You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Jason Tesser <ja...@gmail.com> on 2013/11/14 14:14:33 UTC
Dependency exclusions being ignored
I have the following POM http://pastebin.com/P4TvzqJn but my exclusion for
<artifactId>abdera-client</artifactId> are not being respected. Actually
only 2 of them are not
the 2 not working are maven-plugins and maven-plugins
they are coming down anyways
see http://pastebin.com/c59HM8Bj
what am I missing
I have altered the POM but I cleared my local cache and refreshed
dependencies
Re: Dependency exclusions being ignored
Posted by Andy Glick <an...@gmail.com>.
Jason,
I believe that your 2nd pastebin output reflects a bug in the gradle
mechanism for determining dependencies.
The problem that you have referred to is that you have marked 2 maven
plugins to be excluded from the transitive dependencies of
abdera-client, because you are seeing the plugins referenced as if they
were members of its transitive dependency set. If you look at the gradle
tree listing carefully you will see that the gradle has assigned jaxen
the version range of jaxen:jaxen:1.1-beta-9 -> 1.1.3, and the plugins
are listed as dependencies of jaxen.
When I forget about gradle and use the maven-dependency-plugin:2.8 and
execute "mvn dependency:tree" with a pom that I simplified to just the
issue that you have reported and which you can find below, I don't see
the plugins listed as dependencies of jaxen so they do not appear. And I
see that the dependency plugin has chosen jaxen 1.1.1 rather than a
version range. The pom of jaxen 1.1.1 doesn't list any plugins as its
dependents, though I did find at least 1 reference to one of the plugins
as a dependency of jaxen's in the pom for 1.1.3. My sense is that you
are seeing 1 or more gradle bugs at work here.
The pom dependencies look like the following when I trace them:
abdera-client has a dependency on abdera-parser
abdera-parser has a parent pom abdera in which the dependency-management
section chooses jaxen 1.1.1, not a range
abdera-parser has a dependency on jaxen which is referenced without a
version, so the parent (abdera pom) version of 1.1.1 ought to be in force
jaxen 1.1.1 pom has no transitive dependencies on any plugins. It does
declare/use plugins within <build><plugins> but that doesn't count.
I did include the the 4 non-plugin dependencies of abdera-client in the
exclusions list, and all of them have been excluded.
The results of the dependency:tree run appear 1st followed by the pom
that I used. Please notice that I commented out the exclusions for the
plugins and they are still not being listed.
As you can see from the dependency tree's graph below, the gradle report
is simply in error.
Hope that this helps.
C:\java\simple-jpa\jpa-story-parent>mvn dependency:tree -f ppom.xml
[INFO] Scanning for projects...
[INFO]
[INFO]
------------------------------------------------------------------------
[INFO] Building dotcms 2.5.1
[INFO]
------------------------------------------------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ dotcms ---
[INFO] com.dotcms:dotcms:jar:2.5.1
[INFO] \- org.apache.abdera:abdera-client:jar:0.4.0-incubating:compile
[INFO] +- org.apache.abdera:abdera-core:jar:0.4.0-incubating:compile
[INFO] | +- org.apache.abdera:abdera-i18n:jar:0.4.0-incubating:compile
[INFO] | \- commons-codec:commons-codec:jar:1.3:compile
[INFO] +- org.apache.abdera:abdera-parser:jar:0.4.0-incubating:compile
[INFO] | +- org.codehaus.woodstox:wstx-asl:jar:3.2.1:runtime
[INFO] | +- jaxen:jaxen:jar:1.1.1:compile
[INFO] | | +- xml-apis:xml-apis:jar:1.3.02:compile
[INFO] | | \- xerces:xercesImpl:jar:2.6.2:compile
[INFO] | \- commons-logging:commons-logging:jar:1.0.4:compile
[INFO] \- commons-httpclient:commons-httpclient:jar:3.1-rc1:compile
[INFO]
------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO]
------------------------------------------------------------------------
[INFO] Total time: 2.119s
[INFO] Finished at: Sat Nov 16 12:25:04 EST 2013
[INFO] Final Memory: 10M/121M
[INFO]
------------------------------------------------------------------------
the pom that I used:
<?xml version="1.0" encoding="UTF-8"?>
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd"
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<modelVersion>4.0.0</modelVersion>
<groupId>com.dotcms</groupId>
<artifactId>dotcms</artifactId>
<name>dotcms</name>
<version>2.5.1</version>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.8</version>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.apache.abdera</groupId>
<artifactId>abdera-client</artifactId>
<version>0.4.0-incubating</version>
<exclusions>
<exclusion>
<groupId>org.apache.geronimo.specs</groupId>
<artifactId>geronimo-activation_1.0.2_spec</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.geronimo.specs</groupId>
<artifactId>geronimo-activation_1.1_spec</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.geronimo.specs</groupId>
<artifactId>geronimo-stax-api_1.0_spec</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.ws.commons.axiom</groupId>
<artifactId>axiom-impl</artifactId>
</exclusion>
<!--<exclusion>-->
<!--<groupId>maven-plugins</groupId>-->
<!--<artifactId>maven-cobertura-plugin</artifactId>-->
<!--</exclusion>-->
<!--<exclusion>-->
<!--<groupId>maven-plugins</groupId>-->
<!--<artifactId>maven-findbugs-plugin</artifactId>-->
<!--</exclusion>-->
</exclusions>
</dependency>
</dependencies>
</project>
On 11/14/2013 8:14 AM, Jason Tesser wrote:
> I have the following POM http://pastebin.com/P4TvzqJn but my exclusion for
> <artifactId>abdera-client</artifactId> are not being respected. Actually
> only 2 of them are not
> the 2 not working are maven-plugins and maven-plugins
> they are coming down anyways
> see http://pastebin.com/c59HM8Bj
> what am I missing
> I have altered the POM but I cleared my local cache and refreshed
> dependencies
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Dependency exclusions being ignored
Posted by Jörg Schaible <Jo...@scalaris.com>.
Stuart McCulloch wrote:
> Try adding:
>
> <type>plugin</type>
>
> to those 2 dependency exclusions.
Nice try. Violates schema.
>
> ( the jaxen pom:
>
http://search.maven.org/remotecontent?filepath=jaxen/jaxen/1.1.3/jaxen-1.1.3.pom
> declares those dependencies to be of type "plugin" )
>
> On 14 Nov 2013, at 13:14, Jason Tesser wrote:
>
>> I have the following POM http://pastebin.com/P4TvzqJn but my exclusion
>> for
>> <artifactId>abdera-client</artifactId> are not being respected. Actually
>> only 2 of them are not
>> the 2 not working are maven-plugins and maven-plugins
>> they are coming down anyways
>> see http://pastebin.com/c59HM8Bj
>> what am I missing
>> I have altered the POM but I cleared my local cache and refreshed
>> dependencies
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Dependency exclusions being ignored
Posted by Stuart McCulloch <mc...@gmail.com>.
BTW, I ran your pom.xml through:
mvn dependency:tree
using Maven3 and the exclusions for those 2 maven-plugins were respected, which suggests your exclusion issue might also be specific to Gradle.
On 14 Nov 2013, at 14:53, Stuart McCulloch wrote:
> You mean the "POM relocation to an other version number is not fully supported in Gradle" message?
>
> If you look at the pom it has a relocation element (bit like a symbolic link):
>
> http://search.maven.org/remotecontent?filepath=xml-apis/xml-apis/2.0.2/xml-apis-2.0.2.pom
>
> http://maven.apache.org/guides/mini/guide-relocation.html#How_to_relocate_a_Maven_2_artifact_to_a_different_groupId
>
> you'd have to ask the Gradle team why they don't fully support this.
>
> As a workaround you could force the version to 1.0.b2 in your dependencyManagement section:
>
> <dependency>
> <groupId>xml-apis</groupId>
> <artifactId>xml-apis</artifactId>
> <version>1.0.b2</version>
> </dependency>
>
> http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Management (see part about managing versions of transitive dependencies)
>
> On 14 Nov 2013, at 14:32, Jason Tesser wrote:
>
>> you are referring to the maven-plugins I think
>>
>> But what about the xml-api thing?
>>
>> On Thu, Nov 14, 2013 at 9:29 AM, Stuart McCulloch <mc...@gmail.com> wrote:
>>
>>> Try adding:
>>>
>>> <type>plugin</type>
>>>
>>> to those 2 dependency exclusions.
>>>
>>> ( the jaxen pom:
>>> http://search.maven.org/remotecontent?filepath=jaxen/jaxen/1.1.3/jaxen-1.1.3.pomdeclares those dependencies to be of type "plugin" )
>>>
>>> On 14 Nov 2013, at 13:14, Jason Tesser wrote:
>>>
>>>> I have the following POM http://pastebin.com/P4TvzqJn but my exclusion
>>> for
>>>> <artifactId>abdera-client</artifactId> are not being respected. Actually
>>>> only 2 of them are not
>>>> the 2 not working are maven-plugins and maven-plugins
>>>> they are coming down anyways
>>>> see http://pastebin.com/c59HM8Bj
>>>> what am I missing
>>>> I have altered the POM but I cleared my local cache and refreshed
>>>> dependencies
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
>>> For additional commands, e-mail: users-help@maven.apache.org
>>>
>>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Dependency exclusions being ignored
Posted by Stuart McCulloch <mc...@gmail.com>.
You mean the "POM relocation to an other version number is not fully supported in Gradle" message?
If you look at the pom it has a relocation element (bit like a symbolic link):
http://search.maven.org/remotecontent?filepath=xml-apis/xml-apis/2.0.2/xml-apis-2.0.2.pom
http://maven.apache.org/guides/mini/guide-relocation.html#How_to_relocate_a_Maven_2_artifact_to_a_different_groupId
you'd have to ask the Gradle team why they don't fully support this.
As a workaround you could force the version to 1.0.b2 in your dependencyManagement section:
<dependency>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
<version>1.0.b2</version>
</dependency>
http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Management (see part about managing versions of transitive dependencies)
On 14 Nov 2013, at 14:32, Jason Tesser wrote:
> you are referring to the maven-plugins I think
>
> But what about the xml-api thing?
>
> On Thu, Nov 14, 2013 at 9:29 AM, Stuart McCulloch <mc...@gmail.com> wrote:
>
>> Try adding:
>>
>> <type>plugin</type>
>>
>> to those 2 dependency exclusions.
>>
>> ( the jaxen pom:
>> http://search.maven.org/remotecontent?filepath=jaxen/jaxen/1.1.3/jaxen-1.1.3.pomdeclares those dependencies to be of type "plugin" )
>>
>> On 14 Nov 2013, at 13:14, Jason Tesser wrote:
>>
>>> I have the following POM http://pastebin.com/P4TvzqJn but my exclusion
>> for
>>> <artifactId>abdera-client</artifactId> are not being respected. Actually
>>> only 2 of them are not
>>> the 2 not working are maven-plugins and maven-plugins
>>> they are coming down anyways
>>> see http://pastebin.com/c59HM8Bj
>>> what am I missing
>>> I have altered the POM but I cleared my local cache and refreshed
>>> dependencies
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
>> For additional commands, e-mail: users-help@maven.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Dependency exclusions being ignored
Posted by Stuart McCulloch <mc...@gmail.com>.
Doh, sorry - worth a try :)
You could try forcing jaxen to 1.1.4 (using dependencyManagement) as that version doesn't have those odd plugin dependencies
On 14 Nov 2013, at 14:36, Jason Tesser wrote:
> Also that doesn't work. Invalid POM
>
> cannot say
> <exclusion>
> <groupId>maven-plugins</groupId>
> <artifactId>maven-cobertura-plugin</artifactId>
> <type>plugin</type>
> </exclusion>
>
>
> On Thu, Nov 14, 2013 at 9:32 AM, Jason Tesser <ja...@gmail.com> wrote:
>
>> you are referring to the maven-plugins I think
>>
>> But what about the xml-api thing?
>>
>>
>> On Thu, Nov 14, 2013 at 9:29 AM, Stuart McCulloch <mc...@gmail.com>wrote:
>>
>>> Try adding:
>>>
>>> <type>plugin</type>
>>>
>>> to those 2 dependency exclusions.
>>>
>>> ( the jaxen pom:
>>> http://search.maven.org/remotecontent?filepath=jaxen/jaxen/1.1.3/jaxen-1.1.3.pomdeclares those dependencies to be of type "plugin" )
>>>
>>> On 14 Nov 2013, at 13:14, Jason Tesser wrote:
>>>
>>>> I have the following POM http://pastebin.com/P4TvzqJn but my exclusion
>>> for
>>>> <artifactId>abdera-client</artifactId> are not being respected.
>>> Actually
>>>> only 2 of them are not
>>>> the 2 not working are maven-plugins and maven-plugins
>>>> they are coming down anyways
>>>> see http://pastebin.com/c59HM8Bj
>>>> what am I missing
>>>> I have altered the POM but I cleared my local cache and refreshed
>>>> dependencies
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
>>> For additional commands, e-mail: users-help@maven.apache.org
>>>
>>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Dependency exclusions being ignored
Posted by Jason Tesser <ja...@gmail.com>.
Also that doesn't work. Invalid POM
cannot say
<exclusion>
<groupId>maven-plugins</groupId>
<artifactId>maven-cobertura-plugin</artifactId>
<type>plugin</type>
</exclusion>
On Thu, Nov 14, 2013 at 9:32 AM, Jason Tesser <ja...@gmail.com> wrote:
> you are referring to the maven-plugins I think
>
> But what about the xml-api thing?
>
>
> On Thu, Nov 14, 2013 at 9:29 AM, Stuart McCulloch <mc...@gmail.com>wrote:
>
>> Try adding:
>>
>> <type>plugin</type>
>>
>> to those 2 dependency exclusions.
>>
>> ( the jaxen pom:
>> http://search.maven.org/remotecontent?filepath=jaxen/jaxen/1.1.3/jaxen-1.1.3.pomdeclares those dependencies to be of type "plugin" )
>>
>> On 14 Nov 2013, at 13:14, Jason Tesser wrote:
>>
>> > I have the following POM http://pastebin.com/P4TvzqJn but my exclusion
>> for
>> > <artifactId>abdera-client</artifactId> are not being respected.
>> Actually
>> > only 2 of them are not
>> > the 2 not working are maven-plugins and maven-plugins
>> > they are coming down anyways
>> > see http://pastebin.com/c59HM8Bj
>> > what am I missing
>> > I have altered the POM but I cleared my local cache and refreshed
>> > dependencies
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
>> For additional commands, e-mail: users-help@maven.apache.org
>>
>>
>
Re: Dependency exclusions being ignored
Posted by Jason Tesser <ja...@gmail.com>.
you are referring to the maven-plugins I think
But what about the xml-api thing?
On Thu, Nov 14, 2013 at 9:29 AM, Stuart McCulloch <mc...@gmail.com> wrote:
> Try adding:
>
> <type>plugin</type>
>
> to those 2 dependency exclusions.
>
> ( the jaxen pom:
> http://search.maven.org/remotecontent?filepath=jaxen/jaxen/1.1.3/jaxen-1.1.3.pomdeclares those dependencies to be of type "plugin" )
>
> On 14 Nov 2013, at 13:14, Jason Tesser wrote:
>
> > I have the following POM http://pastebin.com/P4TvzqJn but my exclusion
> for
> > <artifactId>abdera-client</artifactId> are not being respected. Actually
> > only 2 of them are not
> > the 2 not working are maven-plugins and maven-plugins
> > they are coming down anyways
> > see http://pastebin.com/c59HM8Bj
> > what am I missing
> > I have altered the POM but I cleared my local cache and refreshed
> > dependencies
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
Re: Dependency exclusions being ignored
Posted by Stuart McCulloch <mc...@gmail.com>.
Try adding:
<type>plugin</type>
to those 2 dependency exclusions.
( the jaxen pom: http://search.maven.org/remotecontent?filepath=jaxen/jaxen/1.1.3/jaxen-1.1.3.pom declares those dependencies to be of type "plugin" )
On 14 Nov 2013, at 13:14, Jason Tesser wrote:
> I have the following POM http://pastebin.com/P4TvzqJn but my exclusion for
> <artifactId>abdera-client</artifactId> are not being respected. Actually
> only 2 of them are not
> the 2 not working are maven-plugins and maven-plugins
> they are coming down anyways
> see http://pastebin.com/c59HM8Bj
> what am I missing
> I have altered the POM but I cleared my local cache and refreshed
> dependencies
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org