Using includesDependenciesFromPom() followed by resolveAsFiles() can produce a transitive dependency with the wrong scope or version if it is defined in the <dependencyManagment> section of the POM.

e.g.:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>1.7.0</version>
<exclusions>
<exclusion>
<artifactId>servlet-api</artifactId>
<groupId>javax.servlet</groupId>
</exclusion>
</exclusions>
</dependency>
<dependencies>

common-beanutils depends on common-logging:1.0.3 but we've specified a higher version in the <dependencyManagement> section. A 'mvn package' will put common-logging:1.1 in the WEB-INF/lib directory but the following code will spit out a version of 1.0.3:

File[] files =
DependencyResolvers.use( MavenDependencyResolver.class )
.useCentralRepo( false )
.configureFrom( System.getProperty( "user.home" ) + "/.m2/settings.xml" )
.includeDependenciesFromPom( "pom.xml" )
.resolveAsFiles( new ScopeFilter( "compile", "runtime" ) );

for ( File f : files )