You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Cintia DR (JIRA)" <ji...@codehaus.org> on 2014/04/20 15:59:10 UTC

[jira] (MNG-5622) Provided dependencies updated to 'compile' even when

Cintia DR created MNG-5622:
------------------------------

             Summary: Provided dependencies updated to 'compile' even when 
                 Key: MNG-5622
                 URL: https://jira.codehaus.org/browse/MNG-5622
             Project: Maven 2 & 3
          Issue Type: Bug
          Components: Dependencies
    Affects Versions: 3.2.1, 3.0.5
            Reporter: Cintia DR
         Attachments: dependencies-maven.tar.gz

I have a project A with the following dependency:

{code}
 <dependency>
        <groupId>dom4j</groupId>
        <artifactId>dom4j</artifactId>
        <version>1.6.1</version>
    </dependency>
{code}
_dom4j_ has a compile dependency _xml-api_. 

In the project B, I use project A as a provided dependency. And it has another dependency:
{code}
<!-- dom4j is a dependency of poi-ooxml -->
      <dependency>
        <groupId>org.apache.poi</groupId>
        <artifactId>poi-ooxml</artifactId>
        <version>3.9</version>
        <exclusions>
          <exclusion>
            <groupId>xml-apis</groupId>
            <artifactId>xml-apis</artifactId>
          </exclusion>
        </exclusions> 
      </dependency>
{code}

So, what happens is maven 3.2.1 adds xml-api as a compile dependency regardless if you exclude it from poi-ooxml. 

As far as I understood, maven is getting project A dependencies, and finds a _dom4j_. It was initially supposed to be [provided|http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Scope], but the compile dependency _poi-ooxml_ has _dom4j_ as a transitive compile dependency - so maven correctly updates _dom4j_ scope to compile.
The problem is, because it's adding _dom4j_ to compile scope, it decides to upgrade _xml-api_ to a compile dependency, *even if we excluded it* in the first place. 

The obvious workaround is to exclude _dom4j_ from _poi-ooxml_.  

I'm not sure if this is the expected behaviour, or just a corner case. I couldn't find any valid documentation about that case. 
This is a possible duplicate of MNG-5404, but it looks slightly different. I wonder if they have the same root cause. 

To run the test attached, "mvn package dependency:tree" will do it. dependency:2.8:tree is showing the same resolution tree as maven itself. 



--
This message was sent by Atlassian JIRA
(v6.1.6#6162)