[
https://issues.apache.org/jira/browse/MNG-5761?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Samuel Langlois updated MNG-5761:
---------------------------------
Attachment: MNG-5761.zip
Here is a small project that reproduces the problem (MNG-5761.zip)
It relies on the fact that commons-beanutils 1.9.2 depends on
commons-collections 3.2.1. In our case, we want to force that version to be
3.2.2.
How to reproduce:
{code}
$ mvn dependency:tree -f dependent-pom.xml
...
[INFO] MNG-5761:dependent:pom:1.0-SNAPSHOT
[INFO] \- commons-beanutils:commons-beanutils:jar:1.9.2:compile
[INFO] +- commons-logging:commons-logging:jar:1.1.1:compile
[INFO] \- commons-collections:commons-collections:jar:3.2.2:compile
{code}
That's good and expected, because the version is forced to 3.2.2 in
parent-pom.xml
Now, let's use this artifact as a dependency in another pom
{code}
# Need to install dependencies locally first
$ mvn install -f parent-pom.xml
$ mvn install -f dependent-pom.xml
$ mvn dependency:tree -f depending-pom.xml
...
[INFO] MNG-5761:depending:pom:1.0-SNAPSHOT
[INFO] \- MNG-5761:dependent:pom:1.0-SNAPSHOT:compile
[INFO] \- commons-beanutils:commons-beanutils:jar:1.9.2:compile
[INFO] +- commons-logging:commons-logging:jar:1.1.1:compile
[INFO] \- commons-collections:commons-collections:jar:3.2.1:compile
{code}
That's unexpected: the version of commons-collections was specified as 3.2.2 in
the parent pom of dependent-pom.xml.
dependent-pom.xml was thus built against 3.2.2, but when you add it as a
dependency, you always get 3.2.1
Hope that makes things clearer. (I don't have enough power to re-open the
issue...)
> <dependencyManagement> picks wrong version for transitive dependencies
> ----------------------------------------------------------------------
>
> Key: MNG-5761
> URL: https://issues.apache.org/jira/browse/MNG-5761
> Project: Maven
> Issue Type: Bug
> Components: Dependencies
> Affects Versions: 3.2.5
> Reporter: Jeff Schnitzer
> Assignee: Jason van Zyl
> Attachments: MNG-5761.zip
>
>
> A detailed description of the issue is here:
> http://stackoverflow.com/questions/28312975/maven-dependencymanagement-version-ignored-in-transitive-dependencies
> The short of it is that maven appears to be using the wrong
> <dependencyManagement> version in a transitive dependency. There are two
> relevant <dependencyManagement> sections in the build, one pulled in by guice
> and one pulled in by gwizard-parent. These are the dependency paths from the
> top:
> gwizard-example -> gwizard-config -> gwizard-parent
> gwizard-example -> gwizard-config -> guice -> guice-parent
> gwizard-parent's dependencyManagement specifies guava 18
> guice-parent's dependencyManagement specifies guava 16
> Guava 16 is winning. This seems highly undesirable, and in fact it breaks our
> build. I would expect that in a version # fight, "closest to the top" should
> win.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
