subject:"\[jira\] \[Updated\] \(MNG\-8041\) Maven Core bug regarding resolution scopes for Mojos"

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-05-22 Thread Guillaume Nodet (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Guillaume Nodet updated MNG-8041:
-
Fix Version/s: 4.0.0-beta-4
   (was: 4.0.0-beta-3)

> Maven Core bug regarding resolution scopes for Mojos
> 
>
> Key: MNG-8041
> URL: https://issues.apache.org/jira/browse/MNG-8041
> Project: Maven
>  Issue Type: Bug
>  Components: Artifacts and Repositories
>Reporter: Tamas Cservenak
>Priority: Major
> Fix For: 4.0.0, 4.0.0-beta-4
>
>
> This bug affects all released Maven versions.
> Reproducer: [https://github.com/cstamas/MNG-8041]
> Description of the bug: when a Mojo requires Core to collect/resolve given 
> ResolutionScope, Maven Core does it wrong. Problem is how 
> LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
> plus, how Resolver works. LDR constructs the Resolver filters properly, then 
> it calls into DPDR, that performs collection. To achieve that, DPDR *blindly* 
> adds all the POM dependencies to Collect request (which is graph root). But 
> this is wrong, as this should happen with considering requested (to be 
> included or to be excluded) scopes. Next what happens, that when collect 
> request is processed by Resolver, it will contain nodes from unwanted scopes 
> (as Maven Core blindly added all of them from POM). Just as detail: if 
> Resolver would be asked to create root, it would NOT add these in the first 
> place. Due these present, conflict resolver may possibly eliminate other 
> nodes (as POM ones "always wins", are the closest to graph root. Finally, 
> these winners may be eliminated in subsequent step, for example due scope 
> filtering. This results in incomplete resolution scope.
> Example: let's consider example where Mojo asks for "runtime" resolution 
> scope. To serve this, Maven will add ALL dependencies present in POM to 
> collect request (even those in scopes to be omitted, like "test" scoped 
> ones), and will perform "collect" using Resolver. When Resolver returns the 
> graph, it will contain nodes (as 1st level was populated by Maven) that MAY 
> be contained in deeper nodes of non-test scoped ones (the guice+guava 
> example). Next, "conflict resolution" happens, and naturally all the "test" 
> scoped 1st level dependencies will "win", rendering removal of others. 
> Finally, due "runtime" requested resolution scope, the "test" scoped 
> dependencies are (rightfully) filtered out. {*}This obviously leads to 
> incomplete runtime build path{*}.
> Or in other words, Maven is wrong here: it adds 1st level dependencies to 
> CollectRequest that should not be there in the first place (in example above, 
> the "test" scoped ones), that will cause that Resolver "collect" step build a 
> graph that has "unwanted" scoped nodes closer to root than actually needed 
> runtime dependencies (remember: test nodes will be not affected by filter, as 
> they are already present, added by Maven, and test node children are 
> collected also as "runtime", just to have "test" scope inherited later in the 
> process, hence all the children of "test" node will end up in "test" scope, 
> despite "exclude test" is present!), this will cause that in dependency 
> conflict resolution step, they will kick out all the rightful runtime 
> dependencies, and finally, all these winners are removed due scope filter.
> Implication of this bug is following important fact: the project "runtime" 
> resolution scope (as when asked by Mojo) and project "runtime" resolution 
> scope (as when used as a dependency on some downstream project) {*}were not 
> the same{*}!
> Effects of this bug are explained in "Important Consequences" section of this 
> page 
> [https://maven.apache.org/resolver-archives/resolver-2.0.0-alpha-7/common-misconceptions.html#important-consequences]
>  (that is wrongly written: all that is a consequence of this bug). Also, have 
> to note, that when this bug get addressed, it will NOT render "workarounds" 
> broken (ie. introduction of another module just to package "runtime" 
> classpath using m-assembly-p or alike plugins), just "obsolete", as packaging 
> of runtime dependencies will become possible in-situ (in the same module of 
> the project).
> Exercises: check out reproducer and execute these commands:
>  * {{mvn dependency:tree}} => OK, it shows "dependencies included from all 
> scopes" (this is equiv to "test" build scope), guava is in test scope
>  * {{mvn dependency:tree -Dscope=runtime}} => NOT OK, it will show effect of 
> this bug, guava is missing from runtime resolution scope
>  * install the reproducer project into local repository, and create another 
> project (or use {{downstream/pom.xml}} from reproducer) that uses reproducer 
> project as dependency (only one, no d

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-05-03 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Fix Version/s: 4.0.0-beta-2
   (was: 4.0.0-beta-1)

> Maven Core bug regarding resolution scopes for Mojos
> 
>
> Key: MNG-8041
> URL: https://issues.apache.org/jira/browse/MNG-8041
> Project: Maven
>  Issue Type: Bug
>  Components: Artifacts and Repositories
>Reporter: Tamas Cservenak
>Priority: Major
> Fix For: 4.0.0, 4.0.0-beta-2
>
>
> This bug affects all released Maven versions.
> Reproducer: [https://github.com/cstamas/MNG-8041]
> Description of the bug: when a Mojo requires Core to collect/resolve given 
> ResolutionScope, Maven Core does it wrong. Problem is how 
> LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
> plus, how Resolver works. LDR constructs the Resolver filters properly, then 
> it calls into DPDR, that performs collection. To achieve that, DPDR *blindly* 
> adds all the POM dependencies to Collect request (which is graph root). But 
> this is wrong, as this should happen with considering requested (to be 
> included or to be excluded) scopes. Next what happens, that when collect 
> request is processed by Resolver, it will contain nodes from unwanted scopes 
> (as Maven Core blindly added all of them from POM). Just as detail: if 
> Resolver would be asked to create root, it would NOT add these in the first 
> place. Due these present, conflict resolver may possibly eliminate other 
> nodes (as POM ones "always wins", are the closest to graph root. Finally, 
> these winners may be eliminated in subsequent step, for example due scope 
> filtering. This results in incomplete resolution scope.
> Example: let's consider example where Mojo asks for "runtime" resolution 
> scope. To serve this, Maven will add ALL dependencies present in POM to 
> collect request (even those in scopes to be omitted, like "test" scoped 
> ones), and will perform "collect" using Resolver. When Resolver returns the 
> graph, it will contain nodes (as 1st level was populated by Maven) that MAY 
> be contained in deeper nodes of non-test scoped ones (the guice+guava 
> example). Next, "conflict resolution" happens, and naturally all the "test" 
> scoped 1st level dependencies will "win", rendering removal of others. 
> Finally, due "runtime" requested resolution scope, the "test" scoped 
> dependencies are (rightfully) filtered out. {*}This obviously leads to 
> incomplete runtime build path{*}.
> Or in other words, Maven is wrong here: it adds 1st level dependencies to 
> CollectRequest that should not be there in the first place (in example above, 
> the "test" scoped ones), that will cause that Resolver "collect" step build a 
> graph that has "unwanted" scoped nodes closer to root than actually needed 
> runtime dependencies (remember: test nodes will be not affected by filter, as 
> they are already present, added by Maven, and test node children are 
> collected also as "runtime", just to have "test" scope inherited later in the 
> process, hence all the children of "test" node will end up in "test" scope, 
> despite "exclude test" is present!), this will cause that in dependency 
> conflict resolution step, they will kick out all the rightful runtime 
> dependencies, and finally, all these winners are removed due scope filter.
> Implication of this bug is following important fact: the project "runtime" 
> resolution scope (as when asked by Mojo) and project "runtime" resolution 
> scope (as when used as a dependency on some downstream project) {*}were not 
> the same{*}!
> Effects of this bug are explained in "Important Consequences" section of this 
> page 
> [https://maven.apache.org/resolver-archives/resolver-2.0.0-alpha-7/common-misconceptions.html#important-consequences]
>  (that is wrongly written: all that is a consequence of this bug). Also, have 
> to note, that when this bug get addressed, it will NOT render "workarounds" 
> broken (ie. introduction of another module just to package "runtime" 
> classpath using m-assembly-p or alike plugins), just "obsolete", as packaging 
> of runtime dependencies will become possible in-situ (in the same module of 
> the project).
> Exercises: check out reproducer and execute these commands:
>  * {{mvn dependency:tree}} => OK, it shows "dependencies included from all 
> scopes" (this is equiv to "test" build scope), guava is in test scope
>  * {{mvn dependency:tree -Dscope=runtime}} => NOT OK, it will show effect of 
> this bug, guava is missing from runtime resolution scope
>  * install the reproducer project into local repository, and create another 
> project (or use {{downstream/pom.xml}} from reproducer) that uses reproducer 
> project as dependency (only one, no d

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-03-06 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Fix Version/s: 4.0.0-alpha-14
   (was: 4.0.0-alpha-13)

