You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@maven.apache.org by "Brian E. Fox" <br...@reply.infinity.nu> on 2007/03/29 20:58:01 UTC
Recommended text for 2.0.6 release notes and for email to user group.
[Note, explaination is left to Jason about full impact of MNG-1577]
How to prepare your dependencies before updating to Maven 2.0.6:
If you have dependencies in dependencyManagement that conflict with
transitive dependencies, the fix for MNG-1577 may alter the version you
get when running a build with 2.0.6. To ensure a smooth transition,
there is a tool to detect these conditions.
In your project, run "mvn dependency:analyze" (be sure to use 2.0.5 or
the plugin won't detect mismatches) This will display output similar to
below:
ou can run "mvn dependency:analyze" on your projects and this will
produce output similar to this:
[INFO] [dependency:analyze]
[INFO] Used declared dependencies:
[INFO] org.codehaus.plexus:plexus-archiver:jar:1.0-alpha-7:compile
[INFO] junit:junit:jar:3.8.1:test
[INFO]
org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9:compile
[INFO] org.apache.maven:maven-model:jar:2.0.5:compile
[INFO] org.apache.maven:maven-project:jar:2.0.5:compile
[INFO] org.apache.maven.shared:file-management:jar:1.1:compile
[INFO] org.codehaus.plexus:plexus-utils:jar:1.1:compile
[INFO] org.apache.maven:maven-artifact:jar:2.0.5:compile
[INFO] org.apache.maven:maven-plugin-api:jar:2.0.5:compile
[INFO]
org.apache.maven.shared:maven-plugin-testing-harness:jar:1.0-beta-1:test
[INFO]
org.apache.maven.shared:maven-dependency-analyzer:jar:1.0-SNAPSHOT:compi
le
[INFO] Used undeclared dependencies:
[INFO] None
[INFO] Unused declared dependencies:
[INFO] None
[INFO] Found Resolved Dependency / DependencyManagement mismatches:
[INFO] Dependency: commons-lang:commons-lang:jar
[INFO] DepMgt : 1.0
[INFO] Resolved: 2.3
[INFO] Dependency: commons-digester:commons-digester:jar
[INFO] DepMgt : 1.6
[INFO] Resolved: 1.7
[INFO] Dependency: javax.servlet:servlet-api:jar
[INFO] DepMgt : 2.3
[INFO] Resolved: 2.4
[WARNING] Potential problems found in Dependency Management
In the sample above, you can see that I am actually getting versions
different than what I'm asking for. In 2.0.6, I would suddenly be
upgraded from commons-lang 1.0 to 2.3, commons-digester 1.6 to 1.7 and
servlet-api 2.3 to 2.4. Depending on the jars and your project, this may
manifest as compile errors or runtime errors.
When you see these mismatches, the suggested approach is to adjust your
dependencyManagement section to have the version you are actually
getting (in this case, 2.3,1.7 and 2.4 respectively). Then when you
upgrade to 2.0.6, you will be getting the same versions in your build
that you currently get in 2.0.5. In
You should also pay particular attention to the Used Declared
dependencies because this is showing that you are using something that
isn't declared. The plugin may not detect specific mismatches between
dependencyManagement if the dependencies are not specifically declared.
Using dependencies in your projects that are not declared is a dangerous
proposition as it doesn't provide Maven with the correct information to
properly choose the correct version. The recommended fix for this is to
add any dependencies that analyze finds to your pom.
This goal can also detect conflicts with the dependencyManagement
excludes to show where files that are excluded creep back in and to show
where individual poms override the dependencyManagement. These things
are not directly affected by 2.0.6, but can be handy to know.
Read more here:
http://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.htm
l
http://maven.apache.org/plugins/maven-dependency-plugin/analyze-dep-mgt-
mojo.html
http://maven.apache.org/plugins/maven-dependency-plugin/usage.html
(bottom of the page)
After upgrading to 2.0.6, you may want to remove workarounds to MNG-1577
that you have put in place. These usually would have been the
introduction of a dependency to your pom that wasn't nessessary simply
to override a transitive version. If you have workarounds in your pom,
they will show up as Unused declared dependencies. Note that currently
the test and runtime dependencies are excluded from the usage analysis.
--Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Recommended text for 2.0.6 release notes and for email to user group.
Posted by Jason van Zyl <ja...@maven.org>.
Cool, thanks Brian.
jason.
On 29 Mar 07, at 2:58 PM 29 Mar 07, Brian E. Fox wrote:
> [Note, explaination is left to Jason about full impact of MNG-1577]
> How to prepare your dependencies before updating to Maven 2.0.6:
>
> If you have dependencies in dependencyManagement that conflict with
> transitive dependencies, the fix for MNG-1577 may alter the version
> you
> get when running a build with 2.0.6. To ensure a smooth transition,
> there is a tool to detect these conditions.
