Details
-
Bug
-
Resolution: Done
-
Major
-
1.0.0-beta-5
-
None
Description
Using includesDependenciesFromPom() followed by resolveAsFiles() can produce a transitive dependency with the wrong scope or version if it is defined in the <dependencyManagment> section of the POM.
e.g.:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>1.7.0</version>
<exclusions>
<exclusion>
<artifactId>servlet-api</artifactId>
<groupId>javax.servlet</groupId>
</exclusion>
</exclusions>
</dependency>
<dependencies>
common-beanutils depends on common-logging:1.0.3 but we've specified a higher version in the <dependencyManagement> section. A 'mvn package' will put common-logging:1.1 in the WEB-INF/lib directory but the following code will spit out a version of 1.0.3:
File[] files =
DependencyResolvers.use( MavenDependencyResolver.class )
.useCentralRepo( false )
.configureFrom( System.getProperty( "user.home" ) + "/.m2/settings.xml" )
.includeDependenciesFromPom( "pom.xml" )
.resolveAsFiles( new ScopeFilter( "compile", "runtime" ) );
for ( File f : files )
{ System.out.println( f.getName() ); }