> Maven Core bug regarding resolution scopes for Mojos
> 
>
> Key: MNG-8041
> URL: https://issues.apache.org/jira/browse/MNG-8041
> Project: Maven
>  Issue Type: Bug
>  Components: Artifacts and Repositories
>Reporter: Tamas Cservenak
>Priority: Major
> Fix For: 4.0.0, 4.0.0-alpha-14
>
>
> This bug affects all released Maven versions.
> Reproducer: [https://github.com/cstamas/MNG-8041]
> Description of the bug: when a Mojo requires Core to collect/resolve given 
> ResolutionScope, Maven Core does it wrong. Problem is how 
> LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
> plus, how Resolver works. LDR constructs the Resolver filters properly, then 
> it calls into DPDR, that performs collection. To achieve that, DPDR *blindly* 
> adds all the POM dependencies to Collect request (which is graph root). But 
> this is wrong, as this should happen with considering requested (to be 
> included or to be excluded) scopes. Next what happens, that when collect 
> request is processed by Resolver, it will contain nodes from unwanted scopes 
> (as Maven Core blindly added all of them from POM). Just as detail: if 
> Resolver would be asked to create root, it would NOT add these in the first 
> place. Due these present, conflict resolver may possibly eliminate other 
> nodes (as POM ones "always wins", are the closest to graph root. Finally, 
> these winners may be eliminated in subsequent step, for example due scope 
> filtering. This results in incomplete resolution scope.
> Example: let's consider example where Mojo asks for "runtime" resolution 
> scope. To serve this, Maven will add ALL dependencies present in POM to 
> collect request (even those in scopes to be omitted, like "test" scoped 
> ones), and will perform "collect" using Resolver. When Resolver returns the 
> graph, it will contain nodes (as 1st level was populated by Maven) that MAY 
> be contained in deeper nodes of non-test scoped ones (the guice+guava 
> example). Next, "conflict resolution" happens, and naturally all the "test" 
> scoped 1st level dependencies will "win", rendering removal of others. 
> Finally, due "runtime" requested resolution scope, the "test" scoped 
> dependencies are (rightfully) filtered out. {*}This obviously leads to 
> incomplete runtime build path{*}.
> Or in other words, Maven is wrong here: it adds 1st level dependencies to 
> CollectRequest that should not be there in the first place (in example above, 
> the "test" scoped ones), that will cause that Resolver "collect" step build a 
> graph that has "unwanted" scoped nodes closer to root than actually needed 
> runtime dependencies (remember: test nodes will be not affected by filter, as 
> they are already present, added by Maven, and test node children are 
> collected also as "runtime", just to have "test" scope inherited later in the 
> process, hence all the children of "test" node will end up in "test" scope, 
> despite "exclude test" is present!), this will cause that in dependency 
> conflict resolution step, they will kick out all the rightful runtime 
> dependencies, and finally, all these winners are removed due scope filter.
> Implication of this bug is following important fact: the project "runtime" 
> resolution scope (as when asked by Mojo) and project "runtime" resolution 
> scope (as when used as a dependency on some downstream project) {*}were not 
> the same{*}!
> Effects of this bug are explained in "Important Consequences" section of this 
> page 
> [https://maven.apache.org/resolver-archives/resolver-2.0.0-alpha-7/common-misconceptions.html#important-consequences]
>  (that is wrongly written: all that is a consequence of this bug). Also, have 
> to note, that when this bug get addressed, it will NOT render "workarounds" 
> broken (ie. introduction of another module just to package "runtime" 
> classpath using m-assembly-p or alike plugins), just "obsolete", as packaging 
> of runtime dependencies will become possible in-situ (in the same module of 
> the project).
> Exercises: check out reproducer and execute these commands:
>  * {{mvn dependency:tree}} => OK, it shows "dependencies included from all 
> scopes" (this is equiv to "test" build scope), guava is in test scope
>  * {{mvn dependency:tree -Dscope=runtime}} => NOT OK, it will show effect of 
> this bug, guava is missing from runtime resolution scope
>  * install the reproducer project into local repository, and create another 
> project (or use {{downstream/pom.xml}} from reproducer) that uses reproducer 
> project as dependency (only one

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-03-01 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Fix Version/s: (was: 3.9.7)

> Maven Core bug regarding resolution scopes for Mojos
> 
>
> Key: MNG-8041
> URL: https://issues.apache.org/jira/browse/MNG-8041
> Project: Maven
>  Issue Type: Bug
>  Components: Artifacts and Repositories
>Reporter: Tamas Cservenak
>Priority: Major
> Fix For: 4.0.0, 4.0.0-alpha-13
>
>
> This bug affects all released Maven versions.
> Reproducer: [https://github.com/cstamas/MNG-8041]
> Description of the bug: when a Mojo requires Core to collect/resolve given 
> ResolutionScope, Maven Core does it wrong. Problem is how 
> LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
> plus, how Resolver works. LDR constructs the Resolver filters properly, then 
> it calls into DPDR, that performs collection. To achieve that, DPDR *blindly* 
> adds all the POM dependencies to Collect request (which is graph root). But 
> this is wrong, as this should happen with considering requested (to be 
> included or to be excluded) scopes. Next what happens, that when collect 
> request is processed by Resolver, it will contain nodes from unwanted scopes 
> (as Maven Core blindly added all of them from POM). Just as detail: if 
> Resolver would be asked to create root, it would NOT add these in the first 
> place. Due these present, conflict resolver may possibly eliminate other 
> nodes (as POM ones "always wins", are the closest to graph root. Finally, 
> these winners may be eliminated in subsequent step, for example due scope 
> filtering. This results in incomplete resolution scope.
> Example: let's consider example where Mojo asks for "runtime" resolution 
> scope. To serve this, Maven will add ALL dependencies present in POM to 
> collect request (even those in scopes to be omitted, like "test" scoped 
> ones), and will perform "collect" using Resolver. When Resolver returns the 
> graph, it will contain nodes (as 1st level was populated by Maven) that MAY 
> be contained in deeper nodes of non-test scoped ones (the guice+guava 
> example). Next, "conflict resolution" happens, and naturally all the "test" 
> scoped 1st level dependencies will "win", rendering removal of others. 
> Finally, due "runtime" requested resolution scope, the "test" scoped 
> dependencies are (rightfully) filtered out. {*}This obviously leads to 
> incomplete runtime build path{*}.
> Or in other words, Maven is wrong here: it adds 1st level dependencies to 
> CollectRequest that should not be there in the first place (in example above, 
> the "test" scoped ones), that will cause that Resolver "collect" step build a 
> graph that has "unwanted" scoped nodes closer to root than actually needed 
> runtime dependencies (remember: test nodes will be not affected by filter, as 
> they are already present, added by Maven, and test node children are 
> collected also as "runtime", just to have "test" scope inherited later in the 
> process, hence all the children of "test" node will end up in "test" scope, 
> despite "exclude test" is present!), this will cause that in dependency 
> conflict resolution step, they will kick out all the rightful runtime 
> dependencies, and finally, all these winners are removed due scope filter.
> Implication of this bug is following important fact: the project "runtime" 
> resolution scope (as when asked by Mojo) and project "runtime" resolution 
> scope (as when used as a dependency on some downstream project) {*}were not 
> the same{*}!
> Effects of this bug are explained in "Important Consequences" section of this 
> page 
> [https://maven.apache.org/resolver-archives/resolver-2.0.0-alpha-7/common-misconceptions.html#important-consequences]
>  (that is wrongly written: all that is a consequence of this bug). Also, have 
> to note, that when this bug get addressed, it will NOT render "workarounds" 
> broken (ie. introduction of another module just to package "runtime" 
> classpath using m-assembly-p or alike plugins), just "obsolete", as packaging 
> of runtime dependencies will become possible in-situ (in the same module of 
> the project).
> Exercises: check out reproducer and execute these commands:
>  * {{mvn dependency:tree}} => OK, it shows "dependencies included from all 
> scopes" (this is equiv to "test" build scope), guava is in test scope
>  * {{mvn dependency:tree -Dscope=runtime}} => NOT OK, it will show effect of 
> this bug, guava is missing from runtime resolution scope
>  * install the reproducer project into local repository, and create another 
> project (or use {{downstream/pom.xml}} from reproducer) that uses reproducer 
> project as dependency (only one, no depMgt and so on), ask for {{mvn 
> de

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Description: 
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds 
all the POM dependencies to Collect request (which is graph root). But this is 
wrong, as this should happen with considering requested (to be included or to 
be excluded) scopes. Next what happens, that when collect request is processed 
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly 
added all of them from POM). Just as detail: if Resolver would be asked to 
create root, it would NOT add these in the first place. Due these present, 
conflict resolver may possibly eliminate other nodes (as POM ones "always 
wins", are the closest to graph root. Finally, these winners may be eliminated 
in subsequent step, for example due scope filtering. This results in incomplete 
resolution scope.

Example: let's consider example where Mojo asks for "runtime" resolution scope. 
To serve this, Maven will add ALL dependencies present in POM to collect 
request (even those in scopes to be omitted, like "test" scoped ones), and will 
perform "collect" using Resolver. When Resolver returns the graph, it will 
contain nodes (as 1st level was populated by Maven) that MAY be contained in 
deeper nodes of non-test scoped ones (the guice+guava example). Next, "conflict 
resolution" happens, and naturally all the "test" scoped 1st level dependencies 
will "win", rendering removal of others. Finally, due "runtime" requested 
resolution scope, the "test" scoped dependencies are (rightfully) filtered out. 
{*}This obviously leads to incomplete runtime build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to 
CollectRequest that should not be there in the first place (in example above, 
the "test" scoped ones), that will cause that Resolver "collect" step build a 
graph that has "unwanted" scoped nodes closer to root than actually needed 
runtime dependencies (remember: test nodes will be not affected by filter, as 
they are already present, added by Maven, and test node children are collected 
also as "runtime", just to have "test" scope inherited later in the process, 
hence all the children of "test" node will end up in "test" scope, despite 
"exclude test" is present!), this will cause that in dependency conflict 
resolution step, they will kick out all the rightful runtime dependencies, and 
finally, all these winners are removed due scope filter.

