Tyler King created WW-5376:
------------------------------
Summary: struts2-bom should not pull in non-struts dependencies
from struts2-parent
Key: WW-5376
URL: https://issues.apache.org/jira/browse/WW-5376
Project: Struts 2
Issue Type: Bug
Reporter: Tyler King
The parent of struts-bom pom file is the struts2-parent pom file. The
struts2-parent pom file includes a dependencyManagement section with many
non-struts dependencies (including test dependencies such as junit and
mockito), which are inherited in the struts-bom pom file. This is bad practice
for a bom file since consumers of that bom will have versions for dependencies
unrelated to struts locked down.
See [https://www.garretwilson.com/blog/2023/06/14/improve-maven-bom-pattern]
and [https://github.com/apache/logging-log4j2] for an example of how they have
both parent and bom pom files
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
