[ https://issues.apache.org/jira/browse/MNG-7906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17846005#comment-17846005 ]
Lenny Primak commented on MNG-7906: ----------------------------------- I would think that 4.0 would be *the place* to break the compatibility. First of all, I don't think it's as big of a deal, as depMgmt import isn't as nearly widely used, and the actual conflicting use cases are few and far between (IMHO) I would put this behind a system property so this can be easily switched back within settings.xml or an individual pom file, as well as the command line. > Dependency Management import (BOM) does not work the "maven way" > ---------------------------------------------------------------- > > Key: MNG-7906 > URL: https://issues.apache.org/jira/browse/MNG-7906 > Project: Maven > Issue Type: Bug > Components: Dependencies, Documentation: General > Reporter: Tamas Cservenak > Priority: Major > Fix For: 4.0.x-candidate > > > This affects all released Maven versions so far. > Problem reproducer: https://github.com/cstamas/MNG-7852 (repo name is wrong, > obviously). > In short: unlike with dependencies, where you CAN override some "deep > transitive" dependency by re-declaring it directly as 1st level dependency in > POM, for depMgt import this does not work, actually, it works quite the > opposite ("first comes, wins"). Moreover, Maven remains silent about this, as > reproducer shows, and all of this goes unnoticed. > Solution: at least depMgt import should make "the maven way", maybe not by > default (to not break existing builds) but configurable. Problem is solved if > in reproducer: > - with fix enabled, junit 5.9.3 is used, AND > - with fix disabled, Maven yells about ignored depMgt import -- This message was sent by Atlassian Jira (v8.20.10#820010)