Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-2192

Transitive dependency overrides version specified in POM



    • Bug
    • Status: Closed
    • Major
    • Resolution: Cannot Reproduce
    • 2.0.2, 2.0.3
    • None
    • Dependencies
    • None


      I'm seeing this in both 2.0.2 and 2.0.3, but not in 1.0.2. I specify a version for a dependency in the parent pom.xml. As the build goes on, one or more dependencies will be processed in the modules that have earlier versions, and those earlier versions override the version I specified in pom.xml.

      For example:
      <version> 3.1</version>

      Then from the log:
      [DEBUG] struts:struts:jar:1.2.4:compile (selected for compile)
      [DEBUG] oro:oro:jar:2.0.7:compile (selected for compile)
      [DEBUG] commons-logging:commons-logging:jar:1.0.4:compile (selected for compile)
      [DEBUG] commons-fileupload:commons-fileupload:jar:1.0:compile (selected for compile)
      [DEBUG] commons-collections:commons-collections:jar:2.1:compile (selected for compile)
      [DEBUG] commons-beanutils:commons-beanutils:jar: 1.6.1:compile (selected for compile)
      [DEBUG] commons-logging:commons-logging:jar:1.0:compile (removed - nearer found: 1.0.4)
      [DEBUG] commons-collections:commons-collections:jar:2.0:compile (removed - nearer found: 2.1)
      [DEBUG] commons-digester:commons-digester:jar:1.5:compile (selected for compile)
      [DEBUG] commons-beanutils:commons-beanutils:jar:1.6:compile (removed - nearer found: 1.6.1)

      And what is in the WAR file is:
      [DEBUG] adding entry WEB-INF/lib/commons-collections-2.1.jar
      (verified this from the .war file)

      This is contrary to the documentation on the web site:
      Which says:
      Dependency mediation - this determines what version of a dependency will be used when multiple versions of an artifact are encountered. Currently, Maven 2.0 only supports using the "nearest definition" - so you can always guarantee a version by declaring it explicitly in your project's POM.
      I take this to mean that the POM is based on the parent pom.xml in a multiproject build, and the modules should inherit the version setting from the parent. So I haven't tried to specify the version again in a child pom.xml.

      I came across this while converting a project from M1 to M2. The M1 WAR file contains version 3.1, as expected.

      Hope to include a simple pom.xml to demo this later – schedule crunch at the moment precludes doing it now.


        Issue Links



              carlos Carlos Sanchez Gonzalez
              rayward Ray Ward
              2 Vote for this issue
              1 Start watching this issue