Details
-
Bug
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
3.6.0, 3.6.1
-
None
Description
Based on an example described on StackOverflow with the example project https://github.com/DmitryTen/SO-mvn-question which can be used as reproducer (attached that example to the issue).
The failure starts happening with Maven Dependency Plugin:3.6.0:
[INFO] --- dependency:3.6.0:analyze-only (analyze-dependencies) @ test --- [ERROR] Used undeclared dependencies found: [ERROR] org.springframework:spring-web:jar:5.3.5:compile [INFO] -----------------------------------------------------------------
If we change the version of the plugin to 3.5.0:
[INFO] --- dependency:3.5.0:analyze-only (analyze-dependencies) @ test --- [INFO] No dependency problems found [INFO] Copying org.example:test:pom:1.0-SNAPSHOT to project local repository [INFO] Copying org.example:test:jar:1.0-SNAPSHOT to project local repository [INFO] Copying org.example:test:pom:consumer:1.0-SNAPSHOT to project local repository [INFO] ----------------------------------------------------------------------------------
After a bit more diving into it, it looks like the upgrade of the maven-dependency-analyzer:1.3.2 in release 3.6.0 of the maven-dependency-plugin (https://issues.apache.org/jira/projects/MDEP/versions/12352921) caused that issue. If I use an older version of maven-dependency-plugin for example 3.5.0 and upgrade there the maven-dependency-analyzer:1.3.1 it will fail with the same output. The version maven-dependency-analyzer:1.3.0 will work fine.
I have taken a look into the code of the classes:
The class StandaloneVaultConfig which is created in the example project uses AppRoleAuthentication which is part of org.springframework.vault:spring-vault-core. The usage of classes from org.springframework:spring-web:jar:5.3.5:compile happening in the class AppRoleAuthentication.