Implication of this bug is following important fact: the project "runtime" 
resolution scope (as when asked by Mojo) and project "runtime" resolution scope 
(as when used as a dependency on some downstream project) {*}were not the 
same{*}!

Effects of this bug are explained in "Important Consequences" section of this 
page 
[https://maven.apache.org/resolver-archives/resolver-2.0.0-alpha-7/common-misconceptions.html#important-consequences]
 (that is wrongly written: all that is a consequence of this bug). Also, have 
to note, that when this bug get addressed, it will NOT render "workarounds" 
broken (ie. introduction of another module just to package "runtime" classpath 
using m-assembly-p or alike plugins), just "obsolete", as packaging of runtime 
dependencies will become possible in-situ (in the same module of the project).

Exercises: check out reproducer and execute these commands:
 * {{mvn dependency:tree}} => OK, it shows "dependencies included from all 
scopes" (this is equiv to "test" build scope), guava is in test scope
 * {{mvn dependency:tree -Dscope=runtime}} => NOT OK, it will show effect of 
this bug, guava is missing from runtime resolution scope
 * install the reproducer project into local repository, and create another 
project (or use {{downstream/pom.xml}} from reproducer) that uses reproducer 
project as dependency (only one, no depMgt and so on), ask for {{mvn 
dependency:tree}} => OK (and look! Guava IS there)

  was:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds 
all the POM dependencies to Collect reques

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Description: 
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds 
all the POM dependencies to Collect request (which is graph root). But this is 
wrong, as this should happen with considering requested (to be included or to 
be excluded) scopes. Next what happens, that when collect request is processed 
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly 
added all of them from POM). Just as detail: if Resolver would be asked to 
create root, it would NOT add these in the first place. Due these present, 
conflict resolver may possibly eliminate other nodes (as POM ones "always 
wins", are the closest to graph root. Finally, these winners may be eliminated 
in subsequent step, for example due scope filtering. This results in incomplete 
resolution scope.

Example: let's consider example where Mojo asks for "runtime" resolution scope. 
To serve this, Maven will add ALL dependencies present in POM to collect 
request (even those in scopes to be omitted, like "test" scoped ones), and will 
perform "collect" using Resolver. When Resolver returns the graph, it will 
contain nodes (as 1st level was populated by Maven) that MAY be contained in 
deeper nodes of non-test scoped ones (the guice+guava example). Next, "conflict 
resolution" happens, and naturally all the "test" scoped 1st level dependencies 
will "win", rendering removal of others. Finally, due "runtime" requested 
resolution scope, the "test" scoped dependencies are (rightfully) filtered out. 
{*}This obviously leads to incomplete runtime build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to 
CollectRequest that should not be there in the first place (in example above, 
the "test" scoped ones), that will cause that Resolver "collect" step build a 
graph that has "unwanted" scoped nodes closer to root than actually needed 
runtime dependencies (remember: test nodes will be not affected by filter, as 
they are already present, added by Maven, and test node children are collected 
also as "runtime", just to have "test" scope inherited later in the process, 
hence all the children of "test" node will end up in "test" scope, despite 
"exclude test" is present!), this will cause that in dependency conflict 
resolution step, they will kick out all the rightful runtime dependencies, and 
finally, all these winners are removed due scope filter.

Implication of this bug is following important fact: the project "runtime" 
resolution scope (as when asked by Mojo) and project "runtime" resolution scope 
(as when used as a dependency on some downstream project) {*}were not the 
same{*}!

Effects of this bug are explained in "Important Consequences" section of this 
page 
[https://maven.apache.org/resolver-archives/resolver-2.0.0-alpha-7/common-misconceptions.html#important-consequences]
 (that is wrongly written: all that is a consequence of this bug). Also, have 
to note, that when this bug get addressed, it will NOT render "workarounds" 
broken (ie. introduction of another module just to package "runtime" classpath 
using m-assembly-p or alike plugins), just "obsolete", as packaging of runtime 
dependencies will become possible in-situ (in the same module of the project).

Exercises: check out reproducer and execute these commands:
 * {{mvn dependency:tree}} => OK, it shows "dependencies included from all 
scopes" (this is equiv to "test" build scope), guava is in test scope
 * {{mvn dependency:tree -Dscope=runtime}} => NOT OK, it will show effect of 
this bug, guava is missing
 * install the reproducer project into local repository, and create another 
project (or use {{downstream/pom.xml}} from reproducer) that uses reproducer 
project as dependency (only one, no depMgt and so on), ask for {{mvn 
dependency:tree}} => OK (and look! Guava IS there)

  was:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds 
all the POM dependencies to Collect request (which is graph root). But t

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Description: 
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds 
all the POM dependencies to Collect request (which is graph root). But this is 
wrong, as this should happen with considering requested (to be included or to 
be excluded) scopes. Next what happens, that when collect request is processed 
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly 
added all of them from POM). Just as detail: if Resolver would be asked to 
create root, it would NOT add these in the first place. Due these present, 
conflict resolver may possibly eliminate other nodes (as POM ones "always 
wins", are the closest to graph root. Finally, these winners may be eliminated 
in subsequent step, for example due scope filtering. This results in incomplete 
resolution scope.

Example: let's consider example where Mojo asks for "runtime" resolution scope. 
To serve this, Maven will add ALL dependencies present in POM to collect 
request (even those in scopes to be omitted, like "test" scoped ones), and will 
perform "collect" using Resolver. When Resolver returns the graph, it will 
contain nodes (as 1st level was populated by Maven) that MAY be contained in 
deeper nodes of non-test scoped ones (the guice+guava example). Next, "conflict 
resolution" happens, and naturally all the "test" scoped 1st level dependencies 
will "win", rendering removal of others. Finally, due "runtime" requested 
resolution scope, the "test" scoped dependencies are (rightfully) filtered out. 
{*}This obviously leads to incomplete runtime build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to 
CollectRequest that should not be there in the first place (in example above, 
the "test" scoped ones), that will cause that Resolver "collect" step build a 
graph that has "unwanted" scoped nodes closer to root than actually needed 
runtime dependencies (remember: test nodes will be not affected by filter, as 
they are already present, added by Maven, and test node children are collected 
also as "runtime", just to have "test" scope inherited later in the process, 
hence all the children of "test" node will end up in "test" scope, despite 
"exclude test" is present!), this will cause that in dependency conflict 
resolution step, they will kick out all the rightful runtime dependencies, and 
finally, all these winners are removed due scope filter.

Implication of this bug is following important fact: the project "runtime" 
resolution scope (as when asked by Mojo) and project "runtime" resolution scope 
(as when used as a dependency on some downstream project) {*}were not the 
same{*}!

Effects of this bug are explained in "Important Consequences" section of this 
page 
[https://maven.apache.org/resolver-archives/resolver-2.0.0-alpha-7/common-misconceptions.html#important-consequences]
 (that is wrongly written: all that is a consequence of this bug). Also, have 
to note, that when this bug get addressed, it will NOT render "workarounds" 
broken (ie. introduction of another module just to package "runtime" classpath 
using m-assembly-p or alike plugins), just "obsolete", as packaging of runtime 
dependencies will become possible in-situ (in the same module of the project).

Exercises: check out reproducer and execute these commands:
 * {{mvn dependency:tree}} => OK, it shows "dependencies included from all 
scopes" (this is equiv to "test" build scope)
 * {{mvn dependency:tree -Dscope=runtime}} => NOT OK, it will show effect of 
this bug (guava missing)
 * install the reproducer project into local repository, and create another 
project (or use {{downstream/pom.xml}} from reproducer) that uses reproducer 
project as dependency (only one, no depMgt and so on), ask for {{mvn 
dependency:tree}} => OK (and look! Guava IS there)

  was:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds 
all the POM dependencies to Collect request (which is graph root). But this is 
wrong, as this sho

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Description: 
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds 
all the POM dependencies to Collect request (which is graph root). But this is 
wrong, as this should happen with considering requested (to be included or to 
be excluded) scopes. Next what happens, that when collect request is processed 
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly 
added all of them from POM). Just as detail: if Resolver would be asked to 
create root, it would NOT add these in the first place. Due these present, 
conflict resolver may possibly eliminate other nodes (as POM ones "always 
wins", are the closest to graph root. Finally, these winners may be eliminated 
in subsequent step, for example due scope filtering. This results in incomplete 
resolution scope.

Example: let's consider example where Mojo asks for "runtime" resolution scope. 
To serve this, Maven will add ALL dependencies present in POM to collect 
request (even those in scopes to be omitted, like "test" scoped ones), and will 
perform "collect" using Resolver. When Resolver returns the graph, it will 
contain nodes (as 1st level was populated by Maven) that MAY be contained in 
deeper nodes of non-test scoped ones (the guice+guava example). Next, "conflict 
resolution" happens, and naturally all the "test" scoped 1st level dependencies 
will "win", rendering removal of others. Finally, due "runtime" requested 
resolution scope, the "test" scoped dependencies are (rightfully) filtered out. 
{*}This obviously leads to incomplete runtime build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to 
CollectRequest that should not be there in the first place (in example above, 
the "test" scoped ones), that will cause that Resolver "collect" step build a 
graph that has "unwanted" scoped nodes closer to root than actually needed 
runtime dependencies (remember: test nodes will be not affected by filter, as 
they are already present, added by Maven, and test node children are collected 
also as "runtime", just to have "test" scope inherited later in the process, 
hence all the children of "test" node will end up in "test" scope, despite 
"exclude test" is present!), this will cause that in dependency conflict 
resolution step, they will kick out all the rightful runtime dependencies, and 
finally, all these winners are removed due scope filter.

