You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Christian Schulte (JIRA)" <ji...@apache.org> on 2016/12/29 19:06:58 UTC
[jira] [Updated] (MNG-6141) Dependency management overrides are not
transitive and should be considered an anti-pattern.
[ https://issues.apache.org/jira/browse/MNG-6141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christian Schulte updated MNG-6141:
-----------------------------------
Attachment: MNG-6141.zip
Example project demonstrating the issue. Unpack and execute {{mvn package dependency:tree -X}}. The parent is managing the {{org.apache.maven:maven-plugin-api}} dependency to version {{2.0}}. The {{module-1}} overrides that to version {{3.0}}. {{module-2}} depends on {{module-1}} and there the version of the transitive {{org.apache.maven:maven-plugin-api}} is managed to {{2.0}} (expected behaviour) although {{module-1}} is overriding it to {{3.0}} (should not be supported).
{code:title=module-1 CollectResult}
[DEBUG] localhost:module-1:jar:1.0-SNAPSHOT
[DEBUG] org.apache.maven:maven-plugin-api:jar:3.0:compile
[DEBUG] org.apache.maven:maven-model:jar:3.0:compile
[DEBUG] org.codehaus.plexus:plexus-utils:jar:2.0.4:compile
[DEBUG] org.apache.maven:maven-artifact:jar:3.0:compile
[DEBUG] org.sonatype.sisu:sisu-inject-plexus:jar:1.4.2:compile
[DEBUG] org.codehaus.plexus:plexus-component-annotations:jar:1.5.4:compile
[DEBUG] org.codehaus.plexus:plexus-classworlds:jar:2.2.3:compile
[DEBUG] org.sonatype.sisu:sisu-inject-bean:jar:1.4.2:compile
[DEBUG] org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7:compile
[INFO]
{code}
{code:title=module-2 CollectResult}
[DEBUG] localhost:module-2:jar:1.0-SNAPSHOT
[DEBUG] localhost:module-1:jar:1.0-SNAPSHOT:compile
[DEBUG] org.apache.maven:maven-plugin-api:jar:2.0:compile (version managed from 3.0 by localhost:parent:1.0-SNAPSHOT)
{code}
> Dependency management overrides are not transitive and should be considered an anti-pattern.
> --------------------------------------------------------------------------------------------
>
> Key: MNG-6141
> URL: https://issues.apache.org/jira/browse/MNG-6141
> Project: Maven
> Issue Type: Bug
> Reporter: Christian Schulte
> Assignee: Christian Schulte
> Priority: Critical
> Attachments: MNG-6141.zip
>
>
> Overriding the dependency management in a module, the overridden value will not be preserved transitively. It makes no sense to be able to override the dependency management in a module if that is only effective in that module and nowhere else. Overriding the dependency management should be considered an anti-pattern. Maven should provide a warning when it is used. During the development of Maven 3.4, there have been quite a few discussions on dev@ about build issues which were all caused by overriding the dependency management without noticing this is not supported transitively.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)