You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Cintia DR (JIRA)" <ji...@codehaus.org> on 2014/04/20 15:59:10 UTC
[jira] (MNG-5622) Provided dependencies updated to 'compile' even
when
Cintia DR created MNG-5622:
------------------------------
Summary: Provided dependencies updated to 'compile' even when
Key: MNG-5622
URL: https://jira.codehaus.org/browse/MNG-5622
Project: Maven 2 & 3
Issue Type: Bug
Components: Dependencies
Affects Versions: 3.2.1, 3.0.5
Reporter: Cintia DR
Attachments: dependencies-maven.tar.gz
I have a project A with the following dependency:
{code}
<dependency>
<groupId>dom4j</groupId>
<artifactId>dom4j</artifactId>
<version>1.6.1</version>
</dependency>
{code}
_dom4j_ has a compile dependency _xml-api_.
In the project B, I use project A as a provided dependency. And it has another dependency:
{code}
<!-- dom4j is a dependency of poi-ooxml -->
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi-ooxml</artifactId>
<version>3.9</version>
<exclusions>
<exclusion>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</exclusion>
</exclusions>
</dependency>
{code}
So, what happens is maven 3.2.1 adds xml-api as a compile dependency regardless if you exclude it from poi-ooxml.
As far as I understood, maven is getting project A dependencies, and finds a _dom4j_. It was initially supposed to be [provided|http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Scope], but the compile dependency _poi-ooxml_ has _dom4j_ as a transitive compile dependency - so maven correctly updates _dom4j_ scope to compile.
The problem is, because it's adding _dom4j_ to compile scope, it decides to upgrade _xml-api_ to a compile dependency, *even if we excluded it* in the first place.
The obvious workaround is to exclude _dom4j_ from _poi-ooxml_.
I'm not sure if this is the expected behaviour, or just a corner case. I couldn't find any valid documentation about that case.
This is a possible duplicate of MNG-5404, but it looks slightly different. I wonder if they have the same root cause.
To run the test attached, "mvn package dependency:tree" will do it. dependency:2.8:tree is showing the same resolution tree as maven itself.
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)