Implication of this bug is following important fact: the project "runtime" 
resolution scope (as when asked by Mojo) and project "runtime" resolution scope 
(as when used as a dependency on some downstream project) {*}were not the 
same{*}!

Effects of this bug are explained in "Important Consequences" section of this 
page 
[https://maven.apache.org/resolver-archives/resolver-2.0.0-alpha-7/common-misconceptions.html#important-consequences]
 (that is wrongly written: all that is a consequence of this bug). Also, have 
to note, that when this bug get addressed, it will NOT render "workarounds" 
broken (ie. introduction of another module just to package "runtime" classpath 
using m-assembly-p or alike plugins), just "obsolete", as packaging of runtime 
dependencies will become possible in-situ (in the same module of the project).

Exercises:
 * check out reproducer and install it into local repository, then execute 
these commands:
 ** {{mvn dependency:tree}} => OK, it shows "dependencies included from all 
scopes" (this is equiv to "test" build scope)
 ** {{mvn dependency:tree -Dscope=runtime}} => NOT OK, it will show effect of 
this bug (guava missing)
 ** install the reproducer project into local repository, and create another 
project (or use {{downstream/pom.xml}} from reproducer) that uses reproducer 
project as dependency (only one, no depMgt and so on), ask for {{mvn 
dependency:tree}} => OK (and look! Guava IS there)

  was:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds 
all the POM dependencies to Collect request (which i

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Description: 
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds 
all the POM dependencies to Collect request (which is graph root). But this is 
wrong, as this should happen with considering requested (to be included or to 
be excluded) scopes. Next what happens, that when collect request is processed 
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly 
added all of them from POM). Just as detail: if Resolver would be asked to 
create root, it would NOT add these in the first place. Due these present, 
conflict resolver may possibly eliminate other nodes (as POM ones "always 
wins", are the closest to graph root. Finally, these winners may be eliminated 
in subsequent step, for example due scope filtering. This results in incomplete 
resolution scope.

Example: let's consider example where Mojo asks for "runtime" resolution scope. 
To serve this, Maven will add ALL dependencies present in POM to collect 
request (even those in scopes to be omitted, like "test" scoped ones), and will 
perform "collect" using Resolver. When Resolver returns the graph, it will 
contain nodes (as 1st level was populated by Maven) that MAY be contained in 
deeper nodes of non-test scoped ones (the guice+guava example). Next, "conflict 
resolution" happens, and naturally all the "test" scoped 1st level dependencies 
will "win", rendering removal of others. Finally, due "runtime" requested 
resolution scope, the "test" scoped dependencies are (rightfully) filtered out. 
{*}This obviously leads to incomplete runtime build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to 
CollectRequest that should not be there in the first place (in example above, 
the "test" scoped ones), that will cause that Resolver "collect" step build a 
graph that has "unwanted" scoped nodes closer to root than actually needed 
runtime dependencies (remember: test nodes will be not affected by filter, as 
they are already present, added by Maven, and test node children are collected 
also as "runtime", just to have "test" scope inherited later in the process, 
hence all the children of "test" node will end up in "test" scope, despite 
"exclude test" is present!), this will cause that in dependency conflict 
resolution step, they will kick out all the rightful runtime dependencies, and 
finally, all these winners are removed due scope filter.

Implication of this bug is following important fact: the project "runtime" 
resolution scope (as when asked by Mojo) and project "runtime" resolution scope 
(as when used as a dependency on some downstream project) {*}were not the 
same{*}!

Effects of this bug are explained in "Important Consequences" section of this 
page 
[https://maven.apache.org/resolver-archives/resolver-2.0.0-alpha-7/common-misconceptions.html#important-consequences]
 (that is wrongly written: all that is a consequence of this bug). Also, have 
to note, that when this bug get addressed, it will NOT render "workarounds" 
broken (ie. introduction of another module just to package "runtime" classpath 
using m-assembly-p or alike plugins), just "obsolete", as packaging of runtime 
dependencies will become possible in-situ (in the same module of the project).

Excercies:
 * check out reproducer and install it into local repository, then execute 
these commands:
 ** {{mvn dependency:tree}} => OK, it shows "dependencies included from all 
scopes" (this is equiv to "test" build scope)
 ** {{mvn dependency:tree -Dscope=runtime}} => NOT OK, it will show effect of 
this bug (guava missing)
 ** install the reproducer project into local repository, and create another 
project (or use {{downstream/pom.xml}} from reproducer) that uses reproducer 
project as dependency (only one, no depMgt and so on), ask for {{mvn 
dependency:tree}} => OK (and look! Guava IS there)

  was:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds 
all the POM dependencies to Collect request (which i

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Description: 
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds 
all the POM dependencies to Collect request (which is graph root). But this is 
wrong, as this should happen with considering requested (to be included or to 
be excluded) scopes. Next what happens, that when collect request is processed 
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly 
added all of them from POM). Just as detail: if Resolver would be asked to 
create root, it would NOT add these in the first place. Due these present, 
conflict resolver may possibly eliminate other nodes (as POM ones "always 
wins", are the closest to graph root. Finally, these winners may be eliminated 
in subsequent step, for example due scope filtering. This results in incomplete 
resolution scope.

Example: let's consider example where Mojo asks for "runtime" resolution scope. 
To serve this, Maven will add ALL dependencies present in POM to collect 
request (even those in scopes to be omitted, like "test" scoped ones), and will 
perform "collect" using Resolver. When Resolver returns the graph, it will 
contain nodes (as 1st level was populated by Maven) that MAY be contained in 
deeper nodes of non-test scoped ones (the guice+guava example). Next, "conflict 
resolution" happens, and naturally all the "test" scoped 1st level dependencies 
will "win", rendering removal of others. Finally, due "runtime" requested 
resolution scope, the "test" scoped dependencies are (rightfully) filtered out. 
{*}This obviously leads to incomplete runtime build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to 
CollectRequest that should not be there in the first place (in example above, 
the "test" scoped ones), that will cause that Resolver "collect" step build a 
graph that has "unwanted" scoped nodes closer to root than actually needed 
runtime dependencies (remember: test nodes will be not affected by filter, as 
they are already present, added by Maven, and test node children are collected 
also as "runtime", just to have "test" scope inherited later in the process, 
hence all the children of "test" node will end up in "test" scope, despite 
"exclude test" is present!), this will cause that in dependency conflict 
resolution step, they will kick out all the rightful runtime dependencies, and 
finally, all these winners are removed due scope filter.

Implication of this bug is following important fact: the project "runtime" 
resolution scope (as when asked by Mojo) and project "runtime" resolution scope 
(as when used as a dependency on some downstream project) {*}were not the 
same{*}!

Effects of this bug are explained in "Important Consequences" section of this 
page 
[https://maven.apache.org/resolver-archives/resolver-2.0.0-alpha-7/common-misconceptions.html#important-consequences]
 (that is wrongly written: all that is a consequence of this bug). Also, have 
to note, that when this bug get addressed, it will NOT render "workarounds" 
broken (ie. introduction of another module just to package "runtime" classpath 
using m-assembly-p or alike plugins), just "obsolete", as packaging of runtime 
dependencies will become possible in-situ (in the same module of the project).

Excercies:
 * check out reproducer and install it into local repository, then execute 
these commands:
 ** {{mvn dependency:tree}} => OK, it shows "dependencies included from all 
scopes" (this is equiv to "test" build scope)
 ** {{mvn dependency:tree -Dscope=runtime}} => NOT OK, it will show effect of 
this bug (guava missing)
 ** install the reproducer project, and create another project that uses 
reproducer project as dependency (only one, no depMgt and so on), ask for {{mvn 
dependency:tree}} => OK (and look! Guava IS there)

  was:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds 
all the POM dependencies to Collect request (which is graph root). But this is 
wrong, as this should happen with consideri

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM). Just as detail: if Resolver would be asked to
create root, it would NOT add these in the first place. Due these present,
conflict resolver may possibly eliminate other nodes (as POM ones "always
wins", are the closest to graph root. Finally, these winners may be eliminated
in subsequent step, for example due scope filtering. This results in incomplete
resolution scope.

Example: let's consider example where Mojo asks for "runtime" resolution scope.
To serve this, Maven will add ALL dependencies present in POM to collect
request (even those in scopes to be omitted, like "test" scoped ones), and will
perform "collect" using Resolver. When Resolver returns the graph, it will
contain nodes (as 1st level was populated by Maven) that MAY be contained in
deeper nodes of non-test scoped ones (the guice+guava example). Next, "conflict
resolution" happens, and naturally all the "test" scoped 1st level dependencies
will "win", rendering removal of others. Finally, due "runtime" requested
resolution scope, the "test" scoped dependencies are (rightfully) filtered out.
{*}This obviously leads to incomplete runtime build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (in example above,
the "test" scoped ones), that will cause that Resolver "collect" step build a
graph that has "unwanted" scoped nodes closer to root than actually needed
runtime dependencies (remember: test nodes will be not affected by filter, as
they are already present, added by Maven, and test node children are collected
also as "runtime", just to have "test" scope inherited later in the process,
hence all the children of "test" node will end up in "test" scope, despite
"exclude test" is present!), this will cause that in dependency conflict
resolution step, they will kick out all the rightful runtime dependencies, and
finally, all these winners are removed due scope filter.

