Uploaded image for project: 'ShrinkWrap'
  1. ShrinkWrap
  2. SHRINKWRAP-345

MavenDependencyResolver resolves wrong version or scope for transitive dependencies when using <dependencyManagement>

XMLWordPrintable

    • Hide

      Include each transitive dependency in the <dependencies> section

      Show
      Include each transitive dependency in the <dependencies> section

      Using includesDependenciesFromPom() followed by resolveAsFiles() can produce a transitive dependency with the wrong scope or version if it is defined in the <dependencyManagment> section of the POM.

      e.g.:
      <dependencyManagement>
      <dependencies>
      <dependency>
      <groupId>commons-logging</groupId>
      <artifactId>commons-logging</artifactId>
      <version>1.1</version>
      </dependency>
      </dependencies>
      </dependencyManagement>
      <dependencies>
      <dependency>
      <groupId>commons-beanutils</groupId>
      <artifactId>commons-beanutils</artifactId>
      <version>1.7.0</version>
      <exclusions>
      <exclusion>
      <artifactId>servlet-api</artifactId>
      <groupId>javax.servlet</groupId>
      </exclusion>
      </exclusions>
      </dependency>
      <dependencies>

      common-beanutils depends on common-logging:1.0.3 but we've specified a higher version in the <dependencyManagement> section. A 'mvn package' will put common-logging:1.1 in the WEB-INF/lib directory but the following code will spit out a version of 1.0.3:

      File[] files =
      DependencyResolvers.use( MavenDependencyResolver.class )
      .useCentralRepo( false )
      .configureFrom( System.getProperty( "user.home" ) + "/.m2/settings.xml" )
      .includeDependenciesFromPom( "pom.xml" )
      .resolveAsFiles( new ScopeFilter( "compile", "runtime" ) );

      for ( File f : files )

      { System.out.println( f.getName() ); }

              kpiwko Karel Piwko
              mtpettyp Mike Pettypiece (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: