subject:"\[jira\] \[Comment Edited\] \(MNG\-6141\) Dependency management overrides are not transitive and should be considered an anti\-pattern."

[jira] [Comment Edited] (MNG-6141) Dependency management overrides are not transitive and should be considered an anti-pattern.

2017-11-27 Thread Curtis Rueden (JIRA)


[ 
https://issues.apache.org/jira/browse/MNG-6141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16267225#comment-16267225
 ] 

Curtis Rueden edited comment on MNG-6141 at 11/27/17 6:41 PM:
--

It would be a shame indeed for that work to be lost. But my understanding was 
that these patches were going to be cherry-picked into future releases, no?


was (Author: ctrueden):
It would be a shame indeed for that work to be lost. But my understanding is 
that these patches were going to be cherry-picked into future releases, no?

> Dependency management overrides are not transitive and should be considered 
> an anti-pattern.
> 
>
> Key: MNG-6141
> URL: https://issues.apache.org/jira/browse/MNG-6141
> Project: Maven
>  Issue Type: Bug
>Reporter: Christian Schulte
>Priority: Critical
> Attachments: MNG-6141-3.zip, MNG-6141.zip
>
>
> Overriding the dependency management in a module's {{}} 
> section, the overridden value will not be preserved transitively. It makes no 
> sense to be able to override the dependency management in a module if that is 
> only effective in that module and nowhere else. Overriding the dependency 
> management from inside a {{}} element should be considered an 
> anti-pattern. Maven should provide a warning when it is used. During the 
> development of Maven 3.4, there have been quite a few discussions on dev@ 
> about build issues which were all caused by overriding the dependency 
> management that way without noticing this is not supported transitively.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Comment Edited] (MNG-6141) Dependency management overrides are not transitive and should be considered an anti-pattern.

2017-10-24 Thread Joerg Schaible (JIRA)


[ 
https://issues.apache.org/jira/browse/MNG-6141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16216635#comment-16216635
 ] 

Joerg Schaible edited comment on MNG-6141 at 10/24/17 10:08 AM:


Extended example, where
* parent inherits maven-parent and manages junit,
* module-1 overrides plexus-component-annotations (managed by maven-parent) and 
manages plexus-utils with a depMgmt section and
* a new module-3 (without a parent) using module-1.

{code:title=Module 1}
[DEBUG] localhost:module-1:jar:1.0-SNAPSHOT
[DEBUG]org.codehaus.plexus:plexus-component-annotations:jar:1.5.0:compile
[DEBUG]   junit:junit:jar:3.8.1:compile (version managed from 3.8.2 by 
localhost:parent:1.0-SNAPSHOT)
[DEBUG]org.apache.maven:maven-plugin-api:jar:3.0:compile
[DEBUG]   org.apache.maven:maven-model:jar:3.0:compile
[DEBUG]  org.codehaus.plexus:plexus-utils:jar:2.0.7:compile (version 
managed from 2.0.4 by localhost:module-1:1.0-SNAPSHOT)
[DEBUG]   org.apache.maven:maven-artifact:jar:3.0:compile
[DEBUG]   org.sonatype.sisu:sisu-inject-plexus:jar:1.4.2:compile
[DEBUG]  org.codehaus.plexus:plexus-classworlds:jar:2.2.3:compile
[DEBUG]  org.sonatype.sisu:sisu-inject-bean:jar:1.4.2:compile
[DEBUG] org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7:compile
{code}

Module-3 obviously uses wrong plexus-utils and junit versions, but at least the 
correct version of maven-plugin-api and plexus-component-annotations:

{code:title=Module 3}
[DEBUG] localhost:module-3:jar:1.0-SNAPSHOT
[DEBUG]localhost:module-1:jar:1.0-SNAPSHOT:compile
[DEBUG]   org.codehaus.plexus:plexus-component-annotations:jar:1.5.0:compile
[DEBUG]  junit:junit:jar:3.8.2:compile
[DEBUG]   org.apache.maven:maven-plugin-api:jar:3.0:compile
[DEBUG]  org.apache.maven:maven-model:jar:3.0:compile
[DEBUG] org.codehaus.plexus:plexus-utils:jar:2.0.4:compile
[DEBUG]  org.apache.maven:maven-artifact:jar:3.0:compile
[DEBUG]  org.sonatype.sisu:sisu-inject-plexus:jar:1.4.2:compile
[DEBUG] org.codehaus.plexus:plexus-classworlds:jar:2.2.3:compile
[DEBUG] org.sonatype.sisu:sisu-inject-bean:jar:1.4.2:compile
[DEBUG]org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7:compile
{code}

Generated with Maven 3.3.9.

If I understand you proposal now correctly, you would like to forbid the local 
overriding of maven-plugin-api, which is ignored for module-2, but respected 
for module-3. OTOH module-3 exposes different problems, since the active 
depMgmt sections of a dependency itself are not considered.

One use case, where I use a local overriding also actively, is for testing a 
different version of a dependency. Existing unit test may reveal a different 
behaviour.


was (Author: joehni):
Extended example, where
* parent inherits maven-parent and manages junit,
* module-1 overrides plexus-component-annotations (managed by maven-parent) and 
manages plexus-utils with a depMgmt section and
* a new module-3 (without a parent) using module-1.

{code:title=Module 1}
[DEBUG] localhost:module-1:jar:1.0-SNAPSHOT
[DEBUG]org.codehaus.plexus:plexus-component-annotations:jar:1.5.0:compile
[DEBUG]   junit:junit:jar:3.8.1:compile (version managed from 3.8.2 by 
localhost:parent:1.0-SNAPSHOT)
[DEBUG]org.apache.maven:maven-plugin-api:jar:3.0:compile
[DEBUG]   org.apache.maven:maven-model:jar:3.0:compile
[DEBUG]  org.codehaus.plexus:plexus-utils:jar:2.0.7:compile (version 
managed from 2.0.4 by localhost:module-1:1.0-SNAPSHOT)
[DEBUG]   org.apache.maven:maven-artifact:jar:3.0:compile
[DEBUG]   org.sonatype.sisu:sisu-inject-plexus:jar:1.4.2:compile
[DEBUG]  org.codehaus.plexus:plexus-classworlds:jar:2.2.3:compile
[DEBUG]  org.sonatype.sisu:sisu-inject-bean:jar:1.4.2:compile
[DEBUG] org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7:compile
{code}

Module-3 obviously uses wrong plexus-utils and junit versions, but at least the 
correct version of maven-plugin-api:

{code:title=Module 3}
[DEBUG] localhost:module-3:jar:1.0-SNAPSHOT
[DEBUG]localhost:module-1:jar:1.0-SNAPSHOT:compile
[DEBUG]   org.codehaus.plexus:plexus-component-annotations:jar:1.5.0:compile
[DEBUG]  junit:junit:jar:3.8.2:compile
[DEBUG]   org.apache.maven:maven-plugin-api:jar:3.0:compile
[DEBUG]  org.apache.maven:maven-model:jar:3.0:compile
[DEBUG] org.codehaus.plexus:plexus-utils:jar:2.0.4:compile
[DEBUG]  org.apache.maven:maven-artifact:jar:3.0:compile
[DEBUG]  org.sonatype.sisu:sisu-inject-plexus:jar:1.4.2:compile
[DEBUG] org.codehaus.plexus:plexus-classworlds:jar:2.2.3:compile
[DEBUG] org.sonatype.sisu:sisu-inject-bean:jar:1.4.2:compile
[DEBUG]org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7:compile
{code}

Generated with Maven 3.3.9.

If I understand you proposal now

[jira] [Comment Edited] (MNG-6141) Dependency management overrides are not transitive and should be considered an anti-pattern.

2016-12-29 Thread Christian Schulte (JIRA)


[ 
https://issues.apache.org/jira/browse/MNG-6141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15785896#comment-15785896
 ] 

Christian Schulte edited comment on MNG-6141 at 12/29/16 7:08 PM:
--

Example project demonstrating the issue. Unpack and execute {{mvn package 
dependency:tree -X}}. The parent is managing the 
{{org.apache.maven:maven-plugin-api}} dependency to version {{2.0}}. The 
{{module-1}} overrides that to version {{3.0}}. {{module-2}} depends on 
{{module-1}} and there the version of the transitive 
{{org.apache.maven:maven-plugin-api}} is managed to {{2.0}} (expected 
behaviour) although {{module-1}} is overriding it to {{3.0}} (should not be 
supported).

