Tamas Cservenak created MNG-8003: ------------------------------------ Summary: Maven BOM is not what it looks like Key: MNG-8003 URL: https://issues.apache.org/jira/browse/MNG-8003 Project: Maven Issue Type: Bug Reporter: Tamas Cservenak Fix For: 4.0.0, 4.0.0-alpha-11
Maven project at top level POM (current master) has 3 imports: * maven-bom * junit bom * mockito bom While debugging, spotted that junit and mockito imports are "pristine" (in a way they contain what one can expect), but the maven-bom had more than BOM enlists! It turns out that BOM uses maven-parent@41 (same as top level POM or Maven project), and it has 4 extra depMgt entries (plexus, sisu, plexus-xml and plexus-util). Basically whoever imports Maven BOM will import these as well. Moreover, this causes a bit of mess, as maven-parent depMgt section is: * imported via maven-bom that inherits them from maven-parent * but also inherited as maven top level POM uses maven-parent as well Reported conflicts: * org.eclipse.sisu:org.eclipse.sisu.plexus:jar:0.9.0.M2@compile vs org.eclipse.sisu:org.eclipse.sisu.plexus:jar:0.9.0.M2@compile[2 exclusions] -- as in Maven project we add exclusions to decouple plexus and sisu * org.codehaus.plexus:plexus-xml:jar:3.0.0@compile vs org.codehaus.plexus:plexus-xml:jar:4.0.1@compile -- this is a version conflict -- This message was sent by Atlassian Jira (v8.20.10#820010)