>
> In your project, run "mvn dependency:analyze" (be sure to use 2.0.5 or
> the plugin won't detect mismatches) This will display output
> similar to
> below:
> ou can run "mvn dependency:analyze" on your projects and this will
> produce output similar to this:
> [INFO] [dependency:analyze]
> [INFO] Used declared dependencies:
> [INFO] org.codehaus.plexus:plexus-archiver:jar:1.0-alpha-7:compile
> [INFO] junit:junit:jar:3.8.1:test
> [INFO]
> org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9:compile
> [INFO] org.apache.maven:maven-model:jar:2.0.5:compile
> [INFO] org.apache.maven:maven-project:jar:2.0.5:compile
> [INFO] org.apache.maven.shared:file-management:jar:1.1:compile
> [INFO] org.codehaus.plexus:plexus-utils:jar:1.1:compile
> [INFO] org.apache.maven:maven-artifact:jar:2.0.5:compile
> [INFO] org.apache.maven:maven-plugin-api:jar:2.0.5:compile
> [INFO]
> org.apache.maven.shared:maven-plugin-testing-harness:jar:1.0-
> beta-1:test
> [INFO]
> org.apache.maven.shared:maven-dependency-analyzer:jar:1.0-
> SNAPSHOT:compi
> le
> [INFO] Used undeclared dependencies:
> [INFO] None
> [INFO] Unused declared dependencies:
> [INFO] None
> [INFO] Found Resolved Dependency / DependencyManagement mismatches:
> [INFO] Dependency: commons-lang:commons-lang:jar
> [INFO] DepMgt : 1.0
> [INFO] Resolved: 2.3
> [INFO] Dependency: commons-digester:commons-digester:jar
> [INFO] DepMgt : 1.6
> [INFO] Resolved: 1.7
> [INFO] Dependency: javax.servlet:servlet-api:jar
> [INFO] DepMgt : 2.3
> [INFO] Resolved: 2.4
> [WARNING] Potential problems found in Dependency Management
>
> In the sample above, you can see that I am actually getting versions
> different than what I'm asking for. In 2.0.6, I would suddenly be
> upgraded from commons-lang 1.0 to 2.3, commons-digester 1.6 to 1.7 and
> servlet-api 2.3 to 2.4. Depending on the jars and your project,
> this may
> manifest as compile errors or runtime errors.
>
> When you see these mismatches, the suggested approach is to adjust
> your
> dependencyManagement section to have the version you are actually
> getting (in this case, 2.3,1.7 and 2.4 respectively). Then when you
> upgrade to 2.0.6, you will be getting the same versions in your build
> that you currently get in 2.0.5. In
>
> You should also pay particular attention to the Used Declared
> dependencies because this is showing that you are using something that
> isn't declared. The plugin may not detect specific mismatches between
> dependencyManagement if the dependencies are not specifically
> declared.
> Using dependencies in your projects that are not declared is a
> dangerous
> proposition as it doesn't provide Maven with the correct
> information to
> properly choose the correct version. The recommended fix for this
> is to
> add any dependencies that analyze finds to your pom.
>
> This goal can also detect conflicts with the dependencyManagement
> excludes to show where files that are excluded creep back in and to
> show
> where individual poms override the dependencyManagement. These things
> are not directly affected by 2.0.6, but can be handy to know.
>
> Read more here:
> http://maven.apache.org/plugins/maven-dependency-plugin/analyze-
> mojo.htm
> l
> http://maven.apache.org/plugins/maven-dependency-plugin/analyze-dep-
> mgt-
> mojo.html
> http://maven.apache.org/plugins/maven-dependency-plugin/usage.html
> (bottom of the page)
>
> After upgrading to 2.0.6, you may want to remove workarounds to
> MNG-1577
> that you have put in place. These usually would have been the
> introduction of a dependency to your pom that wasn't nessessary simply
> to override a transitive version. If you have workarounds in your pom,
> they will show up as Unused declared dependencies. Note that currently
> the test and runtime dependencies are excluded from the usage
> analysis.
>
> --Brian
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
RE: CORRECTED: Recommended text for 2.0.6 release notes and for email to user group.
Posted by "Brian E. Fox" <br...@reply.infinity.nu>.
Ok..I did say "Similar to..." I think I generated that sample against
the dependency plugin a while ago.
-----Original Message-----
From: carlossg@gmail.com [mailto:carlossg@gmail.com] On Behalf Of Carlos
Sanchez
Sent: Thursday, March 29, 2007 4:46 PM
To: Maven Developers List
Subject: Re: CORRECTED: Recommended text for 2.0.6 release notes and for
email to user group.
then check this line:
org.apache.maven.shared:maven-dependency-analyzer:jar:1.0-SNAPSHOT:com
On 3/29/07, Brian E. Fox <br...@reply.infinity.nu> wrote:
> It was released on Tuesday.
>
> -----Original Message-----
> From: carlossg@gmail.com [mailto:carlossg@gmail.com] On Behalf Of
> Carlos Sanchez
> Sent: Thursday, March 29, 2007 4:23 PM
> To: Maven Developers List
> Subject: Re: CORRECTED: Recommended text for 2.0.6 release notes and
> for email to user group.
>
> souldn't the plugin be released instead of using a snapshot?
>
> On 3/29/07, Brian E. Fox <br...@reply.infinity.nu> wrote:
> > Corrected text below. Thanks Max.
> > [Note, explaination is left to Jason about full impact of MNG-1577]
> > How to prepare your dependencies before updating to Maven 2.0.6:
> >
> > If you have dependencies in dependencyManagement that conflict with
> > transitive dependencies, the fix for MNG-1577 may alter the version
> > you get when running a build with 2.0.6. To ensure a smooth
> > transition, there is a tool to detect these conditions.
> >
> > In your project, run "mvn dependency:analyze" (be sure to use 2.0.5
> > or
>
> > the plugin won't detect mismatches) This will display output similar
> > to
> > below:
> > [INFO] [dependency:analyze]
> > [INFO] Used declared dependencies:
> > [INFO]
org.codehaus.plexus:plexus-archiver:jar:1.0-alpha-7:compile
> > [INFO] junit:junit:jar:3.8.1:test
> > [INFO]
> > org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9:compile
> > [INFO] org.apache.maven:maven-model:jar:2.0.5:compile
> > [INFO] org.apache.maven:maven-project:jar:2.0.5:compile
> > [INFO] org.apache.maven.shared:file-management:jar:1.1:compile
> > [INFO] org.codehaus.plexus:plexus-utils:jar:1.1:compile
> > [INFO] org.apache.maven:maven-artifact:jar:2.0.5:compile
> > [INFO] org.apache.maven:maven-plugin-api:jar:2.0.5:compile
> > [INFO]
> > org.apache.maven.shared:maven-plugin-testing-harness:jar:1.0-beta-1:
> > te
> > st
> > [INFO]
> > org.apache.maven.shared:maven-dependency-analyzer:jar:1.0-SNAPSHOT:c
> > om
> > pi
> > le
> > [INFO] Used undeclared dependencies:
> > [INFO] None
> > [INFO] Unused declared dependencies:
> > [INFO] None
> > [INFO] Found Resolved Dependency / DependencyManagement mismatches:
> > [INFO] Dependency: commons-lang:commons-lang:jar
> > [INFO] DepMgt : 1.0
> > [INFO] Resolved: 2.3
> > [INFO] Dependency: commons-digester:commons-digester:jar
> > [INFO] DepMgt : 1.6
> > [INFO] Resolved: 1.7
> > [INFO] Dependency: javax.servlet:servlet-api:jar
> > [INFO] DepMgt : 2.3
> > [INFO] Resolved: 2.4
> > [WARNING] Potential problems found in Dependency Management
> >
> > In the sample above, you can see that I am actually getting versions
> > different than what I'm asking for. In 2.0.6, I would suddenly be
> > downgraded to commons-lang 1.0 from 2.3, commons-digester 1.6 from
> > 1.7
>
> > and servlet-api 2.3 from 2.4. Depending on the jars and your
> > project, this may manifest as compile errors or runtime errors.
> >
> > When you see these mismatches, the suggested approach is to adjust
> > your dependencyManagement section to have the version you are
> > actually
>
> > getting (in this case, 2.3,1.7 and 2.4 respectively). Then when you
> > upgrade to 2.0.6, you will be getting the same versions in your
> > build that you currently get in 2.0.5. In
> >
> > You should also pay particular attention to the Used Declared
> > dependencies because this is showing that you are using something
> > that
>
> > isn't declared. The plugin may not detect specific mismatches
> > between dependencyManagement if the dependencies are not
> > specifically
> declared.
> > Using dependencies in your projects that are not declared is a
> > dangerous proposition as it doesn't provide Maven with the correct
> > information to properly choose the correct version. The recommended
> > fix for this is to add any dependencies that analyze finds to your
> pom.
> >
> > This goal can also detect conflicts with the dependencyManagement
> > excludes to show where files that are excluded creep back in and to
> > show where individual poms override the dependencyManagement. These
> > things are not directly affected by 2.0.6, but can be handy to know.
> >
> > Read more here:
> > http://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo
> > .h
> > tm
> > l
> > http://maven.apache.org/plugins/maven-dependency-plugin/analyze-dep-
> > mg
> > t-
> > mojo.html
> > http://maven.apache.org/plugins/maven-dependency-plugin/usage.html
> > (bottom of the page)
> >
> > After upgrading to 2.0.6, you may want to remove workarounds to
> > MNG-1577 that you have put in place. These usually would have been
> > the
>
> > introduction of a dependency to your pom that wasn't nessessary
> > simply
>
> > to override a transitive version. If you have workarounds in your
> > pom,
>
> > they will show up as Unused declared dependencies. Note that
> > currently
>
> > the test and runtime dependencies are excluded from the usage
> analysis.
> >
> > --Brian
> >
> >
> > --------------------------------------------------------------------
> > - To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For
> > additional commands, e-mail: dev-help@maven.apache.org
> >
> >
>
>
> --
> I could give you my word as a Spaniard.
> No good. I've known too many Spaniards.
> -- The Princess Bride
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For
> additional commands, e-mail: dev-help@maven.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For
> additional commands, e-mail: dev-help@maven.apache.org
>
>
--
I could give you my word as a Spaniard.
No good. I've known too many Spaniards.
-- The Princess Bride
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For additional
commands, e-mail: dev-help@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: CORRECTED: Recommended text for 2.0.6 release notes and for email to user group.
Posted by Carlos Sanchez <ca...@apache.org>.
then check this line:
org.apache.maven.shared:maven-dependency-analyzer:jar:1.0-SNAPSHOT:com
On 3/29/07, Brian E. Fox <br...@reply.infinity.nu> wrote:
> It was released on Tuesday.
>
> -----Original Message-----
> From: carlossg@gmail.com [mailto:carlossg@gmail.com] On Behalf Of Carlos
> Sanchez
> Sent: Thursday, March 29, 2007 4:23 PM
> To: Maven Developers List
> Subject: Re: CORRECTED: Recommended text for 2.0.6 release notes and for
> email to user group.
>
> souldn't the plugin be released instead of using a snapshot?
>
> On 3/29/07, Brian E. Fox <br...@reply.infinity.nu> wrote:
> > Corrected text below. Thanks Max.
> > [Note, explaination is left to Jason about full impact of MNG-1577]
> > How to prepare your dependencies before updating to Maven 2.0.6:
> >
> > If you have dependencies in dependencyManagement that conflict with
> > transitive dependencies, the fix for MNG-1577 may alter the version
> > you get when running a build with 2.0.6. To ensure a smooth
> > transition, there is a tool to detect these conditions.
> >
> > In your project, run "mvn dependency:analyze" (be sure to use 2.0.5 or
>
> > the plugin won't detect mismatches) This will display output similar
> > to
> > below:
> > [INFO] [dependency:analyze]
> > [INFO] Used declared dependencies:
> > [INFO] org.codehaus.plexus:plexus-archiver:jar:1.0-alpha-7:compile
> > [INFO] junit:junit:jar:3.8.1:test
> > [INFO]
> > org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9:compile
> > [INFO] org.apache.maven:maven-model:jar:2.0.5:compile
> > [INFO] org.apache.maven:maven-project:jar:2.0.5:compile
> > [INFO] org.apache.maven.shared:file-management:jar:1.1:compile
> > [INFO] org.codehaus.plexus:plexus-utils:jar:1.1:compile
> > [INFO] org.apache.maven:maven-artifact:jar:2.0.5:compile
> > [INFO] org.apache.maven:maven-plugin-api:jar:2.0.5:compile
> > [INFO]
> > org.apache.maven.shared:maven-plugin-testing-harness:jar:1.0-beta-1:te
> > st
> > [INFO]
> > org.apache.maven.shared:maven-dependency-analyzer:jar:1.0-SNAPSHOT:com
> > pi
> > le
> > [INFO] Used undeclared dependencies:
> > [INFO] None
> > [INFO] Unused declared dependencies:
> > [INFO] None
> > [INFO] Found Resolved Dependency / DependencyManagement mismatches:
> > [INFO] Dependency: commons-lang:commons-lang:jar
> > [INFO] DepMgt : 1.0
> > [INFO] Resolved: 2.3
> > [INFO] Dependency: commons-digester:commons-digester:jar
> > [INFO] DepMgt : 1.6
> > [INFO] Resolved: 1.7
> > [INFO] Dependency: javax.servlet:servlet-api:jar
> > [INFO] DepMgt : 2.3
> > [INFO] Resolved: 2.4
> > [WARNING] Potential problems found in Dependency Management
> >
> > In the sample above, you can see that I am actually getting versions
> > different than what I'm asking for. In 2.0.6, I would suddenly be
> > downgraded to commons-lang 1.0 from 2.3, commons-digester 1.6 from 1.7
>
> > and servlet-api 2.3 from 2.4. Depending on the jars and your project,
> > this may manifest as compile errors or runtime errors.
> >
> > When you see these mismatches, the suggested approach is to adjust
> > your dependencyManagement section to have the version you are actually
>
> > getting (in this case, 2.3,1.7 and 2.4 respectively). Then when you
> > upgrade to 2.0.6, you will be getting the same versions in your build
> > that you currently get in 2.0.5. In
> >
> > You should also pay particular attention to the Used Declared
> > dependencies because this is showing that you are using something that
>
> > isn't declared. The plugin may not detect specific mismatches between
> > dependencyManagement if the dependencies are not specifically
> declared.
> > Using dependencies in your projects that are not declared is a
> > dangerous proposition as it doesn't provide Maven with the correct
> > information to properly choose the correct version. The recommended
> > fix for this is to add any dependencies that analyze finds to your
> pom.
> >
> > This goal can also detect conflicts with the dependencyManagement
> > excludes to show where files that are excluded creep back in and to
> > show where individual poms override the dependencyManagement. These
> > things are not directly affected by 2.0.6, but can be handy to know.
> >
> > Read more here:
> > http://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.h
> > tm
> > l
> > http://maven.apache.org/plugins/maven-dependency-plugin/analyze-dep-mg
> > t-
> > mojo.html
> > http://maven.apache.org/plugins/maven-dependency-plugin/usage.html
> > (bottom of the page)
> >
> > After upgrading to 2.0.6, you may want to remove workarounds to
> > MNG-1577 that you have put in place. These usually would have been the
>
> > introduction of a dependency to your pom that wasn't nessessary simply
>
> > to override a transitive version. If you have workarounds in your pom,
>
> > they will show up as Unused declared dependencies. Note that currently
>
> > the test and runtime dependencies are excluded from the usage
> analysis.
> >
> > --Brian
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For
> > additional commands, e-mail: dev-help@maven.apache.org
> >
> >
>
>
> --
> I could give you my word as a Spaniard.
> No good. I've known too many Spaniards.
> -- The Princess Bride
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For additional
> commands, e-mail: dev-help@maven.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
--
I could give you my word as a Spaniard.
No good. I've known too many Spaniards.
-- The Princess Bride
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
RE: CORRECTED: Recommended text for 2.0.6 release notes and for email to user group.
Posted by "Brian E. Fox" <br...@reply.infinity.nu>.
It was released on Tuesday.
-----Original Message-----
From: carlossg@gmail.com [mailto:carlossg@gmail.com] On Behalf Of Carlos
Sanchez
Sent: Thursday, March 29, 2007 4:23 PM
To: Maven Developers List
Subject: Re: CORRECTED: Recommended text for 2.0.6 release notes and for
email to user group.
souldn't the plugin be released instead of using a snapshot?
On 3/29/07, Brian E. Fox <br...@reply.infinity.nu> wrote:
> Corrected text below. Thanks Max.
> [Note, explaination is left to Jason about full impact of MNG-1577]
> How to prepare your dependencies before updating to Maven 2.0.6:
>
> If you have dependencies in dependencyManagement that conflict with
> transitive dependencies, the fix for MNG-1577 may alter the version
> you get when running a build with 2.0.6. To ensure a smooth
> transition, there is a tool to detect these conditions.
>
> In your project, run "mvn dependency:analyze" (be sure to use 2.0.5 or
> the plugin won't detect mismatches) This will display output similar
> to
> below:
> [INFO] [dependency:analyze]
> [INFO] Used declared dependencies:
> [INFO] org.codehaus.plexus:plexus-archiver:jar:1.0-alpha-7:compile
> [INFO] junit:junit:jar:3.8.1:test
> [INFO]
> org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9:compile
> [INFO] org.apache.maven:maven-model:jar:2.0.5:compile
> [INFO] org.apache.maven:maven-project:jar:2.0.5:compile
> [INFO] org.apache.maven.shared:file-management:jar:1.1:compile
> [INFO] org.codehaus.plexus:plexus-utils:jar:1.1:compile
> [INFO] org.apache.maven:maven-artifact:jar:2.0.5:compile
> [INFO] org.apache.maven:maven-plugin-api:jar:2.0.5:compile
> [INFO]
> org.apache.maven.shared:maven-plugin-testing-harness:jar:1.0-beta-1:te
> st
> [INFO]
> org.apache.maven.shared:maven-dependency-analyzer:jar:1.0-SNAPSHOT:com
> pi
> le
> [INFO] Used undeclared dependencies:
> [INFO] None
> [INFO] Unused declared dependencies:
> [INFO] None
> [INFO] Found Resolved Dependency / DependencyManagement mismatches:
> [INFO] Dependency: commons-lang:commons-lang:jar
> [INFO] DepMgt : 1.0
> [INFO] Resolved: 2.3
> [INFO] Dependency: commons-digester:commons-digester:jar
> [INFO] DepMgt : 1.6
> [INFO] Resolved: 1.7
> [INFO] Dependency: javax.servlet:servlet-api:jar
> [INFO] DepMgt : 2.3
> [INFO] Resolved: 2.4
> [WARNING] Potential problems found in Dependency Management
>
> In the sample above, you can see that I am actually getting versions
> different than what I'm asking for. In 2.0.6, I would suddenly be
> downgraded to commons-lang 1.0 from 2.3, commons-digester 1.6 from 1.7
> and servlet-api 2.3 from 2.4. Depending on the jars and your project,
> this may manifest as compile errors or runtime errors.
>
> When you see these mismatches, the suggested approach is to adjust
> your dependencyManagement section to have the version you are actually
> getting (in this case, 2.3,1.7 and 2.4 respectively). Then when you
> upgrade to 2.0.6, you will be getting the same versions in your build
> that you currently get in 2.0.5. In
>
> You should also pay particular attention to the Used Declared
> dependencies because this is showing that you are using something that
> isn't declared. The plugin may not detect specific mismatches between
> dependencyManagement if the dependencies are not specifically
declared.
> Using dependencies in your projects that are not declared is a
> dangerous proposition as it doesn't provide Maven with the correct
> information to properly choose the correct version. The recommended
> fix for this is to add any dependencies that analyze finds to your
pom.
>
> This goal can also detect conflicts with the dependencyManagement
> excludes to show where files that are excluded creep back in and to
> show where individual poms override the dependencyManagement. These
> things are not directly affected by 2.0.6, but can be handy to know.
>
> Read more here:
> http://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.h
> tm
> l
> http://maven.apache.org/plugins/maven-dependency-plugin/analyze-dep-mg
> t-
> mojo.html
> http://maven.apache.org/plugins/maven-dependency-plugin/usage.html
> (bottom of the page)
>
> After upgrading to 2.0.6, you may want to remove workarounds to
> MNG-1577 that you have put in place. These usually would have been the
> introduction of a dependency to your pom that wasn't nessessary simply
> to override a transitive version. If you have workarounds in your pom,
> they will show up as Unused declared dependencies. Note that currently
> the test and runtime dependencies are excluded from the usage
analysis.
>
> --Brian
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For
> additional commands, e-mail: dev-help@maven.apache.org
>
>
--
I could give you my word as a Spaniard.
No good. I've known too many Spaniards.
-- The Princess Bride
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For additional
commands, e-mail: dev-help@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: CORRECTED: Recommended text for 2.0.6 release notes and for email to user group.
Posted by Carlos Sanchez <ca...@apache.org>.
souldn't the plugin be released instead of using a snapshot?
On 3/29/07, Brian E. Fox <br...@reply.infinity.nu> wrote:
> Corrected text below. Thanks Max.
> [Note, explaination is left to Jason about full impact of MNG-1577] How
> to prepare your dependencies before updating to Maven 2.0.6:
>
> If you have dependencies in dependencyManagement that conflict with
> transitive dependencies, the fix for MNG-1577 may alter the version you
> get when running a build with 2.0.6. To ensure a smooth transition,
> there is a tool to detect these conditions.
>
> In your project, run "mvn dependency:analyze" (be sure to use 2.0.5 or
> the plugin won't detect mismatches) This will display output similar to
> below:
> [INFO] [dependency:analyze]
> [INFO] Used declared dependencies:
> [INFO] org.codehaus.plexus:plexus-archiver:jar:1.0-alpha-7:compile
> [INFO] junit:junit:jar:3.8.1:test
> [INFO]
> org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9:compile
> [INFO] org.apache.maven:maven-model:jar:2.0.5:compile
> [INFO] org.apache.maven:maven-project:jar:2.0.5:compile
> [INFO] org.apache.maven.shared:file-management:jar:1.1:compile
> [INFO] org.codehaus.plexus:plexus-utils:jar:1.1:compile
> [INFO] org.apache.maven:maven-artifact:jar:2.0.5:compile
> [INFO] org.apache.maven:maven-plugin-api:jar:2.0.5:compile
> [INFO]
> org.apache.maven.shared:maven-plugin-testing-harness:jar:1.0-beta-1:test
> [INFO]
> org.apache.maven.shared:maven-dependency-analyzer:jar:1.0-SNAPSHOT:compi
> le
> [INFO] Used undeclared dependencies:
> [INFO] None
> [INFO] Unused declared dependencies:
> [INFO] None
> [INFO] Found Resolved Dependency / DependencyManagement mismatches:
> [INFO] Dependency: commons-lang:commons-lang:jar
> [INFO] DepMgt : 1.0
> [INFO] Resolved: 2.3
> [INFO] Dependency: commons-digester:commons-digester:jar
> [INFO] DepMgt : 1.6
> [INFO] Resolved: 1.7
> [INFO] Dependency: javax.servlet:servlet-api:jar
> [INFO] DepMgt : 2.3
> [INFO] Resolved: 2.4
> [WARNING] Potential problems found in Dependency Management
>
> In the sample above, you can see that I am actually getting versions
> different than what I'm asking for. In 2.0.6, I would suddenly be
> downgraded to commons-lang 1.0 from 2.3, commons-digester 1.6 from 1.7
> and servlet-api 2.3 from 2.4. Depending on the jars and your project,
> this may manifest as compile errors or runtime errors.
>
> When you see these mismatches, the suggested approach is to adjust your
> dependencyManagement section to have the version you are actually
> getting (in this case, 2.3,1.7 and 2.4 respectively). Then when you
> upgrade to 2.0.6, you will be getting the same versions in your build
> that you currently get in 2.0.5. In
>
> You should also pay particular attention to the Used Declared
> dependencies because this is showing that you are using something that
> isn't declared. The plugin may not detect specific mismatches between
> dependencyManagement if the dependencies are not specifically declared.
> Using dependencies in your projects that are not declared is a dangerous
> proposition as it doesn't provide Maven with the correct information to
> properly choose the correct version. The recommended fix for this is to
> add any dependencies that analyze finds to your pom.
>
> This goal can also detect conflicts with the dependencyManagement
> excludes to show where files that are excluded creep back in and to show
> where individual poms override the dependencyManagement. These things
> are not directly affected by 2.0.6, but can be handy to know.
>
> Read more here:
> http://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.htm
> l
> http://maven.apache.org/plugins/maven-dependency-plugin/analyze-dep-mgt-
> mojo.html
> http://maven.apache.org/plugins/maven-dependency-plugin/usage.html
> (bottom of the page)
>
> After upgrading to 2.0.6, you may want to remove workarounds to MNG-1577
> that you have put in place. These usually would have been the
> introduction of a dependency to your pom that wasn't nessessary simply
> to override a transitive version. If you have workarounds in your pom,
> they will show up as Unused declared dependencies. Note that currently
> the test and runtime dependencies are excluded from the usage analysis.
>
> --Brian
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
--
I could give you my word as a Spaniard.
No good. I've known too many Spaniards.
-- The Princess Bride
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
RE: CORRECTED: Recommended text for 2.0.6 release notes and for email to user group.
Posted by "Brian E. Fox" <br...@reply.infinity.nu>.
I added this text to the plugin site here:
http://maven.apache.org/plugins/maven-dependency-plugin/examples/prepari
ng-dependencies.html
-----Original Message-----
From: Brian E. Fox [mailto:brianf@reply.infinity.nu]
Sent: Thursday, March 29, 2007 5:03 PM
To: Maven Developers List
Subject: RE: CORRECTED: Recommended text for 2.0.6 release notes and for
email to user group.
How to prepare your dependencies before updating to Maven 2.0.6:
If you have dependencies in dependencyManagement that conflict with
transitive dependencies, the fix for MNG-1577 may alter the version you
get when running a build with 2.0.6. To ensure a smooth transition,
there is a tool to detect these conditions.
In your project, run "mvn dependency:analyze" (be sure to use 2.0.5 or
the plugin won't detect mismatches) This will display output similar to
below:
[INFO] [dependency:analyze]
[INFO] Used declared dependencies:
[INFO] org.codehaus.plexus:plexus-archiver:jar:1.0-alpha-7:compile
[INFO] junit:junit:jar:3.8.1:test
[INFO]
org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9:compile
[INFO] org.apache.maven:maven-model:jar:2.0.5:compile
[INFO] org.apache.maven:maven-project:jar:2.0.5:compile
[INFO] org.apache.maven.shared:file-management:jar:1.1:compile
[INFO] org.codehaus.plexus:plexus-utils:jar:1.1:compile
[INFO] org.apache.maven:maven-artifact:jar:2.0.5:compile
[INFO] org.apache.maven:maven-plugin-api:jar:2.0.5:compile
[INFO]
org.apache.maven.shared:maven-plugin-testing-harness:jar:1.0-beta-1:test
[INFO]
org.apache.maven.shared:maven-dependency-analyzer:jar:1.0:compile
[INFO] Used undeclared dependencies:
[INFO] None
[INFO] Unused declared dependencies:
[INFO] None
[INFO] Found Resolved Dependency / DependencyManagement mismatches:
[INFO] Dependency: commons-lang:commons-lang:jar
[INFO] DepMgt : 1.0
[INFO] Resolved: 2.3
[INFO] Dependency: commons-digester:commons-digester:jar
[INFO] DepMgt : 1.6
[INFO] Resolved: 1.7
[INFO] Dependency: javax.servlet:servlet-api:jar
[INFO] DepMgt : 2.3
[INFO] Resolved: 2.4
[WARNING] Potential problems found in Dependency Management
In the sample above, you can see that I am actually getting versions
different than what I'm asking for. In 2.0.6, I would suddenly be
downgraded to commons-lang 1.0 from 2.3, commons-digester 1.6 from 1.7
and servlet-api 2.3 from 2.4. Depending on the jars and your project,
this may manifest as compile errors or runtime errors.
When you see these mismatches, the suggested approach is to adjust your
dependencyManagement section to have the version you are actually
getting (in this case, 2.3,1.7 and 2.4 respectively). Then when you
upgrade to 2.0.6, you will be getting the same versions in your build
that you currently get in 2.0.5.
You should also pay particular attention to the Used Declared
dependencies because this is showing that you are using something that
isn't declared. The plugin may not detect specific mismatches between
dependencyManagement if the dependencies are not specifically declared.
Using dependencies in your projects that are not declared is a dangerous
proposition as it doesn't provide Maven with the correct information to
properly choose the correct version. The recommended fix for this is to
add any dependencies that analyze finds to your pom.
This goal can also detect conflicts with the dependencyManagement
excludes to show where files that are excluded creep back in and to show
where individual poms override the dependencyManagement. These things
are not directly affected by 2.0.6, but can be handy to know.
Read more here:
http://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.htm
l
http://maven.apache.org/plugins/maven-dependency-plugin/analyze-dep-mgt-
mojo.html
http://maven.apache.org/plugins/maven-dependency-plugin/usage.html
(bottom of the page)
After upgrading to 2.0.6, you may want to remove workarounds to MNG-1577
that you have put in place. These usually would have been the
introduction of a dependency to your pom that wasn't nessessary simply
to override a transitive version. If you have workarounds in your pom,
they will show up as Unused declared dependencies. Note that currently
the test and runtime dependencies are excluded from the usage analysis.
--Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
RE: CORRECTED: Recommended text for 2.0.6 release notes and for email to user group.
Posted by "Brian E. Fox" <br...@reply.infinity.nu>.
How to prepare your dependencies before updating to Maven 2.0.6:
If you have dependencies in dependencyManagement that conflict with
transitive dependencies, the fix for MNG-1577 may alter the version you
get when running a build with 2.0.6. To ensure a smooth transition,
there is a tool to detect these conditions.
In your project, run "mvn dependency:analyze" (be sure to use 2.0.5 or
the plugin won't detect mismatches) This will display output similar to
below:
[INFO] [dependency:analyze]
[INFO] Used declared dependencies:
[INFO] org.codehaus.plexus:plexus-archiver:jar:1.0-alpha-7:compile
[INFO] junit:junit:jar:3.8.1:test
[INFO]
org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9:compile
[INFO] org.apache.maven:maven-model:jar:2.0.5:compile
[INFO] org.apache.maven:maven-project:jar:2.0.5:compile
[INFO] org.apache.maven.shared:file-management:jar:1.1:compile
[INFO] org.codehaus.plexus:plexus-utils:jar:1.1:compile
[INFO] org.apache.maven:maven-artifact:jar:2.0.5:compile
[INFO] org.apache.maven:maven-plugin-api:jar:2.0.5:compile
[INFO]
org.apache.maven.shared:maven-plugin-testing-harness:jar:1.0-beta-1:test
[INFO]
org.apache.maven.shared:maven-dependency-analyzer:jar:1.0:compile
[INFO] Used undeclared dependencies:
[INFO] None
[INFO] Unused declared dependencies:
[INFO] None
[INFO] Found Resolved Dependency / DependencyManagement mismatches:
[INFO] Dependency: commons-lang:commons-lang:jar
[INFO] DepMgt : 1.0
[INFO] Resolved: 2.3
[INFO] Dependency: commons-digester:commons-digester:jar
[INFO] DepMgt : 1.6
[INFO] Resolved: 1.7
[INFO] Dependency: javax.servlet:servlet-api:jar
[INFO] DepMgt : 2.3
[INFO] Resolved: 2.4
[WARNING] Potential problems found in Dependency Management
In the sample above, you can see that I am actually getting versions
different than what I'm asking for. In 2.0.6, I would suddenly be
downgraded to commons-lang 1.0 from 2.3, commons-digester 1.6 from 1.7
and servlet-api 2.3 from 2.4. Depending on the jars and your project,
this may manifest as compile errors or runtime errors.
When you see these mismatches, the suggested approach is to adjust your
dependencyManagement section to have the version you are actually
getting (in this case, 2.3,1.7 and 2.4 respectively). Then when you
upgrade to 2.0.6, you will be getting the same versions in your build
that you currently get in 2.0.5.
You should also pay particular attention to the Used Declared
dependencies because this is showing that you are using something that
isn't declared. The plugin may not detect specific mismatches between
dependencyManagement if the dependencies are not specifically declared.
Using dependencies in your projects that are not declared is a dangerous
proposition as it doesn't provide Maven with the correct information to
properly choose the correct version. The recommended fix for this is to
add any dependencies that analyze finds to your pom.
This goal can also detect conflicts with the dependencyManagement
excludes to show where files that are excluded creep back in and to show
where individual poms override the dependencyManagement. These things
are not directly affected by 2.0.6, but can be handy to know.
Read more here:
http://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.htm
l
http://maven.apache.org/plugins/maven-dependency-plugin/analyze-dep-mgt-
mojo.html
http://maven.apache.org/plugins/maven-dependency-plugin/usage.html
(bottom of the page)
After upgrading to 2.0.6, you may want to remove workarounds to MNG-1577
that you have put in place. These usually would have been the
introduction of a dependency to your pom that wasn't nessessary simply
to override a transitive version. If you have workarounds in your pom,
they will show up as Unused declared dependencies. Note that currently
the test and runtime dependencies are excluded from the usage analysis.
--Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
CORRECTED: Recommended text for 2.0.6 release notes and for email to user group.
Posted by "Brian E. Fox" <br...@reply.infinity.nu>.
Corrected text below. Thanks Max.
[Note, explaination is left to Jason about full impact of MNG-1577] How
to prepare your dependencies before updating to Maven 2.0.6:
If you have dependencies in dependencyManagement that conflict with
transitive dependencies, the fix for MNG-1577 may alter the version you
get when running a build with 2.0.6. To ensure a smooth transition,
there is a tool to detect these conditions.
In your project, run "mvn dependency:analyze" (be sure to use 2.0.5 or
the plugin won't detect mismatches) This will display output similar to
below:
[INFO] [dependency:analyze]
[INFO] Used declared dependencies:
[INFO] org.codehaus.plexus:plexus-archiver:jar:1.0-alpha-7:compile
[INFO] junit:junit:jar:3.8.1:test
[INFO]
org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9:compile
[INFO] org.apache.maven:maven-model:jar:2.0.5:compile
[INFO] org.apache.maven:maven-project:jar:2.0.5:compile
[INFO] org.apache.maven.shared:file-management:jar:1.1:compile
[INFO] org.codehaus.plexus:plexus-utils:jar:1.1:compile
[INFO] org.apache.maven:maven-artifact:jar:2.0.5:compile
[INFO] org.apache.maven:maven-plugin-api:jar:2.0.5:compile
[INFO]
org.apache.maven.shared:maven-plugin-testing-harness:jar:1.0-beta-1:test
[INFO]
org.apache.maven.shared:maven-dependency-analyzer:jar:1.0-SNAPSHOT:compi
le
[INFO] Used undeclared dependencies:
[INFO] None
[INFO] Unused declared dependencies:
[INFO] None
[INFO] Found Resolved Dependency / DependencyManagement mismatches:
[INFO] Dependency: commons-lang:commons-lang:jar
[INFO] DepMgt : 1.0
[INFO] Resolved: 2.3
[INFO] Dependency: commons-digester:commons-digester:jar
[INFO] DepMgt : 1.6
[INFO] Resolved: 1.7
[INFO] Dependency: javax.servlet:servlet-api:jar
[INFO] DepMgt : 2.3
[INFO] Resolved: 2.4
[WARNING] Potential problems found in Dependency Management
In the sample above, you can see that I am actually getting versions
different than what I'm asking for. In 2.0.6, I would suddenly be
downgraded to commons-lang 1.0 from 2.3, commons-digester 1.6 from 1.7
and servlet-api 2.3 from 2.4. Depending on the jars and your project,
this may manifest as compile errors or runtime errors.
When you see these mismatches, the suggested approach is to adjust your
dependencyManagement section to have the version you are actually
getting (in this case, 2.3,1.7 and 2.4 respectively). Then when you
upgrade to 2.0.6, you will be getting the same versions in your build
that you currently get in 2.0.5. In
You should also pay particular attention to the Used Declared
dependencies because this is showing that you are using something that
isn't declared. The plugin may not detect specific mismatches between
dependencyManagement if the dependencies are not specifically declared.
Using dependencies in your projects that are not declared is a dangerous
proposition as it doesn't provide Maven with the correct information to
properly choose the correct version. The recommended fix for this is to
add any dependencies that analyze finds to your pom.
This goal can also detect conflicts with the dependencyManagement
excludes to show where files that are excluded creep back in and to show
where individual poms override the dependencyManagement. These things
are not directly affected by 2.0.6, but can be handy to know.
Read more here:
http://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.htm
l
http://maven.apache.org/plugins/maven-dependency-plugin/analyze-dep-mgt-
mojo.html
http://maven.apache.org/plugins/maven-dependency-plugin/usage.html
(bottom of the page)
After upgrading to 2.0.6, you may want to remove workarounds to MNG-1577
that you have put in place. These usually would have been the
introduction of a dependency to your pom that wasn't nessessary simply
to override a transitive version. If you have workarounds in your pom,
they will show up as Unused declared dependencies. Note that currently
the test and runtime dependencies are excluded from the usage analysis.
--Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org