You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Karl Isenberg (JIRA)" <ji...@codehaus.org> on 2012/07/06 23:55:21 UTC
[jira] (MNG-4513) Add "additions"/"depedencies" to "dependency"
element in "dependencyManagement".
[ https://jira.codehaus.org/browse/MNG-4513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=302949#comment-302949 ]
Karl Isenberg commented on MNG-4513:
------------------------------------
Could call them "inclusions". I often want to do this when using Spring Enterprise Bundle Repository replacements with different artifactIds.
> Add "additions"/"depedencies" to "dependency" element in "dependencyManagement".
> --------------------------------------------------------------------------------
>
> Key: MNG-4513
> URL: https://jira.codehaus.org/browse/MNG-4513
> Project: Maven 2 & 3
> Issue Type: New Feature
> Components: Dependencies
> Affects Versions: 2.2.1
> Reporter: Maarten Billemont
> Fix For: Issues to be reviewed for 3.x
>
>
> Quite often we need ugly hacks in our poms because of broken dependencies in artifacts we depend on.
> For example, org.apache.ws.security:wss4j depends on xalan:xalan, but that dependency is outdated or badly maintained (not sure now, but irrelevant); so we need to exclude it and replace it with org.apache.xalan:xalan. Only; we can't do this from our dependencyManagement section for all our project modules, no, we can exclude xalan:xalan, but for EACH module that uses wss4j, we need to MANUALLY specify the dependency on org.apache.xalan:xalan; even though this SHOULD be a transitional dependency from wss4j. This is dirty and causes unacceptable bugs and maintenance when artifact dependencies change or artifacts are distributed to third parties.
> To fix this, we need to either host our own fixed version of wss4j, or Maven would have to introduce a method of doing BOTH the exclusion of xalan:xalan AND the addition of org.apache.xalan:xalan to the wss4j artifact from the dependencyManagement section. Personally; I'm not sure it makes much sense supporting only one of the two.
> In this example, I'd like to see the following in my project's parent pom:
> <dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>org.apache.ws.security</groupId>
> <artifactId>wss4j</artifactId>
> <version>${wss4j.version}</version>
> <exclusions>
> <!-- We use org.apache.* instead -->
> <exclusion>
> <groupId>xalan</groupId>
> <artifactId>xalan</artifactId>
> </exclusion>
> <exclusion>
> <groupId>xerces</groupId>
> <artifactId>xercesImpl</artifactId>
> </exclusion>
> <exclusion>
> <groupId>xml-security</groupId>
> <artifactId>xmlsec</artifactId>
> </exclusion>
> <exclusion>
> <groupId>xml-apis</groupId>
> <artifactId>xml-apis</artifactId>
> </exclusion>
> </exclusions>
> <dependencies>
> <dependency>
> <groupId>org.apache.xalan</groupId>
> <artifactId>xalan</artifactId>
> <version>${xalan.version}</version>
> </dependency>
> <dependency>
> <groupId>org.apache.xerces</groupId>
> <artifactId>xercesImpl</artifactId>
> <version>${xercesImpl.version}</version>
> </dependency>
> <dependency>
> <groupId>org.apache.santuario</groupId>
> <artifactId>xmlsec</artifactId>
> <version>${xmlsec.version}</version>
> </dependency>
> <dependency>
> <groupId>org.apache.santuario</groupId>
> <artifactId>xmlsec</artifactId>
> <version>${xmlsec.version}</version>
> </dependency>
> </dependencies>
> </dependency>
> </dependencies>
> </dependencyManagement>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira