You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Joel Turkel (JIRA)" <ji...@codehaus.org> on 2008/08/04 19:48:27 UTC
[jira] Created: (MNG-3696) Add explicit transitive dependencies in
dependencyManagement section of pom.xml
Add explicit transitive dependencies in dependencyManagement section of pom.xml
-------------------------------------------------------------------------------
Key: MNG-3696
URL: http://jira.codehaus.org/browse/MNG-3696
Project: Maven 2
Issue Type: New Feature
Components: Dependencies
Affects Versions: 2.0.9
Reporter: Joel Turkel
Transitive dependencies cause lots of headaches and require a fair amount of manual intervention to fix conflicts. It is common to see a pom with the following scenario:
<dependencyManagement>
<dependencies>
<!-- Must manually include com.other.common when using com.sample.foo -->
<dependency>
<groupId>com.sample</groupId>
<artifactId>foo</artifactId>
<version>1</version>
<exclusions>
<!-- com.sample.foo includes old version 1 of com.other.common -->
<exclusion>
<groupId>com.other</groupId>
<artifactId>common</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.other</groupId>
<artifactId>common</artifactId>
<version>2</version>
</dependency>
<dependency>
<groupId>com.sample</groupId>
<artifactId>bar</artifactId>
<version>3</version>
<!-- com.sample.foo includes version 2 of com.other.common -->
</dependency>
</dependencies>
</dependencyManagement>
This is problematic because descendant poms must manually include the com.other.common dependency when including the com.sample.foo dependency. The word around is creating separate pom projects to manage the dependencies, but this doesn't do a great job of expressing intent, leads to a proliferation of projects, and makes dependency management more difficult since it's scattered over multiple poms.
Ideally users should be allowed to specify inclusions in the dependency management section of the pom e.g. something like:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.sample</groupId>
<artifactId>foo</artifactId>
<version>1</version>
<!-- com.sample.foo includes old version 1 of com.other.common -->
<exclusions>
<exclusion>
<groupId>com.other</groupId>
<artifactId>common</artifactId>
</exclusion>
</exclusions>
<inclusions>
<inclusion>
<groupId>com.other</groupId>
<artifactId>common</artifactId>
<version>2</version>
</inclusion>
</inclusions>
</dependency>
<dependency>
<groupId>com.sample</groupId>
<artifactId>bar</artifactId>
<version>3</version>
<!-- com.sample.foo includes version 2 of com.other.common -->
</dependency>
</dependencies>
</dependencyManagement>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Reopened: (MNG-3696) Add explicit transitive dependencies in
dependencyManagement section of pom.xml
Posted by "Joel Turkel (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-3696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joel Turkel reopened MNG-3696:
------------------------------
The problem occurs when the dependencyManagement section is declared in the root pom file of a large project hierarchy. Then every descendant project that depends on com.sample:foo must also explicitly include the dependency on com.other:common. This is not ideal since the com.other:common is really just a transitive dependency of com.sample:foo and causes a large maintenance overhead. An even bigger problem occurs if the conflict is introduced when upgrading to a new version of com.sample:bar. A version upgrade that should only involve a change to the dependencyManagement section of the root pom file ends up requiring changes to all descendant projects that use com.sample:foo and/or com.sample:bar.
> Add explicit transitive dependencies in dependencyManagement section of pom.xml
> -------------------------------------------------------------------------------
>
> Key: MNG-3696
> URL: http://jira.codehaus.org/browse/MNG-3696
> Project: Maven 2
> Issue Type: New Feature
> Components: Dependencies
> Affects Versions: 2.0.9
> Reporter: Joel Turkel
>
> Transitive dependencies cause lots of headaches and require a fair amount of manual intervention to fix conflicts. It is common to see a pom with the following scenario:
> <dependencyManagement>
> <dependencies>
> <!-- Must manually include com.other.common when using com.sample.foo -->
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>foo</artifactId>
> <version>1</version>
> <exclusions>
> <!-- com.sample.foo includes old version 1 of com.other.common -->
> <exclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> </exclusion>
> </exclusions>
> </dependency>
> <dependency>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> <version>2</version>
> </dependency>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>bar</artifactId>
> <version>3</version>
> <!-- com.sample.foo includes version 2 of com.other.common -->
> </dependency>
> </dependencies>
> </dependencyManagement>
> This is problematic because descendant poms must manually include the com.other.common dependency when including the com.sample.foo dependency. The word around is creating separate pom projects to manage the dependencies, but this doesn't do a great job of expressing intent, leads to a proliferation of projects, and makes dependency management more difficult since it's scattered over multiple poms.
> Ideally users should be allowed to specify inclusions in the dependency management section of the pom e.g. something like:
> <dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>foo</artifactId>
> <version>1</version>
> <!-- com.sample.foo includes old version 1 of com.other.common -->
> <exclusions>
> <exclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> </exclusion>
> </exclusions>
> <inclusions>
> <inclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> <version>2</version>
> </inclusion>
> </inclusions>
> </dependency>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>bar</artifactId>
> <version>3</version>
> <!-- com.sample.foo includes version 2 of com.other.common -->
> </dependency>
> </dependencies>
> </dependencyManagement>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-3696) Add explicit transitive dependencies
in dependencyManagement section of pom.xml
Posted by "Joerg Schaible (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-3696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=144295#action_144295 ]
Joerg Schaible commented on MNG-3696:
-------------------------------------
This is not true. If you declare com.other:common in the depMgmnt as Brett advised, it will take also precedence for transitive deps.
> Add explicit transitive dependencies in dependencyManagement section of pom.xml
> -------------------------------------------------------------------------------
>
> Key: MNG-3696
> URL: http://jira.codehaus.org/browse/MNG-3696
> Project: Maven 2
> Issue Type: New Feature
> Components: Dependencies
> Affects Versions: 2.0.9
> Reporter: Joel Turkel
>
> Transitive dependencies cause lots of headaches and require a fair amount of manual intervention to fix conflicts. It is common to see a pom with the following scenario:
> <dependencyManagement>
> <dependencies>
> <!-- Must manually include com.other.common when using com.sample.foo -->
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>foo</artifactId>
> <version>1</version>
> <exclusions>
> <!-- com.sample.foo includes old version 1 of com.other.common -->
> <exclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> </exclusion>
> </exclusions>
> </dependency>
> <dependency>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> <version>2</version>
> </dependency>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>bar</artifactId>
> <version>3</version>
> <!-- com.sample.foo includes version 2 of com.other.common -->
> </dependency>
> </dependencies>
> </dependencyManagement>
> This is problematic because descendant poms must manually include the com.other.common dependency when including the com.sample.foo dependency. The word around is creating separate pom projects to manage the dependencies, but this doesn't do a great job of expressing intent, leads to a proliferation of projects, and makes dependency management more difficult since it's scattered over multiple poms.
> Ideally users should be allowed to specify inclusions in the dependency management section of the pom e.g. something like:
> <dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>foo</artifactId>
> <version>1</version>
> <!-- com.sample.foo includes old version 1 of com.other.common -->
> <exclusions>
> <exclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> </exclusion>
> </exclusions>
> <inclusions>
> <inclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> <version>2</version>
> </inclusion>
> </inclusions>
> </dependency>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>bar</artifactId>
> <version>3</version>
> <!-- com.sample.foo includes version 2 of com.other.common -->
> </dependency>
> </dependencies>
> </dependencyManagement>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-3696) Add explicit transitive dependencies
in dependencyManagement section of pom.xml
Posted by "Joel Turkel (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-3696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=144304#action_144304 ]
Joel Turkel commented on MNG-3696:
----------------------------------
The suggested workaround will work for version number changes. Another common scenario is incompatible jars e.g. javax.servlet:servlet-api and generonimo-specs:servlet-api. For scenarios like this we want to replace all dependencies transitive dependency on javax.servlet:servlet-api with generonimo-specs:servlet-api.
> Add explicit transitive dependencies in dependencyManagement section of pom.xml
> -------------------------------------------------------------------------------
>
> Key: MNG-3696
> URL: http://jira.codehaus.org/browse/MNG-3696
> Project: Maven 2
> Issue Type: New Feature
> Components: Dependencies
> Affects Versions: 2.0.9
> Reporter: Joel Turkel
>
> Transitive dependencies cause lots of headaches and require a fair amount of manual intervention to fix conflicts. It is common to see a pom with the following scenario:
> <dependencyManagement>
> <dependencies>
> <!-- Must manually include com.other.common when using com.sample.foo -->
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>foo</artifactId>
> <version>1</version>
> <exclusions>
> <!-- com.sample.foo includes old version 1 of com.other.common -->
> <exclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> </exclusion>
> </exclusions>
> </dependency>
> <dependency>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> <version>2</version>
> </dependency>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>bar</artifactId>
> <version>3</version>
> <!-- com.sample.foo includes version 2 of com.other.common -->
> </dependency>
> </dependencies>
> </dependencyManagement>
> This is problematic because descendant poms must manually include the com.other.common dependency when including the com.sample.foo dependency. The word around is creating separate pom projects to manage the dependencies, but this doesn't do a great job of expressing intent, leads to a proliferation of projects, and makes dependency management more difficult since it's scattered over multiple poms.
> Ideally users should be allowed to specify inclusions in the dependency management section of the pom e.g. something like:
> <dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>foo</artifactId>
> <version>1</version>
> <!-- com.sample.foo includes old version 1 of com.other.common -->
> <exclusions>
> <exclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> </exclusion>
> </exclusions>
> <inclusions>
> <inclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> <version>2</version>
> </inclusion>
> </inclusions>
> </dependency>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>bar</artifactId>
> <version>3</version>
> <!-- com.sample.foo includes version 2 of com.other.common -->
> </dependency>
> </dependencies>
> </dependencyManagement>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (MNG-3696) Add explicit transitive dependencies in
dependencyManagement section of pom.xml
Posted by "Brett Porter (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-3696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brett Porter closed MNG-3696.
-----------------------------
Assignee: Brett Porter
Resolution: Duplicate
I think the issue you're referring to there is "global dependency exclusions", so I've linked this issue to that.
> Add explicit transitive dependencies in dependencyManagement section of pom.xml
> -------------------------------------------------------------------------------
>
> Key: MNG-3696
> URL: http://jira.codehaus.org/browse/MNG-3696
> Project: Maven 2
> Issue Type: New Feature
> Components: Dependencies
> Affects Versions: 2.0.9
> Reporter: Joel Turkel
> Assignee: Brett Porter
>
> Transitive dependencies cause lots of headaches and require a fair amount of manual intervention to fix conflicts. It is common to see a pom with the following scenario:
> <dependencyManagement>
> <dependencies>
> <!-- Must manually include com.other.common when using com.sample.foo -->
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>foo</artifactId>
> <version>1</version>
> <exclusions>
> <!-- com.sample.foo includes old version 1 of com.other.common -->
> <exclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> </exclusion>
> </exclusions>
> </dependency>
> <dependency>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> <version>2</version>
> </dependency>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>bar</artifactId>
> <version>3</version>
> <!-- com.sample.foo includes version 2 of com.other.common -->
> </dependency>
> </dependencies>
> </dependencyManagement>
> This is problematic because descendant poms must manually include the com.other.common dependency when including the com.sample.foo dependency. The word around is creating separate pom projects to manage the dependencies, but this doesn't do a great job of expressing intent, leads to a proliferation of projects, and makes dependency management more difficult since it's scattered over multiple poms.
> Ideally users should be allowed to specify inclusions in the dependency management section of the pom e.g. something like:
> <dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>foo</artifactId>
> <version>1</version>
> <!-- com.sample.foo includes old version 1 of com.other.common -->
> <exclusions>
> <exclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> </exclusion>
> </exclusions>
> <inclusions>
> <inclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> <version>2</version>
> </inclusion>
> </inclusions>
> </dependency>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>bar</artifactId>
> <version>3</version>
> <!-- com.sample.foo includes version 2 of com.other.common -->
> </dependency>
> </dependencies>
> </dependencyManagement>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (MNG-3696) Add explicit transitive dependencies in
dependencyManagement section of pom.xml
Posted by "Brett Porter (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-3696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brett Porter closed MNG-3696.
-----------------------------
Resolution: Won't Fix
unless I misunderstand what you're saying, simply declaring the "inclusion" in dependency management as another dependency and omitting the exclusion will do what you need
> Add explicit transitive dependencies in dependencyManagement section of pom.xml
> -------------------------------------------------------------------------------
>
> Key: MNG-3696
> URL: http://jira.codehaus.org/browse/MNG-3696
> Project: Maven 2
> Issue Type: New Feature
> Components: Dependencies
> Affects Versions: 2.0.9
> Reporter: Joel Turkel
>
> Transitive dependencies cause lots of headaches and require a fair amount of manual intervention to fix conflicts. It is common to see a pom with the following scenario:
> <dependencyManagement>
> <dependencies>
> <!-- Must manually include com.other.common when using com.sample.foo -->
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>foo</artifactId>
> <version>1</version>
> <exclusions>
> <!-- com.sample.foo includes old version 1 of com.other.common -->
> <exclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> </exclusion>
> </exclusions>
> </dependency>
> <dependency>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> <version>2</version>
> </dependency>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>bar</artifactId>
> <version>3</version>
> <!-- com.sample.foo includes version 2 of com.other.common -->
> </dependency>
> </dependencies>
> </dependencyManagement>
> This is problematic because descendant poms must manually include the com.other.common dependency when including the com.sample.foo dependency. The word around is creating separate pom projects to manage the dependencies, but this doesn't do a great job of expressing intent, leads to a proliferation of projects, and makes dependency management more difficult since it's scattered over multiple poms.
> Ideally users should be allowed to specify inclusions in the dependency management section of the pom e.g. something like:
> <dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>foo</artifactId>
> <version>1</version>
> <!-- com.sample.foo includes old version 1 of com.other.common -->
> <exclusions>
> <exclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> </exclusion>
> </exclusions>
> <inclusions>
> <inclusion>
> <groupId>com.other</groupId>
> <artifactId>common</artifactId>
> <version>2</version>
> </inclusion>
> </inclusions>
> </dependency>
> <dependency>
> <groupId>com.sample</groupId>
> <artifactId>bar</artifactId>
> <version>3</version>
> <!-- com.sample.foo includes version 2 of com.other.common -->
> </dependency>
> </dependencies>
> </dependencyManagement>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira