You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Christian Schulte (JIRA)" <ji...@apache.org> on 2016/12/29 19:08:58 UTC

[jira] [Comment Edited] (MNG-6141) Dependency management overrides are not transitive and should be considered an anti-pattern.

    [ https://issues.apache.org/jira/browse/MNG-6141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15785896#comment-15785896 ] 

Christian Schulte edited comment on MNG-6141 at 12/29/16 7:08 PM:
------------------------------------------------------------------

Example project demonstrating the issue. Unpack and execute {{mvn package dependency:tree -X}}. The parent is managing the {{org.apache.maven:maven-plugin-api}} dependency to version {{2.0}}. The {{module-1}} overrides that to version {{3.0}}. {{module-2}} depends on {{module-1}} and there the version of the transitive {{org.apache.maven:maven-plugin-api}} is managed to {{2.0}} (expected behaviour) although {{module-1}} is overriding it to {{3.0}} (should not be supported).

{code:title=mvn -v}
Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T17:41:47+01:00)
Maven home: /home/schulte/Applications/apache-maven-3.3.9.orig
Java version: 1.7.0_80, vendor: Oracle Corporation
Java home: /usr/local/jdk-1.7.0/jre
Default locale: en_US, platform encoding: UTF-8
OS name: "openbsd", version: "6.0", arch: "amd64", family: "unix"
{code}

{code:title=module-1 CollectResult}
[DEBUG] localhost:module-1:jar:1.0-SNAPSHOT
[DEBUG]    org.apache.maven:maven-plugin-api:jar:3.0:compile
[DEBUG]       org.apache.maven:maven-model:jar:3.0:compile
[DEBUG]          org.codehaus.plexus:plexus-utils:jar:2.0.4:compile
[DEBUG]       org.apache.maven:maven-artifact:jar:3.0:compile
[DEBUG]       org.sonatype.sisu:sisu-inject-plexus:jar:1.4.2:compile
[DEBUG]          org.codehaus.plexus:plexus-component-annotations:jar:1.5.4:compile
[DEBUG]          org.codehaus.plexus:plexus-classworlds:jar:2.2.3:compile
[DEBUG]          org.sonatype.sisu:sisu-inject-bean:jar:1.4.2:compile
[DEBUG]             org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7:compile
[INFO]
{code}

{code:title=module-2 CollectResult}
[DEBUG] localhost:module-2:jar:1.0-SNAPSHOT
[DEBUG]    localhost:module-1:jar:1.0-SNAPSHOT:compile
[DEBUG]       org.apache.maven:maven-plugin-api:jar:2.0:compile (version managed from 3.0 by localhost:parent:1.0-SNAPSHOT)
{code}



was (Author: schulte77):
Example project demonstrating the issue. Unpack and execute {{mvn package dependency:tree -X}}. The parent is managing the {{org.apache.maven:maven-plugin-api}} dependency to version {{2.0}}. The {{module-1}} overrides that to version {{3.0}}. {{module-2}} depends on {{module-1}} and there the version of the transitive {{org.apache.maven:maven-plugin-api}} is managed to {{2.0}} (expected behaviour) although {{module-1}} is overriding it to {{3.0}} (should not be supported).

{code:title=module-1 CollectResult}
[DEBUG] localhost:module-1:jar:1.0-SNAPSHOT
[DEBUG]    org.apache.maven:maven-plugin-api:jar:3.0:compile
[DEBUG]       org.apache.maven:maven-model:jar:3.0:compile
[DEBUG]          org.codehaus.plexus:plexus-utils:jar:2.0.4:compile
[DEBUG]       org.apache.maven:maven-artifact:jar:3.0:compile
[DEBUG]       org.sonatype.sisu:sisu-inject-plexus:jar:1.4.2:compile
[DEBUG]          org.codehaus.plexus:plexus-component-annotations:jar:1.5.4:compile
[DEBUG]          org.codehaus.plexus:plexus-classworlds:jar:2.2.3:compile
[DEBUG]          org.sonatype.sisu:sisu-inject-bean:jar:1.4.2:compile
[DEBUG]             org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7:compile
[INFO]
{code}

{code:title=module-2 CollectResult}
[DEBUG] localhost:module-2:jar:1.0-SNAPSHOT
[DEBUG]    localhost:module-1:jar:1.0-SNAPSHOT:compile
[DEBUG]       org.apache.maven:maven-plugin-api:jar:2.0:compile (version managed from 3.0 by localhost:parent:1.0-SNAPSHOT)
{code}


> Dependency management overrides are not transitive and should be considered an anti-pattern.
> --------------------------------------------------------------------------------------------
>
>                 Key: MNG-6141
>                 URL: https://issues.apache.org/jira/browse/MNG-6141
>             Project: Maven
>          Issue Type: Bug
>            Reporter: Christian Schulte
>            Assignee: Christian Schulte
>            Priority: Critical
>         Attachments: MNG-6141.zip
>
>
> Overriding the dependency management in a module, the overridden value will not be preserved transitively. It makes no sense to be able to override the dependency management in a module if that is only effective in that module and nowhere else. Overriding the dependency management should be considered an anti-pattern. Maven should provide a warning when it is used. During the development of Maven 3.4, there have been quite a few discussions on dev@ about build issues which were all caused by overriding the dependency management without noticing this is not supported transitively.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)