[ https://issues.apache.org/jira/browse/MRESOLVER-503?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexey Loubyansky updated MRESOLVER-503: ---------------------------------------- Issue Type: Bug (was: New Feature) > Differences between results of dependency:tree and direct resolver API calls > ---------------------------------------------------------------------------- > > Key: MRESOLVER-503 > URL: https://issues.apache.org/jira/browse/MRESOLVER-503 > Project: Maven Resolver > Issue Type: Bug > Components: Resolver > Reporter: Alexey Loubyansky > Priority: Major > > I noticed a difference in dependency trees produced by dependency:tree and > what seems to be an equivalent invocation of the resolver using its API. > It can be reproduced by applying the following change to the maven-resolver > demo class > [https://github.com/apache/maven-resolver/compare/master...aloubyansky:maven-resolver:dep-tree-diff?expand=1] > Running that results in > {code:java} > com.microsoft.azure:msal4j:jar:1.13.1.redhat-00001 > +- com.nimbusds:oauth2-oidc-sdk:jar:9.35 [compile] > | +- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1 [compile] > | +- com.nimbusds:content-type:jar:2.2 [compile] > | +- net.minidev:json-smart:jar:2.4.8 [compile] > | +- com.nimbusds:lang-tag:jar:1.6 [compile] > | \- com.nimbusds:nimbus-jose-jwt:jar:9.22 [compile] > +- org.slf4j:slf4j-api:jar:1.7.36.redhat-00002 [compile] > \- com.fasterxml.jackson.core:jackson-databind:jar:2.13.2.1 [compile] {code} > Notice the position of json-smart in the tree - it's a dependency of > oauth2-oidc-sdk in this case. > Now > {code:java} > cd ~/.m2/repository/com/microsoft/azure/msal4j/1.13.1.redhat-00001{code} > {code:java} > mvn dependency:tree -f msal4j-1.13.1.redhat-00001.pom -Dscope=compile > {code} > The output is > {code:java} > [INFO] com.microsoft.azure:msal4j:jar:1.13.1.redhat-00001 > [INFO] +- com.nimbusds:oauth2-oidc-sdk:jar:9.35:compile > [INFO] | +- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile > [INFO] | +- com.nimbusds:content-type:jar:2.2:compile > [INFO] | +- com.nimbusds:lang-tag:jar:1.6:compile > [INFO] | \- com.nimbusds:nimbus-jose-jwt:jar:9.22:compile > [INFO] +- net.minidev:json-smart:jar:2.4.8:compile > [INFO] | \- net.minidev:accessors-smart:jar:2.4.8:compile > [INFO] | \- org.ow2.asm:asm:jar:9.1:compile > [INFO] +- org.slf4j:slf4j-api:jar:1.7.36.redhat-00002:compile > [INFO] +- org.projectlombok:lombok:jar:1.18.6:provided > [INFO] \- com.fasterxml.jackson.core:jackson-databind:jar:2.13.2.1:compile > [INFO] +- com.fasterxml.jackson.core:jackson-annotations:jar:2.13.2:compile > [INFO] \- com.fasterxml.jackson.core:jackson-core:jar:2.13.2:compile {code} > In this case json-smart is shown as a direct dependency of msal4j, which it > is in its POM. > Following the preference of the nearest to the root, dependency:tree seems to > be correct, isn't it? > In any case, I'd expect the same result (for compile scope) dependencies out > of of both approaches. Thanks. -- This message was sent by Atlassian Jira (v8.20.10#820010)