You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Guillaume Nodet (Jira)" <ji...@apache.org> on 2022/01/18 12:13:00 UTC
[jira] [Comment Edited] (MNG-7003) Inconsistent dependency tree
[ https://issues.apache.org/jira/browse/MNG-7003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17477798#comment-17477798 ]
Guillaume Nodet edited comment on MNG-7003 at 1/18/22, 12:12 PM:
-----------------------------------------------------------------
The problem is located in {{DefaultDependencyCollector#processDependency}} method iiuc.
The call to {{getArtifactDescriptorResult}} returns correctly the managed dependencies in the {{ArtifactDescriptorResult#managedDependencies}}, but those are not used, see https://github.com/apache/maven-resolver/blob/d87fda700544abffa75655fa9af8738e92c3cea2/maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/collect/DefaultDependencyCollector.java#L416-L464
was (Author: gnt):
The problem is located in {{DefaultDependencyCollector#processDependency}} method iiuc.
The call to {{getArtifactDescriptorResult}} returns correctly the managed dependencies, but those are not used, see https://github.com/apache/maven-resolver/blob/d87fda700544abffa75655fa9af8738e92c3cea2/maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/collect/DefaultDependencyCollector.java#L416-L464
> Inconsistent dependency tree
> ----------------------------
>
> Key: MNG-7003
> URL: https://issues.apache.org/jira/browse/MNG-7003
> Project: Maven
> Issue Type: Bug
> Components: Dependencies
> Affects Versions: 3.6.3, 3.8.4
> Reporter: Arkadiusz Firus
> Priority: Major
> Attachments: maven_dependency_problem.tar.gz
>
>
> I have found maven building different dependency tree during module built process and when a module is build as a dependency.
> The problematic case:
> pom ---> dependencyManagement (org.slf4j:slf4j-api:1.7.30)
> |-- pom --> dependency (org.apache.logging.log4j:log4j-slf4j18-impl:2.13.3) --> dependency (org.slf4j:slf4j-api:1.8.0-beta4)
>
> When the project is built the dependency tree is OK. The version of transient dependency to slf4j-api is overridden by the dependency management mechanism.
> {{[INFO] arcomp.maven_example:module:jar:1}}
> {{[INFO] - org.apache.logging.log4j:log4j-slf4j18-impl:jar:2.13.3:compile}}
> {{[INFO] +- org.slf4j:slf4j-api:jar:*1.7.30*:compile}}
> {{[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile}}
> {{[INFO] - org.apache.logging.log4j:log4j-core:jar:2.13.3:runtime}}
>
> On the other hand when the module is being used as a dependency the version of transient dependency is not overridden.
> {{[INFO] arcomp.maven_example:usage:jar:1}}
> {{[INFO] - arcomp.maven_example:module:jar:1:compile}}
> {{[INFO] - org.apache.logging.log4j:log4j-slf4j18-impl:jar:2.13.3:compile}}
> {{[INFO] +- org.slf4j:slf4j-api:jar:*1.8.0-beta4*:compile}}
> {{[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile}}
> {{[INFO] - org.apache.logging.log4j:log4j-core:jar:2.13.3:runtime}}
>
> Such behaviour may lead to a problem when jar is used with different dependency than it was compiled and tested with.
> I have attached three maven projects packed into archive. Two are in parent-child relationship where the dependency management mechanism is used described above. The third is a usage example.
> I am new here, so please verify if I set the component (and other fields) correctly.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)