[
https://issues.apache.org/jira/browse/MNG-2496?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17824414#comment-17824414
]
Jörg Hohwiller edited comment on MNG-2496 at 3/7/24 1:46 PM:
-------------------------------------------------------------
> I am unsure what scenario would require "omit the version of dependency" from
> plugin...
It is the same why {{dependencyManagement}} exists at all:
In complex multi-module projects you want to centralize dependencies/versions
to establish some governance and simplify updates that can be made in a central
place.
So the example would be that I use a cross-cutting library say "commons-lang3"
and I need this as dependency in 3 different child POMs.
So instead of putting the version redundantly in those 3 places, I just want to
have it in my top-level parent POM in the {{dependencyManagement}} what is
exactly the idea why maven introduced this element to the POM model.
So either maven should argue that the {{dependencyManagement}} element should
be dropped from the POM model or if it is present, then the behavior and
feature should be available to all dependencies no matter if a plugin or a
project dependency. Everything is inconsistent and not intuitive.
Please be aware that nowadays developers are dealing with security updates
daily due to tons of CVEs flooding us. So I need to make it as simple as
possible to update from x.y.z to x.y.(z+1).
was (Author: hohwille):
> I am unsure what scenario would require "omit the version of dependency" from
> plugin...
It is the same why {{dependencyManagement}} exists at all:
In complex multi-module projects you want to centralize dependencies/versions
to establish some governance and simplify updates that can be made in a central
place.
So the example would be that I use a cross-cutting library say "commons-lang3"
and I need this as dependency in 3 different child POMs.
So instead of putting the version redundantly in those 3 places, I just want to
have it in my top-level parent POM in the {{dependencyManagement}} what is
exactly the idea why maven introduced this element to the POM model.
So either maven should argue that the {{dependencyManagement}} element should
be dropped from the POM model or if it is present, then the behavior and
feature should be available to all dependencies no matter if a plugin or a
project dependency.
Please be aware that nowadays developers are dealing with security updates
daily due to tons of CVEs flooding us. So I need to make it as simple as
possible to update from x.y.z to x.y.(z+1).
> dependencyManagement not used for dependencies in plugin section.
> -----------------------------------------------------------------
>
> Key: MNG-2496
> URL: https://issues.apache.org/jira/browse/MNG-2496
> Project: Maven
> Issue Type: Bug
> Components: Artifacts and Repositories
> Affects Versions: 2.0.4
> Reporter: Brian E Fox
> Priority: Major
>
> In my parent, I have a dependencyManagement set with this jar:
> <dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>com.stchome.build.maven</groupId>
> <artifactId>testng-initializer</artifactId>
> <version>1.0</version>
> <scope>test</scope>
> </dependency>
> I have a plugin specified that had a dependency like this:
> <plugin>
> <artifactId>maven-antrun-plugin</artifactId>
> <executions>
> <execution>
> <id>run-testng</id>
> <phase>test</phase>
> <configuration>
> <tasks>
> <java
> classname="com.stchome.testng.initializer.PackageInitializer">
> <arg
> path="${project.build.testOutputDirectory}"/>
> <arg
> path="${project.build.testSourceDirectory}"/>
> </java>
> <ant antfile="run-testng.xml"
> inheritRefs="true" inheritAll="true">
> <property name="target.dir"
> value="${project.build.directory}"/>
> <property name="test-classes.dir"
> value="${project.build.testOutputDirectory}"/>
> <property name="test-source.dir"
> value="${project.build.testSourceDirectory}"/>
> </ant>
> </tasks>
> </configuration>
> <goals>
> <goal>run</goal>
> </goals>
> </execution>
> </executions>
> <dependencies>
> <dependency>
> <groupId>com.stchome.build.maven</groupId>
> <artifactId>testng-initializer</artifactId>
> </dependency>
> </dependencies>
> </plugin>
> When I build, it doesn't seem to resolve this dependency version from
> dependencyManagement
> [INFO] An invalid artifact was detected.
> This artifact might be in your project's POM, or it might have been included
> transitively du
> information we do have for this artifact:
> o GroupID: com.stchome.build.maven
> o ArtifactID: testng-initializer
> o Version: <<< MISSING >>>
> o Type: jar
> [INFO]
> ------------------------------------------------------------------------
> [INFO] Trace
> org.apache.maven.artifact.InvalidArtifactRTException: For artifact
> {com.stchome.build.maven:
> n cannot be empty.
> at
> org.apache.maven.artifact.DefaultArtifact.validateIdentity(DefaultArtifact.java:1
> at
> org.apache.maven.artifact.DefaultArtifact.<init>(DefaultArtifact.java:119)
> at
> org.apache.maven.artifact.factory.DefaultArtifactFactory.createArtifact(DefaultAr
> at
> org.apache.maven.artifact.factory.DefaultArtifactFactory.createDependencyArtifact
> at
> org.apache.maven.project.artifact.MavenMetadataSource.createArtifacts(MavenMetada
> at
> org.apache.maven.plugin.DefaultPluginManager.addPlugin(DefaultPluginManager.java:
> at
> org.apache.maven.plugin.DefaultPluginManager.verifyVersionedPlugin(DefaultPluginM
> at
> org.apache.maven.plugin.DefaultPluginManager.verifyPlugin(DefaultPluginManager.ja
> at
> org.apache.maven.lifecycle.DefaultLifecycleExecutor.verifyPlugin(DefaultLifecycle
> at
> org.apache.maven.lifecycle.DefaultLifecycleExecutor.bindPluginToLifecycle(Default
> at
> org.apache.maven.lifecycle.DefaultLifecycleExecutor.constructLifecycleMappings(De
> at
> org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoal(DefaultLifecycleE
> at
> org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoalAndHandleFailures(
> at
> org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeTaskSegments(DefaultLi
> at
> org.apache.maven.lifecycle.DefaultLifecycleExecutor.execute(DefaultLifecycleExecu
> at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:322)
> at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:115)
> at org.apache.maven.cli.MavenCli.main(MavenCli.java:256)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java
> at java.lang.reflect.Method.invoke(Method.java:324)
> at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
> at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
> at
> org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
> at org.codehaus.classworlds.Launcher.main(Launcher.java:375)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
