Tamas Cservenak created MNG-8003:
------------------------------------
Summary: Maven BOM is not what it looks like
Key: MNG-8003
URL: https://issues.apache.org/jira/browse/MNG-8003
Project: Maven
Issue Type: Bug
Reporter: Tamas Cservenak
Fix For: 4.0.0, 4.0.0-alpha-11
Maven project at top level POM (current master) has 3 imports:
* maven-bom
* junit bom
* mockito bom
While debugging, spotted that junit and mockito imports are "pristine" (in a
way they contain what one can expect), but the maven-bom had more than BOM
enlists! It turns out that BOM uses maven-parent@41 (same as top level POM or
Maven project), and it has 4 extra depMgt entries (plexus, sisu, plexus-xml and
plexus-util). Basically whoever imports Maven BOM will import these as well.
Moreover, this causes a bit of mess, as maven-parent depMgt section is:
* imported via maven-bom that inherits them from maven-parent
* but also inherited as maven top level POM uses maven-parent as well
Reported conflicts:
* org.eclipse.sisu:org.eclipse.sisu.plexus:jar:0.9.0.M2@compile vs
org.eclipse.sisu:org.eclipse.sisu.plexus:jar:0.9.0.M2@compile[2 exclusions] --
as in Maven project we add exclusions to decouple plexus and sisu
* org.codehaus.plexus:plexus-xml:jar:3.0.0@compile vs
org.codehaus.plexus:plexus-xml:jar:4.0.1@compile -- this is a version conflict
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
