[ https://issues.apache.org/jira/browse/MNG-5971?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15158980#comment-15158980 ]
Stephane Nicoll commented on MNG-5971: -------------------------------------- I will update and re-test but just to answer your question, yes we do rely on the order of declaration. That's the only way that I know of to manage a conflict. If several BOMs are working on a set of common dependencies you have to tell which one wins and ordering the boms (first win strategy) is something we do for _a very long time_ Practically speaking it also makes sense: you can't possibly ask 4 different projects to not have _any_ conflicting library at all. > Imported dependencies should be available to inheritance processing > ------------------------------------------------------------------- > > Key: MNG-5971 > URL: https://issues.apache.org/jira/browse/MNG-5971 > Project: Maven > Issue Type: Bug > Components: Dependencies > Affects Versions: 3.3.3 > Reporter: Stephane Nicoll > Assignee: Christian Schulte > Priority: Trivial > Labels: close-pending > Fix For: 3.4.0 > > Attachments: bom-cloud.zip > > > When a project extends from a parent with a {{dependencyManagement}} section, > it is not always possible to properly override (and align) the version to use > for a group of dependencies. > We typically use Bill Of Materials to gather a group of modules and make sure > their versions are consistent. > The following project demonstrates the issue: > https://github.com/snicoll-scratches/maven-dependency-management > The first commit is a working use case where the parent uses a bom with > version A and we use the same bom with version B in the child. Version B is > used as expected. > The second commit demonstrates the faulty scenario. Rather than using a bom > in the parent, we use a direct dependency (provided by that bom). We still > use the bom with a different version. In that case all the dependencies but > the one provided by the parent are overridden (leading to mixed versions for > the dependencies provided by the BOM). > It looks like the distance is still used to compute the version while the > graph of dependencies should be flatten at each step for a proper override. > Thoughts? Thanks! -- This message was sent by Atlassian JIRA (v6.3.4#6332)