Implication of this bug is following important fact: the project "runtime"
resolution scope (as when asked by Mojo) and project "runtime" resolution scope
(as when used as a dependency on some downstream project) {*}were not the
same{*}!

Effects of this bug are explained in "Important Consequences" section of this
page
[https://maven.apache.org/resolver-archives/resolver-2.0.0-alpha-7/common-misconceptions.html#important-consequences]
(that is wrongly written: all that is a consequence of this bug). Also, have
to note, that when this bug get addressed, it will NOT render "workarounds"
broken (ie. introduction of another module just to package "runtime" classpath
using m-assembly-p or alike plugins), just "obsolete", as packaging of runtime
dependencies will become possible in-situ (in the same module of the project).

was:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filter

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Fix Version/s: 3.9.7
   4.0.0
   4.0.0-alpha-13

> Maven Core bug regarding resolution scopes for Mojos
> 
>
> Key: MNG-8041
> URL: https://issues.apache.org/jira/browse/MNG-8041
> Project: Maven
>  Issue Type: Bug
>  Components: Artifacts and Repositories
>Reporter: Tamas Cservenak
>Priority: Major
> Fix For: 3.9.7, 4.0.0, 4.0.0-alpha-13
>
>
> This bug affects all released Maven versions.
> Reproducer: [https://github.com/cstamas/MNG-8041]
> Description of the bug: when a Mojo requires Core to collect/resolve given 
> ResolutionScope, Maven Core does it wrong. Problem is how 
> LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
> plus, how Resolver works. LDR constructs the Resolver filters properly, then 
> it calls into DPDR, that performs collection. To achieve that, DPDR *blindly* 
> adds all the POM dependencies to Collect request (which is graph root). But 
> this is wrong, as this should happen with considering requested (to be 
> included or to be excluded) scopes. Next what happens, that when collect 
> request is processed by Resolver, it will contain nodes from unwanted scopes 
> (as Maven Core blindly added all of them from POM. Also, if Resolver would be 
> asked to create root, it would NOT add these in the first place), and due 
> that, conflict resolver may possibly eliminate other nodes (as POM ones 
> "always wins", are closest to graph root), and also, even the winners will be 
> eliminate in subsequent step, for example due scope filtering. This results 
> in incomplete resolution scope.
> Consequence: let's consider example where Mojo asks for "runtime" resolution 
> scope. To serve this, Maven will add ALL dependencies present in POM to 
> collect request (even those in scopes to be omitted, like "test" scoped 
> ones), and will perform "collect" with Resolver. When Resolver returns, the 
> graph will contain nodes (as 1st level, as they are POM direct 
> dependendencies) that MAY be contained in deeper nodes of non-test scoped 
> ones (the guice+guava example). Next, "conflict resolution" happens, and 
> naturally all the "test" scoped 1st level dependencies "win", rendering 
> removal of others. Finally, due "runtime" requested resolution scope, the 
> "test" scoped dependencies are (rightfully) filtered out. {*}This obviously 
> leads to incomplete runtime build path{*}.
> Or in other words, Maven is wrong here: it adds 1st level dependencies to 
> CollectRequest that should not be there in the first place (in example above, 
> the "test" scoped ones), that will cause that Resolver "collect" step build a 
> graph that has "unwanted" scoped nodes closer to root than actually needed 
> runtime dependencies (remember: test nodes will be not affected by filter, as 
> they are already present, added by Maven, and test node children are 
> collected also as "runtime", just to have "test" scope inherited later in the 
> process, hence all the children of "test" node will end up in "test" scope, 
> despite "exclude test" is present!), this will cause that in dependency 
> conflict resolution step, they will kick out all the rightful runtime 
> dependencies, and finally, all these winners are removed due scope filter.
> Implication of this bug is following important fact: the project "runtime" 
> resolution scope (as when asked by Mojo) and project "runtime" resolution 
> scope (as when used as a dependency on some downstream project) {*}were not 
> the same{*}!
> Effects of this bug are explained in "Important Consequences" section of this 
> page 
> [https://maven.apache.org/resolver-archives/resolver-2.0.0-alpha-7/common-misconceptions.html#important-consequences]
>  (that is wrongly written: all that is a consequence of this bug). Also, have 
> to note, that when this bug get addressed, it will NOT render "workarounds" 
> broken (ie. introduction of another module just to package "runtime" 
> classpath using m-assembly-p or alike plugins), just "obsolete", as packaging 
> of runtime dependencies will become possible in-situ (in the same module of 
> the project).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider example where Mojo asks for "runtime" resolution
scope. To serve this, Maven will add ALL dependencies present in POM to collect
request (even those in scopes to be omitted, like "test" scoped ones), and will
perform "collect" with Resolver. When Resolver returns, the graph will contain
nodes (as 1st level, as they are POM direct dependendencies) that MAY be
contained in deeper nodes of non-test scoped ones (the guice+guava example).
Next, "conflict resolution" happens, and naturally all the "test" scoped 1st
level dependencies "win", rendering removal of others. Finally, due "runtime"
requested resolution scope, the "test" scoped dependencies are (rightfully)
filtered out. {*}This obviously leads to incomplete runtime build path{*}.

was:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

was:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Implication of this bug is following important fact: the project "runtime"
scope (as when asked by Mojo) and project "runtime" scope (when used as a
dependency on some downstream project) {*}were not the same{*}!

was:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Implication of this bug is following important fact: the project "runtime"
resolution scope (as when asked by Mojo) and project "runtime" resolution scope
(when used as a dependency on some downstream project) {*}were not the same{*}!

was:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

was:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Or in other

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Reproducer: [https://github.com/cstamas/MNG-8041]

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (in example above,
the "test" scoped ones), that will cause that Resolver "collect" step build a
graph that has "unwanted" scoped nodes closer to root than actually needed
runtime dependencies (remember: test nodes will be not affected by filter, as
they are already present, added by Maven, and test node children are collected
also as "runtime", just to have "test" scope inherited later in the process,
hence all the children of "test" node will end up in "test" scope, despite
"exclude test" is present!), this will cause that in dependency conflict
resolution kick out all the rightful runtime dependencies, and finally, all
these winners are removed due scope filter.

was:
This bug affects all released Maven versions.

Reproducer: https://github.com/cstamas/MNG-8041

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider example where Mojo asks for "runtime" resolution
scope. To serve this, Maven will add ALL dependencies present in POM to collect
request (even those in scopes to be omitted, like "test" scoped ones), and will
perform "collect" with Resolver. When Resolver returns, the graph will contain
nodes (as 1st level, as they are POM direct dependendencies) that MAY be
contained in deeper nodes of non-test scoped ones (the guice+guava example).
Next, "conflict resolution" happens, and naturally all the "test" scoped 1st
level dependencies "win", rendering removal of others. Finally, due
"compile+runtime" requested resolution scope, the "test" scoped dependencies
are (rightfully) filtered out. {*}This obviously leads to incomplete runtime
build path{*}.

Or in other words, M

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Reproducer: https://github.com/cstamas/MNG-8041

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider example where Mojo asks for "runtime" resolution
scope. To serve this, Maven will add ALL dependencies present in POM to collect
request (even those in scopes to be omitted, like "test" scoped ones), and will
perform "collect" with Resolver. When Resolver returns, the graph will contain
nodes (as 1st level, as they are POM direct dependendencies) that MAY be
contained in deeper nodes of non-test scoped ones (the guice+guava example).
Next, "conflict resolution" happens, and naturally all the "test" scoped 1st
level dependencies "win", rendering removal of others. Finally, due
"compile+runtime" requested resolution scope, the "test" scoped dependencies
are (rightfully) filtered out. {*}This obviously leads to incomplete runtime
build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (in example above,
the "test" scoped ones), that will cause that Resolver "collect" step build a
graph that has "unwanted" scoped nodes closer to root than actually needed
runtime dependencies (remember: test nodes will be not affected by filter, as
they are already present, added by Maven, and test node children are collected
also as "runtime", just to have "test" scope inherited later in the process,
hence all the children of "test" node will end up in "test" scope, despite
"exclude test" is present!), this will cause that in dependency conflict
resolution kick out all the rightful runtime dependencies, and finally, all
these winners are removed due scope filter.

was:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider example where Mojo asks for "runtime" resolution
scope. To serve this, Maven will add ALL dependencies present in POM to collect
request (even those in scopes to be omitted, like "test" scoped ones), and will
perform "collect" with Resolver. When Resolver returns, the graph will contain
nodes (as 1st level, as they are POM direct dependendencies) that MAY be
contained in deeper nodes of non-test scoped ones (the guice+guava example).
Next, "conflict resolution" happens, and naturally all the "test" scoped 1st
level dependencies "win", rendering removal of others. Finally, due
"compile+runtime" requested resolution scope, the "test" scoped dependencies
are (rightfully) filtered out. {*}This obviously leads to incomplete runtime
build path{*}.