{code:title=mvn -v}
Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 
2015-11-10T17:41:47+01:00)
Maven home: /home/schulte/Applications/apache-maven-3.3.9.orig
Java version: 1.7.0_80, vendor: Oracle Corporation
Java home: /usr/local/jdk-1.7.0/jre
Default locale: en_US, platform encoding: UTF-8
OS name: "openbsd", version: "6.0", arch: "amd64", family: "unix"
{code}

{code:title=module-1 CollectResult}
[DEBUG] localhost:module-1:jar:1.0-SNAPSHOT
[DEBUG]org.apache.maven:maven-plugin-api:jar:3.0:compile
[DEBUG]   org.apache.maven:maven-model:jar:3.0:compile
[DEBUG]  org.codehaus.plexus:plexus-utils:jar:2.0.4:compile
[DEBUG]   org.apache.maven:maven-artifact:jar:3.0:compile
[DEBUG]   org.sonatype.sisu:sisu-inject-plexus:jar:1.4.2:compile
[DEBUG]  
org.codehaus.plexus:plexus-component-annotations:jar:1.5.4:compile
[DEBUG]  org.codehaus.plexus:plexus-classworlds:jar:2.2.3:compile
[DEBUG]  org.sonatype.sisu:sisu-inject-bean:jar:1.4.2:compile
[DEBUG] org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7:compile
[INFO]
{code}

{code:title=module-2 CollectResult}
[DEBUG] localhost:module-2:jar:1.0-SNAPSHOT
[DEBUG]localhost:module-1:jar:1.0-SNAPSHOT:compile
[DEBUG]   org.apache.maven:maven-plugin-api:jar:2.0:compile (version 
managed from 3.0 by localhost:parent:1.0-SNAPSHOT)
{code}



was (Author: schulte77):
Example project demonstrating the issue. Unpack and execute {{mvn package 
dependency:tree -X}}. The parent is managing the 
{{org.apache.maven:maven-plugin-api}} dependency to version {{2.0}}. The 
{{module-1}} overrides that to version {{3.0}}. {{module-2}} depends on 
{{module-1}} and there the version of the transitive 
{{org.apache.maven:maven-plugin-api}} is managed to {{2.0}} (expected 
behaviour) although {{module-1}} is overriding it to {{3.0}} (should not be 
supported).

{code:title=module-1 CollectResult}
[DEBUG] localhost:module-1:jar:1.0-SNAPSHOT
[DEBUG]org.apache.maven:maven-plugin-api:jar:3.0:compile
[DEBUG]   org.apache.maven:maven-model:jar:3.0:compile
[DEBUG]  org.codehaus.plexus:plexus-utils:jar:2.0.4:compile
[DEBUG]   org.apache.maven:maven-artifact:jar:3.0:compile
[DEBUG]   org.sonatype.sisu:sisu-inject-plexus:jar:1.4.2:compile
[DEBUG]  
org.codehaus.plexus:plexus-component-annotations:jar:1.5.4:compile
[DEBUG]  org.codehaus.plexus:plexus-classworlds:jar:2.2.3:compile
[DEBUG]  org.sonatype.sisu:sisu-inject-bean:jar:1.4.2:compile
[DEBUG] org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7:compile
[INFO]
{code}

{code:title=module-2 CollectResult}
[DEBUG] localhost:module-2:jar:1.0-SNAPSHOT
[DEBUG]localhost:module-1:jar:1.0-SNAPSHOT:compile
[DEBUG]   org.apache.maven:maven-plugin-api:jar:2.0:compile (version 
managed from 3.0 by localhost:parent:1.0-SNAPSHOT)
{code}


> Dependency management overrides are not transitive and should be considered 
> an anti-pattern.
> 
>
> Key: MNG-6141
> URL: https://issues.apache.org/jira/browse/MNG-6141
> Project: Maven
>  Issue Type: Bug
>Reporter: Christian Schulte
>Assignee: Christian Schulte
>Priority: Critical
> Attachments: MNG-6141.zip
>
>
> Overriding the dependency management in a module, the overridden value will 
> not be preserved transitively. It makes no sense to be able to override the 
> dependency management in a module if that is only effective in that module 
> and nowhere else. Overriding the dependency management should be considered 
> an anti-pattern. Maven should provide a warning when it is used. During the 
> development of Maven 3.4, there have been quite a few discussions on dev@ 
> about build issues which were all caused by overriding the dependency 
> management without noticing this is not supported transitively.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Comment Edited] (MNG-6141) Dependency management overrides are not transitive and should be considered an anti-pattern.

[jira] [Comment Edited] (MNG-6141) Dependency management overrides are not transitive and should be considered an anti-pattern.

[jira] [Comment Edited] (MNG-6141) Dependency management overrides are not transitive and should be considered an anti-pattern.

3 matches

Site Navigation

Mail list logo

Footer information