc).
> If a project relying on the SWR BOM also has a transitive dependency on any of those libraries, the version specified by org.apache.maven:maven will be used, which seems like a bad thing to me. And if a project relying on the SWR BOM also has a direct dependency on any of those libraries, Eclipse complains about overriding managed versions.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)


More information about the shrinkwrap-issues mailing list