Or in other words, Maven is wrong here: it adds 1st level depe

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider example where Mojo asks for "runtime" resolution
scope. To serve this, Maven will add ALL dependencies present in POM to collect
request (even those in scopes to be omitted, like "test" scoped ones), and will
perform "collect" with Resolver. When Resolver returns, the graph will contain
nodes (as 1st level, as they are POM direct dependendencies) that MAY be
contained in deeper nodes of non-test scoped ones (the guice+guava example).
Next, "conflict resolution" happens, and naturally all the "test" scoped 1st
level dependencies "win", rendering removal of others. Finally, due
"compile+runtime" requested resolution scope, the "test" scoped dependencies
are (rightfully) filtered out. {*}This obviously leads to incomplete runtime
build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (in example above,
the "test" scoped ones), that will cause that Resolver "collect" step build a
graph that has "unwanted" scoped nodes closer to root than actually needed
runtime dependencies (remember: test nodes will be not affected by filter, as
they are already present, added by Maven, and test node children are collected
also as "runtime", just to have "test" scope inherited later in the process,
hence all the children of "test" node will end up in "test" scope, despite
"exclude test" is present!), this will cause that in dependency conflict
resolution kick out all the rightful runtime dependencies, and finally, all
these winners are removed due scope filter.

was:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider example where Mojo asks for "compile+runtime"
resolution scope. To serve this, Maven will add ALL dependencies present in POM
to collect request (even those in scopes to be omitted, like "test" scoped
ones), and will perform "collect" with Resolver. When Resolver returns, the
graph will contain nodes (as 1st level, as they are POM direct dependendencies)
that MAY be contained in deeper nodes of non-test scoped ones (the guice+guava
example). Next, "conflict resolution" happens, and naturally all the "test"
scoped 1st level dependencies "win", rendering removal of others. Finally, due
"compile+runtime" requested resolution scope, the "test" scoped dependencies
are (rightfully) filtered out. {*}This obviously leads to incomplete
compile+runtime build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (in example above,
the "test" scoped ones), that will cause that Resolver "collect" step build a
graph that has "unwanted" scoped nodes closer to root than actually needed
runtime dependencies (remember: test nodes will be not affected by filter, as
they are already present, added by Maven, and test node children are collected
also as "runtime", just to have "test" scope inherited later in the process,
hence all the children of "test" node will end up in "test" scope, despite
"exclude test" is present!), this will cause that in dependency conflict
resolution kick out all the rightful runtime dependencies, and finally, all
these winners are removed due scope filter.

was:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectReque

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (in example above,
the "test" scoped ones), that will cause that Resolver "collect" step build a
graph that has "unwanted" scoped nodes closer to root than actually needed
runtime dependencies (remember: test nodes will be not affected by filter, as
they are already present, added by Maven, and test node children are collected
also as "runtime", just to have "test" scope inherited later in the process,
hence all the children of "test" node will end up in "test" scope, despite
"exclude test" is present!), this will cause that in dependency conflict
resolution kick out all the rightful runtime dependencies, and finally, all
these winners are removed due scope filter.

was:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (in example above,
the "test" scoped ones), that will cause that Resolver "collect" step build a
graph that has "unwanted" scoped nodes closer to root than actually needed
runtime dependencies (remember: test nodes will be not affected by filter, as
they are already present, added by Maven, and test node children are collected
also as "runtime", just to have "test" scope inherited later in the process,
hence all the children of "test" node will end up in "test" scope, despite
"exclude test" is present!), this will cause that in dependency conflict
resolution kick out all the rightful runtime dependencies, and finally, all
these winners are removed due scope filter.

was:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider example where Mojo asks for "compile+runtime"
resolution scope. To serve this, Maven will add ALL dependencies present in POM
to collect request (even those in scopes to be omitted, like "test" scoped
ones), and will perform "collect" with Resolver. When Resolver returns, the
graph will contain nodes (and 1st level, as they are POM direct
dependendencies) that MAY be contained in deeper nodes of non-test scoped ones
(the guice+guava example). Next, "conflict resolution" happens, and naturally
all the "test" scoped 1st level dependencies "win", rendering removal of
others. Finally, due "compile+runtime" requested resolution scope, the "test"
scoped dependencies are (rightfully) filtered out. {*}This obvious leads to
incomplete build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request is processed
by Resolver, it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM. Also, if Resolver would be asked to create root, it
would NOT add these in the first place), and due that, conflict resolver may
possibly eliminate other nodes (as POM ones "always wins", are closest to graph
root), and also, even the winners will be eliminate in subsequent step, for
example due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider example where Mojo asks for "compile+runtime"
resolution scope. To serve this, Maven will add ALL dependencies present in POM
to collect request (even those in scopes to be omitted, like "test" scoped
ones), and will perform "collect" with Resolver. When Resolver returns, the
graph will contain nodes (and 1st level, as they are POM direct
dependendencies) that MAY be contained in deeper nodes of non-test scoped ones
(the guice+guava example). Next, "conflict resolution" happens, and naturally
all the "test" scoped 1st level dependencies "win", rendering removal of
others. Finally, due "compile+runtime" requested resolution scope, the "test"
scoped dependencies are (rightfully) filtered out. {*}This obvious leads to
incomplete build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (in example above,
the "test" scoped ones), that will cause that Resolver "collect" step build a
graph that has "unwanted" scoped nodes closer to root than actually needed
runtime dependencies (remember: test nodes will be not affected by filter, as
they are already present, added by Maven, and test node children are collected
also as "runtime", just to have "test" scope inherited later in the process,
hence all the children of "test" node will end up in "test" scope, despite
"exclude test" is present!), this will cause that in dependency conflict
resolution kick out all the rightful runtime dependencies, and finally, all
these winners are removed due scope filter.

was:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request processed by
Resolver it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM, if Resolver would be asked to create root, it would
NOT add these in the first place), and due that, conflict resolver may possibly
eliminate other nodes (as POM ones "always wins", are closest to graph root),
and also, even the winners will be eliminate in subsequent step, for example
due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider example where Mojo asks for "compile+runtime"
resolution scope. To serve this, Maven will add ALL dependencies present in POM
to collect request (even those in scopes to be omitted, like "test" scoped
ones), and will perform "collect" with Resolver. When Resolver returns, the
graph will contain nodes (and 1st level, as they are POM direct
dependendencies) that MAY be contained in deeper nodes of non-test scoped ones
(the guice+guava example). Next, "conflict resolution" happens, and naturally
all the "test" scoped 1st level dependencies "win", rendering removal of
others. Finally, due "compile+runtime" requested resolution scope, the "test"
scoped dependencies are (rightfully) filtered out. {*}This obvious leads to
incomplete build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the f

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, DPDR *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request processed by
Resolver it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM, if Resolver would be asked to create root, it would
NOT add these in the first place), and due that, conflict resolver may possibly
eliminate other nodes (as POM ones "always wins", are closest to graph root),
and also, even the winners will be eliminate in subsequent step, for example
due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider example where Mojo asks for "compile+runtime"
resolution scope. To serve this, Maven will add ALL dependencies present in POM
to collect request (even those in scopes to be omitted, like "test" scoped
ones), and will perform "collect" with Resolver. When Resolver returns, the
graph will contain nodes (and 1st level, as they are POM direct
dependendencies) that MAY be contained in deeper nodes of non-test scoped ones
(the guice+guava example). Next, "conflict resolution" happens, and naturally
all the "test" scoped 1st level dependencies "win", rendering removal of
others. Finally, due "compile+runtime" requested resolution scope, the "test"
scoped dependencies are (rightfully) filtered out. {*}This obvious leads to
incomplete build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (in example above,
the "test" scoped ones), that will cause that Resolver "collect" step build a
graph that has "unwanted" scoped nodes closer to root than actually needed
runtime dependencies (remember: test nodes will be not affected by filter, as
they are already present, added by Maven, and test node children are collected
also as "runtime", just to have "test" scope inherited later in the process,
hence all the children of "test" node will end up in "test" scope, despite
"exclude test" is present!), this will cause that in dependency conflict
resolution kick out all the rightful runtime dependencies, and finally, all
these winners are removed due scope filter.

was:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, it *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request processed by
Resolver it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM, if Resolver would be asked to create root, it would
NOT add these in the first place), and due that, conflict resolver may possibly
eliminate other nodes (as POM ones "always wins", are closest to graph root),
and also, even the winners will be eliminate in subsequent step, for example
due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider example where Mojo asks for "compile+runtime"
resolution scope. To serve this, Maven will add ALL dependencies present in POM
to collect request (even those in scopes to be omitted, like "test" scoped
ones), and will perform "collect" with Resolver. When Resolver returns, the
graph will contain nodes (and 1st level, as they are POM direct
dependendencies) that MAY be contained in deeper nodes of non-test scoped ones
(the guice+guava example). Next, "conflict resolution" happens, and naturally
all the "test" scoped 1st level dependencies "win", rendering removal of
others. Finally, due "compile+runtime" requested resolution scope, the "test"
scoped dependencies are (rightfully) filtered out. {*}This obvious leads to
incomplete build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolve given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, it *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request processed by
Resolver it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM, if Resolver would be asked to create root, it would
NOT add these in the first place), and due that, conflict resolver may possibly
eliminate other nodes (as POM ones "always wins", are closest to graph root),
and also, even the winners will be eliminate in subsequent step, for example
due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider example where Mojo asks for "compile+runtime"
resolution scope. To serve this, Maven will add ALL dependencies present in POM
to collect request (even those in scopes to be omitted, like "test" scoped
ones), and will perform "collect" with Resolver. When Resolver returns, the
graph will contain nodes (and 1st level, as they are POM direct
dependendencies) that MAY be contained in deeper nodes of non-test scoped ones
(the guice+guava example). Next, "conflict resolution" happens, and naturally
all the "test" scoped 1st level dependencies "win", rendering removal of
others. Finally, due "compile+runtime" requested resolution scope, the "test"
scoped dependencies are (rightfully) filtered out. {*}This obvious leads to
incomplete build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (in example above,
the "test" scoped ones), that will cause that Resolver "collect" step build a
graph that has "unwanted" scoped nodes closer to root than actually needed
runtime dependencies (remember: test nodes will be not affected by filter, as
they are already present, added by Maven, and test node children are collected
also as "runtime", just to have "test" scope inherited later in the process,
hence all the children of "test" node will end up in "test" scope, despite
"exclude test" is present!), this will cause that in dependency conflict
resolution kick out all the rightful runtime dependencies, and finally, all
these winners are removed due scope filter.

was:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolver given
ResolutionScope, Maven Core does it wrong. Problem is how
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate
plus, how Resolver works. LDR constructs the Resolver filters properly, then it
calls into DPDR, that performs collection. To achieve that, it *blindly* adds
all the POM dependencies to Collect request (which is graph root). But this is
wrong, as this should happen with considering requested (to be included or to
be excluded) scopes. Next what happens, that when collect request processed by
Resolver it will contain nodes from unwanted scopes (as Maven Core blindly
added all of them from POM, if Resolver would be asked to create root, it would
NOT add these in the first place), and due that, conflict resolver may possibly
eliminate other nodes (as POM ones "always wins", are closest to graph root),
and also, even the winners will be eliminate in subsequent step, for example
due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider example where Mojo asks for "compile+runtime"
resolution scope. To serve this, Maven will add ALL dependencies present in POM
to collect request (even those in scopes to be omitted, like "test" scoped
ones), and will perform "collect" with Resolver. When Resolver returns, the
graph will contain nodes (and 1st level, as they are POM direct
dependendencies) that MAY be contained in deeper nodes of non-test scoped ones
(the guice+guava example). Next, "conflict resolution" happens, and naturally
all the "test" scoped 1st level dependencies "win", rendering removal of
others. Finally, due "compile+runtime" requested resolution scope, the "test"
scoped dependencies are (rightfully) filtered out. {*}This obvious leads to
incomplete build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (i

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Consequence: let's consider example where Mojo asks for "compile+runtime"
resolution scope. To serve this, Maven will add ALL dependencies present in POM
to collect request (even those in scopes to be omitted, like "test" scoped
ones), and will perform "collect" with Resolver. When Resolver returns, the
graph will contain nodes (and 1st level, as they are POM direct
dependendencies) that MAY be contained in deeper nodes of non-test scoped ones
(the guice+guava example). Next, "conflict resolution" happens, and naturally
all the "test" scoped 1st level dependencies "win", rendering removal of
others. Finally, due "compile+runtime" requested resolution scope, the "test"
scoped dependencies are (rightfully) filtered out. {*}This obvious leads to
incomplete build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (in example above,
the "test" scoped ones), that will cause that Resolver "collect" step build a
graph that has "unwanted" scoped nodes closer to root than actually needed
runtime dependencies (remember: test nodes will be not affected by filter, as
they are already present, added by Maven, and test node children are collected
also as "runtime", just to have "test" scope inherited later in the process,
hence all the children of "test" node will end up in "test" scope, despite
"exclude test" is present!), this will cause that in dependency conflict
resolution kick out all the rightful runtime dependencies, and finally, all
these winners are removed due scope filter.

was:
This bug affects all released Maven versions.

Consequence: let's consider example where Mojo asks for "compile+runtime"
resolution scope. To serve this, Maven will add ALL dependencies present in POM
to collect request (even those in scopes to be omitted, like "test" scoped
ones), and will perform "collect" with Resolver. When Resolver returns, the
graph will contain nodes (and 1st level, as they are POM direct
dependendencies) that MAY be contained in deeper nodes of non-test scoped ones
(the guice+guava example). Next, "conflict resolution" happens, and naturally
all the "test" scoped 1st level dependencies "win", rendering removal of
others. Finally, due "compile+runtime" requested resolution scope, the "test"
scoped dependencies are (rightfully) filtered out. {*}This obvious leads to
incomplete build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)

[
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamas Cservenak updated MNG-8041:
-
Description:
This bug affects all released Maven versions.

Consequence: let's consider example where Mojo asks for "compile+runtime"
resolution scope. To serve this, Maven will add ALL dependencies present in POM
to collect request (even those in scopes to be omitted, like "test" scoped
ones), and will perform "collect" with Resolver. When Resolver returns, the
graph will contain nodes (and 1st level, as they are POM direct
dependendencies) that MAY be contained in deeper nodes of non-test scoped ones
(the guice+guava example). Next, "conflict resolution" happens, and naturally
all the "test" scoped 1st level dependencies "win", rendering removal of
others. Finally, due "compile+runtime" requested resolution scope, the "test"
scoped dependencies are (rightfully) filtered out. {*}This obvious leads to
incomplete build path{*}.

Or in other words, Maven is wrong here: it adds 1st level dependencies to
CollectRequest that should not be there in the first place (in example above,
the "test" scoped ones), that will cause that Resolver "collect" step build a
graph that has "unwanted" scoped nodes closer to root than actually needed
runtime dependencies (remember: test nodes will be not affected by filter, as
they are already present, and test node children are collected also as
"runtime", just to have "test" scope inherited later in the process, hence all
the children of "test" node will end up in "test" scope, despite "exclude test"
is present!), this will cause that in dependency conflict resolution kick out
all the rightful runtime dependencies, and finally, all these winners are
removed due scope filter.

was:
This bug affects all released Maven versions.

Consequence: let's consider example where Mojo asks for "compile+runtime"
resolution scope. To serve this, Maven will add ALL dependencies present in POM
to collect request (even those in scopes to be omitted, like "test" scoped
ones), and will perform "collect" with Resolver. When Resolver returns, the
graph will contain nodes (and 1st level, as they are POM direct
dependendencies) that MAY be contained in deeper nodes of non-test scoped ones
(the guice+guava example). Next, "conflict resolution" happens, and naturally
all the "test" scoped 1st level dependencies "win", rendering removal of
others. Finally, due "compile+runtime" requested resolution scope, the "test"
scoped dependencies are (rightfully) filtered out. {*}This obvious leads to
incomplete build path{*}.

> Maven Core bug regarding resolution scopes for Mojos
>
>
> Key: MNG-8041
>

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Description: 
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolver given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, it *blindly* adds 
all the POM dependencies to Collect request (which is graph root). But this is 
wrong, as this should happen with considering requested (to be included or to 
be excluded) scopes. Next what happens, that when collect request processed by 
Resolver it will contain nodes from unwanted scopes (as Maven Core blindly 
added all of them from POM, if Resolver would be asked to create root, it would 
NOT add these in the first place), and due that, conflict resolver may possibly 
eliminate other nodes (as POM ones "always wins", are closest to graph root), 
and also, even the winners will be eliminate in subsequent step, for example 
due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider example where Mojo asks for "compile+runtime" 
resolution scope. To serve this, Maven will add ALL dependencies present in POM 
to collect request (even those in scopes to be omitted, like "test" scoped 
ones), and will perform "collect" with Resolver. When Resolver returns, the 
graph will contain nodes (and 1st level, as they are POM direct 
dependendencies) that MAY be contained in deeper nodes of non-test scoped ones 
(the guice+guava example). Next, "conflict resolution" happens, and naturally 
all the "test" scoped 1st level dependencies "win", rendering removal of 
others. Finally, due "compile+runtime" requested resolution scope, the "test" 
scoped dependencies are (rightfully) filtered out. {*}This obvious leads to 
incomplete build path{*}.

  was:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolver given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, it *blindly* adds 
all the POM dependencies to Collect request (which is graph root). But this is 
wrong, as this should happen with considering requested (to be included or to 
be excluded) scopes. Next what happens, that when collect request processed by 
Resolver it will contain nodes from unwanted scopes (as Maven Core blindly 
added all of them from POM, if Resolver would be asked to create root, it would 
NOT add these in the first place), and due that, conflict resolver may possibly 
eliminate other nodes (as POM ones "always wins", are closest to graph root), 
and also, even the winners will be eliminate in subsequent step, for example 
due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider Mojo asks for "compile+runtime" resolution scope. 
To serve this, Maven will add ALL dependencies present in POM to collect 
request (even those in scopes to be omitted, like "test" scoped ones), and will 
perform "collect" with Resolver. When Resolver returns, the graph will contain 
nodes (and 1st level, as they are POM direct dependendencies) that MAY be 
contained in deeper nodes of non-test scoped ones (the guice+guava example). 
Next, "conflict resolution" happens, and naturally all the "test" scoped 1st 
level dependencies "win", rendering removal of others. Finally, due 
"compile+runtime" requested resolution scope, the "test" scoped dependencies 
are (rightfully) filtered out. {*}This obvious leads to incomplete build 
path{*}.


