You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Christian Schulte (JIRA)" <ji...@apache.org> on 2016/12/29 19:06:58 UTC

[jira] [Updated] (MNG-6141) Dependency management overrides are not transitive and should be considered an anti-pattern.

     [ https://issues.apache.org/jira/browse/MNG-6141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Christian Schulte updated MNG-6141:
-----------------------------------
    Attachment: MNG-6141.zip

Example project demonstrating the issue. Unpack and execute {{mvn package dependency:tree -X}}. The parent is managing the {{org.apache.maven:maven-plugin-api}} dependency to version {{2.0}}. The {{module-1}} overrides that to version {{3.0}}. {{module-2}} depends on {{module-1}} and there the version of the transitive {{org.apache.maven:maven-plugin-api}} is managed to {{2.0}} (expected behaviour) although {{module-1}} is overriding it to {{3.0}} (should not be supported).

{code:title=module-1 CollectResult}
[DEBUG] localhost:module-1:jar:1.0-SNAPSHOT
[DEBUG]    org.apache.maven:maven-plugin-api:jar:3.0:compile
[DEBUG]       org.apache.maven:maven-model:jar:3.0:compile
[DEBUG]          org.codehaus.plexus:plexus-utils:jar:2.0.4:compile
[DEBUG]       org.apache.maven:maven-artifact:jar:3.0:compile
[DEBUG]       org.sonatype.sisu:sisu-inject-plexus:jar:1.4.2:compile
[DEBUG]          org.codehaus.plexus:plexus-component-annotations:jar:1.5.4:compile
[DEBUG]          org.codehaus.plexus:plexus-classworlds:jar:2.2.3:compile
[DEBUG]          org.sonatype.sisu:sisu-inject-bean:jar:1.4.2:compile
[DEBUG]             org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7:compile
[INFO]
{code}

{code:title=module-2 CollectResult}
[DEBUG] localhost:module-2:jar:1.0-SNAPSHOT
[DEBUG]    localhost:module-1:jar:1.0-SNAPSHOT:compile
[DEBUG]       org.apache.maven:maven-plugin-api:jar:2.0:compile (version managed from 3.0 by localhost:parent:1.0-SNAPSHOT)
{code}


> Dependency management overrides are not transitive and should be considered an anti-pattern.
> --------------------------------------------------------------------------------------------
>
>                 Key: MNG-6141
>                 URL: https://issues.apache.org/jira/browse/MNG-6141
>             Project: Maven
>          Issue Type: Bug
>            Reporter: Christian Schulte
>            Assignee: Christian Schulte
>            Priority: Critical
>         Attachments: MNG-6141.zip
>
>
> Overriding the dependency management in a module, the overridden value will not be preserved transitively. It makes no sense to be able to override the dependency management in a module if that is only effective in that module and nowhere else. Overriding the dependency management should be considered an anti-pattern. Maven should provide a warning when it is used. During the development of Maven 3.4, there have been quite a few discussions on dev@ about build issues which were all caused by overriding the dependency management without noticing this is not supported transitively.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)