Alexey Loubyansky created MRESOLVER-503: -------------------------------------------
Summary: Differences between results of dependency:tree and direct resolver API calls Key: MRESOLVER-503 URL: https://issues.apache.org/jira/browse/MRESOLVER-503 Project: Maven Resolver Issue Type: New Feature Components: Resolver Reporter: Alexey Loubyansky I noticed a difference in dependency trees produced by dependency:tree and what seems to be an equivalent invocation of the resolver using its API. It can be reproduced by applying the following change to the maven-resolver demo class [https://github.com/apache/maven-resolver/compare/master...aloubyansky:maven-resolver:dep-tree-diff?expand=1] Running that results in {code:java} com.microsoft.azure:msal4j:jar:1.13.1.redhat-00001 +- com.nimbusds:oauth2-oidc-sdk:jar:9.35 [compile] | +- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1 [compile] | +- com.nimbusds:content-type:jar:2.2 [compile] | +- net.minidev:json-smart:jar:2.4.8 [compile] | +- com.nimbusds:lang-tag:jar:1.6 [compile] | \- com.nimbusds:nimbus-jose-jwt:jar:9.22 [compile] +- org.slf4j:slf4j-api:jar:1.7.36.redhat-00002 [compile] \- com.fasterxml.jackson.core:jackson-databind:jar:2.13.2.1 [compile] {code} Notice the position of json-smart in the tree - it's a dependency of oauth2-oidc-sdk in this case. Now {code:java} cd ~/.m2/repository/com/microsoft/azure/msal4j/1.13.1.redhat-00001{code} {code:java} mvn dependency:tree -f msal4j-1.13.1.redhat-00001.pom -Dscope=compile {code} The output is {code:java} [INFO] com.microsoft.azure:msal4j:jar:1.13.1.redhat-00001 [INFO] +- com.nimbusds:oauth2-oidc-sdk:jar:9.35:compile [INFO] | +- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile [INFO] | +- com.nimbusds:content-type:jar:2.2:compile [INFO] | +- com.nimbusds:lang-tag:jar:1.6:compile [INFO] | \- com.nimbusds:nimbus-jose-jwt:jar:9.22:compile [INFO] +- net.minidev:json-smart:jar:2.4.8:compile [INFO] | \- net.minidev:accessors-smart:jar:2.4.8:compile [INFO] | \- org.ow2.asm:asm:jar:9.1:compile [INFO] +- org.slf4j:slf4j-api:jar:1.7.36.redhat-00002:compile [INFO] +- org.projectlombok:lombok:jar:1.18.6:provided [INFO] \- com.fasterxml.jackson.core:jackson-databind:jar:2.13.2.1:compile [INFO] +- com.fasterxml.jackson.core:jackson-annotations:jar:2.13.2:compile [INFO] \- com.fasterxml.jackson.core:jackson-core:jar:2.13.2:compile {code} In this case json-smart is shown as a direct dependency of msal4j, which it is in its POM. Following the preference of the nearest to the root, dependency:tree seems to be correct, isn't it? In any case, I'd expect the same result (for compile scope) dependencies out of of both approaches. Thanks. -- This message was sent by Atlassian Jira (v8.20.10#820010)