> Maven Core bug regarding resolution scopes for Mojos
> 
>
> Key: MNG-8041
> URL: https://issues.apache.org/jira/browse/MNG-8041
> Project: Maven
>  Issue Type: Bug
>  Components: Artifacts and Repositories
>Reporter: Tamas Cservenak
>Priority: Major
>
> This bug affects all released Maven versions.
> Description of the bug: when a Mojo requires Core to collect/resolver given 
> ResolutionScope, Maven Core does it wrong. Problem is how 
> LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
> plus, how Resolver works. LDR constructs the Resolver filters properly, then 
> it calls into DPDR, that performs collection. To achieve that, it *blindly* 
> adds all the POM dependencies to Collect request (which is graph root). But 
> this is wrong, as this should happen with considering requested (to

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Description: 
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolver given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, it *blindly* adds 
all the POM dependencies to Collect request (which is graph root). But this is 
wrong, as this should happen with considering requested (to be included or to 
be excluded) scopes. Next what happens, that when collect request processed by 
Resolver it will contain nodes from unwanted scopes (as Maven Core blindly 
added all of them from POM, if Resolver would be asked to create root, it would 
NOT add these in the first place), and due that, conflict resolver may possibly 
eliminate other nodes (as POM ones "always wins", are closest to graph root), 
and also, even the winners will be eliminate in subsequent step, for example 
due scope filtering. This results in incomplete resolution scope.

Consequence: let's consider Mojo asks for "compile+runtime" resolution scope. 
To serve this, Maven will add ALL dependencies present in POM to collect 
request (even those in scopes to be omitted, like "test" scoped ones), and will 
perform "collect" with Resolver. When Resolver returns, the graph will contain 
nodes (and 1st level, as they are POM direct dependendencies) that MAY be 
contained in deeper nodes of non-test scoped ones (the guice+guava example). 
Next, "conflict resolution" happens, and naturally all the "test" scoped 1st 
level dependencies "win", rendering removal of others. Finally, due 
"compile+runtime" requested resolution scope, the "test" scoped dependencies 
are (rightfully) filtered out. {*}This obvious leads to incomplete build 
path{*}.

  was:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolver given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, it *blindly* adds 
all the POM dependencies to Collect request (which is graph root). But this is 
wrong, as this should happen with considering requested (to be included or to 
be excluded) scopes. Next what happens, that when collect request processed by 
Resolver it will contain nodes from unwanted scopes (as Maven Core blindly 
added all of them from POM, if Resolver would be asked to create root, it would 
NOT add these in the first place), and due that, conflict resolver may possibly 
eliminate other nodes (as POM ones "always wins", are closest to graph root), 
and also, even the winners will be eliminate in subsequent step, for example 
due scope filtering. This results in incomplete resolution scope.


> Maven Core bug regarding resolution scopes for Mojos
> 
>
> Key: MNG-8041
> URL: https://issues.apache.org/jira/browse/MNG-8041
> Project: Maven
>  Issue Type: Bug
>  Components: Artifacts and Repositories
>Reporter: Tamas Cservenak
>Priority: Major
>
> This bug affects all released Maven versions.
> Description of the bug: when a Mojo requires Core to collect/resolver given 
> ResolutionScope, Maven Core does it wrong. Problem is how 
> LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
> plus, how Resolver works. LDR constructs the Resolver filters properly, then 
> it calls into DPDR, that performs collection. To achieve that, it *blindly* 
> adds all the POM dependencies to Collect request (which is graph root). But 
> this is wrong, as this should happen with considering requested (to be 
> included or to be excluded) scopes. Next what happens, that when collect 
> request processed by Resolver it will contain nodes from unwanted scopes (as 
> Maven Core blindly added all of them from POM, if Resolver would be asked to 
> create root, it would NOT add these in the first place), and due that, 
> conflict resolver may possibly eliminate other nodes (as POM ones "always 
> wins", are closest to graph root), and also, even the winners will be 
> eliminate in subsequent step, for example due scope filtering. This results 
> in incomplete resolution scope.
> Consequence: let's consider Mojo asks for "compile+runtime" resolution scope. 
> To serve this, Maven will add ALL dependencies present in POM to collect 
> request (even those in scopes to be omitted, like "te

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Description: 
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolver given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, it *blindly* adds 
all the POM dependencies to Collect request (which is graph root). But this is 
wrong, as this should happen with considering requested (to be included or to 
be excluded) scopes. Next what happens, that when collect request processed by 
Resolver it will contain nodes from unwanted scopes (as Maven Core blindly 
added all of them from POM, if Resolver would be asked to create root, it would 
NOT add these in the first place), and due that, conflict resolver may possibly 
eliminate other nodes (as POM ones "always wins", are closest to graph root), 
and also, even the winners will be eliminate in subsequent step, for example 
due scope filtering. This results in incomplete resolution scope.

  was:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolver given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, it **blindly** adds 
all the dependencies to Collect request (graph root). But this is wrong, as 
this should happen with considering requested (to be included or to be 
excluded) scopes. Next what happens, that when collect request processed by 
Resolver it will contain nodes from unwanted scopes (as Maven Core blindly 
added all of them from POM), and due that, conflict resolver may possibly 
eliminate other nodes (as POM ones "always wins", are closest to graph root), 
and also, even the winners will be eliminate in subsequent step, for example 
due scope filtering. This results in incomplete resolution scope.


> Maven Core bug regarding resolution scopes for Mojos
> 
>
> Key: MNG-8041
> URL: https://issues.apache.org/jira/browse/MNG-8041
> Project: Maven
>  Issue Type: Bug
>  Components: Artifacts and Repositories
>Reporter: Tamas Cservenak
>Priority: Major
>
> This bug affects all released Maven versions.
> Description of the bug: when a Mojo requires Core to collect/resolver given 
> ResolutionScope, Maven Core does it wrong. Problem is how 
> LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
> plus, how Resolver works. LDR constructs the Resolver filters properly, then 
> it calls into DPDR, that performs collection. To achieve that, it *blindly* 
> adds all the POM dependencies to Collect request (which is graph root). But 
> this is wrong, as this should happen with considering requested (to be 
> included or to be excluded) scopes. Next what happens, that when collect 
> request processed by Resolver it will contain nodes from unwanted scopes (as 
> Maven Core blindly added all of them from POM, if Resolver would be asked to 
> create root, it would NOT add these in the first place), and due that, 
> conflict resolver may possibly eliminate other nodes (as POM ones "always 
> wins", are closest to graph root), and also, even the winners will be 
> eliminate in subsequent step, for example due scope filtering. This results 
> in incomplete resolution scope.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Description: 
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolver given 
ResolutionScope, Maven Core does it wrong. Problem is how 
LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
plus, how Resolver works. LDR constructs the Resolver filters properly, then it 
calls into DPDR, that performs collection. To achieve that, it **blindly** adds 
all the dependencies to Collect request (graph root). But this is wrong, as 
this should happen with considering requested (to be included or to be 
excluded) scopes. Next what happens, that when collect request processed by 
Resolver it will contain nodes from unwanted scopes (as Maven Core blindly 
added all of them from POM), and due that, conflict resolver may possibly 
eliminate other nodes (as POM ones "always wins", are closest to graph root), 
and also, even the winners will be eliminate in subsequent step, for example 
due scope filtering. This results in incomplete resolution scope.

  was:
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolver given 
ResolutionScope, Maven Core does it wrong.


> Maven Core bug regarding resolution scopes for Mojos
> 
>
> Key: MNG-8041
> URL: https://issues.apache.org/jira/browse/MNG-8041
> Project: Maven
>  Issue Type: Bug
>  Components: Artifacts and Repositories
>Reporter: Tamas Cservenak
>Priority: Major
>
> This bug affects all released Maven versions.
> Description of the bug: when a Mojo requires Core to collect/resolver given 
> ResolutionScope, Maven Core does it wrong. Problem is how 
> LifecycleDependencyResolver and DefaultProjectDependenciesResolver colaborate 
> plus, how Resolver works. LDR constructs the Resolver filters properly, then 
> it calls into DPDR, that performs collection. To achieve that, it **blindly** 
> adds all the dependencies to Collect request (graph root). But this is wrong, 
> as this should happen with considering requested (to be included or to be 
> excluded) scopes. Next what happens, that when collect request processed by 
> Resolver it will contain nodes from unwanted scopes (as Maven Core blindly 
> added all of them from POM), and due that, conflict resolver may possibly 
> eliminate other nodes (as POM ones "always wins", are closest to graph root), 
> and also, even the winners will be eliminate in subsequent step, for example 
> due scope filtering. This results in incomplete resolution scope.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

2024-02-05 Thread Tamas Cservenak (Jira)



 [ 
https://issues.apache.org/jira/browse/MNG-8041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak updated MNG-8041:
-
Description: 
This bug affects all released Maven versions.

Description of the bug: when a Mojo requires Core to collect/resolver given 
ResolutionScope, Maven Core does it wrong.

  was:This bug, if am right, affects all released Maven versions.


> Maven Core bug regarding resolution scopes for Mojos
> 
>
> Key: MNG-8041
> URL: https://issues.apache.org/jira/browse/MNG-8041
> Project: Maven
>  Issue Type: Bug
>  Components: Artifacts and Repositories
>Reporter: Tamas Cservenak
>Priority: Major
>
> This bug affects all released Maven versions.
> Description of the bug: when a Mojo requires Core to collect/resolver given 
> ResolutionScope, Maven Core does it wrong.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

[jira] [Updated] (MNG-8041) Maven Core bug regarding resolution scopes for Mojos

33 matches

Site Navigation

Mail list logo

Footer information