You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Christian Schulte (JIRA)" <ji...@apache.org> on 2017/03/25 22:18:41 UTC

[jira] [Assigned] (MNG-5708) Maven dependency resolution inconsistent with multiple excludes

     [ https://issues.apache.org/jira/browse/MNG-5708?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Christian Schulte reassigned MNG-5708:
--------------------------------------

    Assignee:     (was: Christian Schulte)

> Maven dependency resolution inconsistent with multiple excludes
> ---------------------------------------------------------------
>
>                 Key: MNG-5708
>                 URL: https://issues.apache.org/jira/browse/MNG-5708
>             Project: Maven
>          Issue Type: Bug
>          Components: Dependencies
>    Affects Versions: 3.2.3
>         Environment: Apache Maven 3.2.3 (33f8c3e1027c3ddde99d3cdebad2656a31e8fdf4; 2014-08-11T13:58:10-07:00)
> Maven home: /home/henning/.apache-maven
> Java version: 1.7.0_67, vendor: Oracle Corporation
> Java home: /usr/lib/jvm/java-1.7.0-sun-1.7.0.67/jre
> Default locale: en_US, platform encoding: UTF-8
> OS name: "linux", version: "3.16.6-200.fc20.x86_64", arch: "amd64", family: "unix"
>            Reporter: Henning Schmiedehausen
>             Fix For: needing-scrub-3.4.0-fallout
>
>         Attachments: dependency-bug-2.tar.gz, dependency-bug-3.tar.gz, dependency-bug.tar.gz
>
>
> This is how to reproduce the problem:
> download and unpack the attached tarball. It contains three projects:
> proj1 depends on log4j and commons-lang3
> proj2 is a multi module project which uses proj1. But it uses slf4j, so for proj1 it has an exclusion in the dependency management section which excludes log4j
>   module1 depends on proj1 and log4j-over-slf4j
>   module2 depends on proj1
> proj3 is a project that depends on module1.
> enter each project one-by-one and do "mvn clean install". This works fine. So dependency exclusion etc. works. 
> Now, remove the comments from the exclude block in proj2/module2/pom.xml
> run "mvn clean install" in proj2.  Everything still builds fine in proj2. Same goes for "mvn clean install -pl :module2" (only build module2) and "mvn clean install -rf :module2" (resume from module2)
> now go to proj3. The build fails because there are duplicates on the classpath. Looking at the dependency tree:
> [INFO] group:proj3:jar:1-SNAPSHOT
> [INFO] \- group:module1:jar:1-SNAPSHOT:compile
> [INFO]    +- group:proj1:jar:1-SNAPSHOT:compile
> [INFO]    |  \- log4j:log4j:jar:1.2.7:compile
> [INFO]    \- org.slf4j:log4j-over-slf4j:jar:1.7.7:compile
> [INFO]       \- org.slf4j:slf4j-api:jar:1.7.7:compile
> log4j (which was excluded in the dependencyManagement section) has reappeared!
> This only happens if there are excludes in the depMgt section of a parent pom *and* excludes in the dependency itself in a child project *and* the dependency is referred from outside the multi module project. For an in-tree project (such as module2), everything is fine.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)