Uploaded image for project: 'ShrinkWrap Resolvers'
  1. ShrinkWrap Resolvers
  2. SHRINKRES-123

Undefined scopes in depMgt via import scope are promoted to "compile"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 2.0.0-beta-3
    • None
    • None
    • None

      Assume a BOM POM:

      <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

    <!-- Model Version -->
    <modelVersion>4.0.0</modelVersion>

    <!-- Artifact Configuration -->
    <groupId>org.jboss.shrinkwrap.test</groupId>
    <artifactId>test-bom-testdeps</artifactId>
    <version>1.0.0</version>
    <packaging>pom</packaging>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.jboss.shrinkwrap.test</groupId>
                <artifactId>test-dependency</artifactId>
                <version>1.0.0</version>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
    </build>

</project>

      ...and a dependency chain POM:

      <?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

    <!-- Model Version -->
    <modelVersion>4.0.0</modelVersion>

    <!-- Artifact Configuration -->
    <groupId>org.jboss.shrinkwrap.test</groupId>
    <artifactId>test-depchain-testdeps</artifactId>
    <version>1.0.0</version>
    <packaging>pom</packaging>

    <dependencies>
        <dependency>
            <groupId>org.jboss.shrinkwrap.test</groupId>
            <artifactId>test-dependency</artifactId>
        </dependency>
    </dependencies>


    <build>
    </build>

</project>

      Placing a direct dependency upon the depchain POM in "test" scope should limit all transitive dependencies to "test" scope. 

      <?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

    <!-- Model Version -->
    <modelVersion>4.0.0</modelVersion>

    <!-- Artifact Configuration -->
    <groupId>org.jboss.shrinkwrap.test</groupId>
    <artifactId>test-deps-via-bom-and-depchain</artifactId>
    <version>1.0.0</version>
    <packaging>pom</packaging>

    <dependencyManagement>
      <dependencies>
        <dependency>
          <groupId>org.jboss.shrinkwrap.test</groupId>
          <artifactId>test-bom-testdeps</artifactId>
          <scope>import</scope>
          <type>pom</type>
          <version>1.0.0</version>
        </dependency>
      </dependencies>
    </dependencyManagement>
 
    <dependencies>
        <dependency>
            <groupId>org.jboss.shrinkwrap.test</groupId>
            <artifactId>test-depchain-testdeps</artifactId>
            <version>1.0.0</version>
            <type>pom</type>
            <scope>test</scope> <!-- These SHOULD be brought in test scope, but are not in SHRINKRES-123 -->
        </dependency>
    </dependencies>
  </project>

      Unfortunately, we currently have no mechanism to denote that a scope in the BOM is intentionally left unspecified, and we incorrectly default this to "compile" in the dependency management section. This leads to leaking when calling upon:

      resolver.loadFromPomFile().importRuntimeDependencies();

      ...which then returns not only the runtime dependencies, but also the test and provided ones as well.

              arubinge@redhat.com Andrew Rubinger (Inactive)
              arubinge@redhat.com Andrew Rubinger (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: