You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Maarten Billemont (JIRA)" <ji...@codehaus.org> on 2010/01/01 20:58:55 UTC
[jira] Created: (MNG-4513) Add "additions"/"depedencies" to
"dependency" element in "dependencyManagement".
Add "additions"/"depedencies" to "dependency" element in "dependencyManagement".
--------------------------------------------------------------------------------
Key: MNG-4513
URL: http://jira.codehaus.org/browse/MNG-4513
Project: Maven 2 & 3
Issue Type: New Feature
Components: Dependencies
Affects Versions: 2.2.1
Reporter: Maarten Billemont
Quite often we need ugly hacks in our poms because of broken dependencies in artifacts we depend on.
For example, org.apache.ws.security:wss4j depends on xalan:xalan, but that dependency is outdated or badly maintained (not sure now, but irrelevant); so we need to exclude it and replace it with org.apache.xalan:xalan. Only; we can't do this from our dependencyManagement section for all our project modules, no, we can exclude xalan:xalan, but for EACH module that uses wss4j, we need to MANUALLY specify the dependency on org.apache.xalan:xalan; even though this SHOULD be a transitional dependency from wss4j. This is dirty and causes unacceptable bugs and maintenance when artifact dependencies change or artifacts are distributed to third parties.
To fix this, we need to either host our own fixed version of wss4j, or Maven would have to introduce a method of doing BOTH the exclusion of xalan:xalan AND the addition of org.apache.xalan:xalan to the wss4j artifact from the dependencyManagement section. Personally; I'm not sure it makes much sense supporting only one of the two.
In this example, I'd like to see the following in my project's parent pom:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>${wss4j.version}</version>
<exclusions>
<!-- We use org.apache.* instead -->
<exclusion>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
</exclusion>
<exclusion>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
</exclusion>
<exclusion>
<groupId>xml-security</groupId>
<artifactId>xmlsec</artifactId>
</exclusion>
<exclusion>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</exclusion>
</exclusions>
<dependencies>
<dependency>
<groupId>org.apache.xalan</groupId>
<artifactId>xalan</artifactId>
<version>${xalan.version}</version>
</dependency>
<dependency>
<groupId>org.apache.xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>${xercesImpl.version}</version>
</dependency>
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
<version>${xmlsec.version}</version>
</dependency>
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
<version>${xmlsec.version}</version>
</dependency>
</dependencies>
</dependency>
</dependencies>
</dependencyManagement>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-4513) Add "additions"/"depedencies" to "dependency"
element in "dependencyManagement".
Posted by "Karl Isenberg (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-4513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=302949#comment-302949 ]
Karl Isenberg commented on MNG-4513:
------------------------------------
Could call them "inclusions". I often want to do this when using Spring Enterprise Bundle Repository replacements with different artifactIds.
> Add "additions"/"depedencies" to "dependency" element in "dependencyManagement".
> --------------------------------------------------------------------------------
>
> Key: MNG-4513
> URL: https://jira.codehaus.org/browse/MNG-4513
> Project: Maven 2 & 3
> Issue Type: New Feature
> Components: Dependencies
> Affects Versions: 2.2.1
> Reporter: Maarten Billemont
> Fix For: Issues to be reviewed for 3.x
>
>
> Quite often we need ugly hacks in our poms because of broken dependencies in artifacts we depend on.
> For example, org.apache.ws.security:wss4j depends on xalan:xalan, but that dependency is outdated or badly maintained (not sure now, but irrelevant); so we need to exclude it and replace it with org.apache.xalan:xalan. Only; we can't do this from our dependencyManagement section for all our project modules, no, we can exclude xalan:xalan, but for EACH module that uses wss4j, we need to MANUALLY specify the dependency on org.apache.xalan:xalan; even though this SHOULD be a transitional dependency from wss4j. This is dirty and causes unacceptable bugs and maintenance when artifact dependencies change or artifacts are distributed to third parties.
> To fix this, we need to either host our own fixed version of wss4j, or Maven would have to introduce a method of doing BOTH the exclusion of xalan:xalan AND the addition of org.apache.xalan:xalan to the wss4j artifact from the dependencyManagement section. Personally; I'm not sure it makes much sense supporting only one of the two.
> In this example, I'd like to see the following in my project's parent pom:
> <dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>org.apache.ws.security</groupId>
> <artifactId>wss4j</artifactId>
> <version>${wss4j.version}</version>
> <exclusions>
> <!-- We use org.apache.* instead -->
> <exclusion>
> <groupId>xalan</groupId>
> <artifactId>xalan</artifactId>
> </exclusion>
> <exclusion>
> <groupId>xerces</groupId>
> <artifactId>xercesImpl</artifactId>
> </exclusion>
> <exclusion>
> <groupId>xml-security</groupId>
> <artifactId>xmlsec</artifactId>
> </exclusion>
> <exclusion>
> <groupId>xml-apis</groupId>
> <artifactId>xml-apis</artifactId>
> </exclusion>
> </exclusions>
> <dependencies>
> <dependency>
> <groupId>org.apache.xalan</groupId>
> <artifactId>xalan</artifactId>
> <version>${xalan.version}</version>
> </dependency>
> <dependency>
> <groupId>org.apache.xerces</groupId>
> <artifactId>xercesImpl</artifactId>
> <version>${xercesImpl.version}</version>
> </dependency>
> <dependency>
> <groupId>org.apache.santuario</groupId>
> <artifactId>xmlsec</artifactId>
> <version>${xmlsec.version}</version>
> </dependency>
> <dependency>
> <groupId>org.apache.santuario</groupId>
> <artifactId>xmlsec</artifactId>
> <version>${xmlsec.version}</version>
> </dependency>
> </dependencies>
> </dependency>
> </dependencies>
> </dependencyManagement>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira