Hi Piotr, Thinking at it carefully, AFAIK it is a design decision done in early Maven 2 design time: - POM properties don't influence dependencies - profile activation influence dependencies (I don't know for CLI properties)
The rationale is that: 1. POM properties are expected to be fixed once a release is done and designed as internal details: injecting from one project to its dependencies would create quite complex to detect collisions. 2. profiles have been thought as a way to define multiple variants of a project, with a limited number of supported value on each project: having dependencies influenced by profile (defined on CLI) makes sense HTH Hervé Le vendredi 15 décembre 2023, 09:34:27 CET Piotr P. Karwasz a écrit : > Hello, > > While looking at differences in generated CycloneDX SBOMs[1] I > stumbled upon an incoherence in the way Maven builds models of a > project's dependencies. > > On one hand the properties defined in a project have no effect on the > effective models of dependencies. For example in: > > <properties> > <log4j2.version>3.0.0-beta1</log4j2.version> > </properties> > <dependencyManagement> > <dependencies> > <dependency> > <groupId>org.springframework</groupId> > <artifactId>spring-boot-dependencies</artifactId> > <version>3.2.0</version> > <type>pom</type> > <scope>import</scope> > </dependency> > </dependencies> > </dependencyManagement> > > the `log4j2.version` property will have no effect on the resolved > effective model of `spring-boot-dependencies`, even if the POM also > uses a `log4j2.version` variable[2]. > > On the other hand profiles change the effective model of a dependency. > E.g. using: > > <dependencies> > <dependency> > <groupId>commons-pool</groupId> > <artifactId>commons-pool</artifactId> > <version>1.5.4</version> > </dependency> > </dependencies> > > the effective model of `commons-pool` will have a different > `<distributionManagement>` element if I run the project with > `-Prelease` or without it. > > Is this an intentional choice or is it a bug? I suppose that profiles > might influence the other artifacts in a Maven reactor, but I am not > sure external dependencies should be influenced as well. > > Piotr > > [1] https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/432 > [2] > https://repo1.maven.org/maven2/org/springframework/boot/spring-boot-depende > ncies/3.2.0/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
