You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Cole Mickens (JIRA)" <ji...@codehaus.org> on 2010/06/01 15:31:12 UTC
[jira] Commented: (MDEP-267) AnalyzeDepMgt Check if DepMgt
overrides a (parent's) Transitive Dependency
[ http://jira.codehaus.org/browse/MDEP-267?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223323#action_223323 ]
Cole Mickens commented on MDEP-267:
-----------------------------------
Another thing that seems strange to me... If you remove 'filters.add( StateDependencyNodeFilter.INCLUDED );' from createDependencyNodeFilter() in TreeMojo.java, the 'dependency:tree' goal yields:
[INFO] testGroup:testArtifactChild:jar:0.0.1-SNAPSHOT
[INFO] +- commons-beanutils:commons-beanutils:jar:1.8.3:compile
[INFO] | \- (commons-logging:commons-logging:jar:1.0.4:compile - version managed from 1.1.1; omitted for duplicate)
[INFO] +- commons-logging:commons-logging:jar:1.0.4:compile
[INFO] \- junit:junit:jar:4.8.1:test
Is there a reason that it only gives "version managed from 1.1.1" on the nested transitive dependency?
> AnalyzeDepMgt Check if DepMgt overrides a (parent's) Transitive Dependency
> --------------------------------------------------------------------------
>
> Key: MDEP-267
> URL: http://jira.codehaus.org/browse/MDEP-267
> Project: Maven 2.x Dependency Plugin
> Issue Type: Improvement
> Affects Versions: 2.1
> Reporter: Cole Mickens
> Assignee: Brian Fox
> Attachments: test-case.zip
>
>
> Unzip the test-case.
> In testArtifactParent, run `mvn -DskipTests=true install`.
> In testArtifactChild, run `mvn -DskipTests=true dependency:tree`.
> When it lists the tree, it prints:
> [INFO] testGroup:testArtifactChild:jar:0.0.1-SNAPSHOT
> [INFO] +- commons-beanutils:commons-beanutils:jar:1.8.3:compile
> [INFO] +- commons-logging:commons-logging:jar:1.0.4:compile
> [INFO] \- junit:junit:jar:4.8.1:test
> If you remove 'commons-logging:commons-logging:jar' from the <dependency> section of the child pom, you get:
> [INFO] +- commons-beanutils:commons-beanutils:jar:1.8.3:compile
> [INFO] | \- commons-logging:commons-logging:jar:1.0.4:compile (version managed from 1.1.1)
> [INFO] \- junit:junit:jar:4.8.1:test
> As you can see, the warning "version managed from x.x.x" is only printed out when the child doesn't declare a dependency on that package. (Possibly due to how DependencyNode render's itself based on whether or not it is a duplicate).
> I'm trying to write a new mojo for the Dependency plugin but I'm having trouble getting a list of ALL project dependencies. Clearly the Dependency plugin has access to this because (at least in one case) it is aware that a dependency was overriden by the <dependencyManagement> section.
> I think that the AnalyzeDepMgt mojo should probably be updated to include a warning if a managed dependency is overriding a transitive dependency. Ironically it was originally meant to do more or less the opposite. That maybe confusing and I already have a skeleton for a new mojo to add, but like I said, I'm having difficulties getting that "full list of dependencies".
> Hopefully this gives some more context. I'm going to pour through the DependencyNode stuff, try to figure out where that "version managed from" logic comes from and then implement/call that in the new AnalyzeDepMgtOverrides mojo I'm working on. Any input on how this list might be easily discovered would be appreciated!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira