[SHRINKWRAP-345] MavenDependencyResolver resolves wrong version or scope for transitive dependencies when using <dependencyManagement> - JBoss Issue Tracker

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Done
Affects Version/s: 1.0.0-beta-5
Fix Version/s: resolver-2.0.0-alpha-1
Component/s: ext-resolver
Labels:
None

Workaround Description:

Hide

Include each transitive dependency in the <dependencies> section

Show
Include each transitive dependency in the <dependencies> section

Description

Using includesDependenciesFromPom() followed by resolveAsFiles() can produce a transitive dependency with the wrong scope or version if it is defined in the <dependencyManagment> section of the POM.

e.g.:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>1.7.0</version>
<exclusions>
<exclusion>
<artifactId>servlet-api</artifactId>
<groupId>javax.servlet</groupId>
</exclusion>
</exclusions>
</dependency>
<dependencies>

common-beanutils depends on common-logging:1.0.3 but we've specified a higher version in the <dependencyManagement> section. A 'mvn package' will put common-logging:1.1 in the WEB-INF/lib directory but the following code will spit out a version of 1.0.3:

File[] files =
DependencyResolvers.use( MavenDependencyResolver.class )
.useCentralRepo( false )
.configureFrom( System.getProperty( "user.home" ) + "/.m2/settings.xml" )
.includeDependenciesFromPom( "pom.xml" )
.resolveAsFiles( new ScopeFilter( "compile", "runtime" ) );

for ( File f : files )

{ System.out.println( f.getName() ); }

Gliffy Diagrams

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

Hide
maven-test.zip

20/Oct/11 5:11 PM

9 kB

Mike Pettypiece
maven-test/.classpath 1.0 kB

maven-test/.project 1 kB

maven-test/.settings/.jsdtscope 0.5 kB

maven-test/.../org.eclipse.jdt.core.prefs 0.5 kB

maven-test/.../org.eclipse.wst.common.component 0.5 kB

maven-test/.../org.eclipse.wst.common.project.facet.core.xml 0.2 kB

maven-test/.../org.eclipse.wst.jsdt.ui.superType.container 0.0 kB

maven-test/.../org.eclipse.wst.jsdt.ui.superType.name 0.0 kB

maven-test/.../org.maven.ide.eclipse.prefs 0.2 kB

maven-test/pom.xml 3 kB

maven-test/src/main/webapp/index.jsp 0.1 kB

maven-test/src/main/.../META-INF/MANIFEST.MF 0.0 kB

maven-test/src/main/.../WEB-INF/web.xml 0.2 kB

maven-test/.../MavenDependencyResolverTest.java 1 kB

maven-test/WebContent/.../MANIFEST.MF 0.0 kB

Download Zip
Show

maven-test.zip

20/Oct/11 5:11 PM

9 kB

Mike Pettypiece

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Mike Pettypiece added a comment - 20/Oct/11 5:11 PM - edited

Example project attached

Show

Mike Pettypiece added a comment - 20/Oct/11 5:11 PM - edited Example project attached

Hide

Permalink

Mike Pettypiece added a comment - 20/Oct/11 5:15 PM

This appears to occur because the transitive dependencies are not loaded in includedDependenciesFromPom(). By the time the transitive dependencies are loaded (in resolveAsFiles()) none of the POM dependencyManagement information is available.

Show

Mike Pettypiece added a comment - 20/Oct/11 5:15 PM This appears to occur because the transitive dependencies are not loaded in includedDependenciesFromPom(). By the time the transitive dependencies are loaded (in resolveAsFiles()) none of the POM dependencyManagement information is available.

Hide

Permalink

Karel Piwko added a comment - 23/Oct/11 10:46 AM

Thanks for the test. I'll try it to on newest development branch, where we reworked the internals and dependencyManagement was added to Aether resolution, which should fix your issue.

Show

Karel Piwko added a comment - 23/Oct/11 10:46 AM Thanks for the test. I'll try it to on newest development branch, where we reworked the internals and dependencyManagement was added to Aether resolution, which should fix your issue.

Hide

Permalink

Karel Piwko added a comment - 24/Oct/11 4:13 AM

Fixed in https://github.com/kpiwko/resolver/commit/a00fa3ca5c1fad9455c55600650b8e2ad169bd18

Usage:

    @Test

    public void testIncludeFromPomWithDependencyManagement() {

        File[] jars = DependencyResolvers.use(MavenDependencyResolver.class).useCentralRepo(false)

                .loadEffectiveFromPom("target/poms/test-depmngmt-transitive.xml").importAllDependencies().resolveAsFiles();

        Assert.assertEquals("Exactly 2 files were resolved", 2, jars.length);

        new FileValidationUtil("test-deps-b-2.0.0", "test-deps-c-1.0.0").validate(jars);

Note: API is suspect to change.

Show

Karel Piwko added a comment - 24/Oct/11 4:13 AM Fixed in https://github.com/kpiwko/resolver/commit/a00fa3ca5c1fad9455c55600650b8e2ad169bd18 Usage: @Test public void testIncludeFromPomWithDependencyManagement() { File[] jars = DependencyResolvers.use(MavenDependencyResolver.class).useCentralRepo(false) .loadEffectiveFromPom("target/poms/test-depmngmt-transitive.xml").importAllDependencies().resolveAsFiles(); Assert.assertEquals("Exactly 2 files were resolved", 2, jars.length); new FileValidationUtil("test-deps-b-2.0.0", "test-deps-c-1.0.0").validate(jars); } Note: API is suspect to change.

Hide

Permalink

Karel Piwko added a comment - 07/Nov/11 9:47 AM

Pushed upstream.

Show

Karel Piwko added a comment - 07/Nov/11 9:47 AM Pushed upstream.

MavenDependencyResolver resolves wrong version or scope for transitive dependencies when using <dependencyManagement>

Details

Description

Gliffy Diagrams

Attachments

Activity

People

Dates

Development

Agile