Maven
  1. Maven
  2. MNG-2192

Transitive dependency overrides version specified in POM

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 2.0.2, 2.0.3
    • Fix Version/s: None
    • Component/s: Dependencies
    • Labels:
      None

      Description

      I'm seeing this in both 2.0.2 and 2.0.3, but not in 1.0.2. I specify a version for a dependency in the parent pom.xml. As the build goes on, one or more dependencies will be processed in the modules that have earlier versions, and those earlier versions override the version I specified in pom.xml.

      For example:
      <dependency>
      <groupId>commons-collections</groupId>
      <artifactId>commons-collections</artifactId>
      <version> 3.1</version>
      </dependency>

      Then from the log:
      ...
      [DEBUG] struts:struts:jar:1.2.4:compile (selected for compile)
      [DEBUG] oro:oro:jar:2.0.7:compile (selected for compile)
      [DEBUG] commons-logging:commons-logging:jar:1.0.4:compile (selected for compile)
      [DEBUG] commons-fileupload:commons-fileupload:jar:1.0:compile (selected for compile)
      [DEBUG] commons-collections:commons-collections:jar:2.1:compile (selected for compile)
      [DEBUG] commons-beanutils:commons-beanutils:jar: 1.6.1:compile (selected for compile)
      [DEBUG] commons-logging:commons-logging:jar:1.0:compile (removed - nearer found: 1.0.4)
      [DEBUG] commons-collections:commons-collections:jar:2.0:compile (removed - nearer found: 2.1)
      [DEBUG] commons-digester:commons-digester:jar:1.5:compile (selected for compile)
      [DEBUG] commons-beanutils:commons-beanutils:jar:1.6:compile (removed - nearer found: 1.6.1)
      ...

      And what is in the WAR file is:
      [DEBUG] adding entry WEB-INF/lib/commons-collections-2.1.jar
      (verified this from the .war file)

      This is contrary to the documentation on the web site:
      http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html
      Which says:
      Dependency mediation - this determines what version of a dependency will be used when multiple versions of an artifact are encountered. Currently, Maven 2.0 only supports using the "nearest definition" - so you can always guarantee a version by declaring it explicitly in your project's POM.
      I take this to mean that the POM is based on the parent pom.xml in a multiproject build, and the modules should inherit the version setting from the parent. So I haven't tried to specify the version again in a child pom.xml.

      I came across this while converting a project from M1 to M2. The M1 WAR file contains version 3.1, as expected.

      Hope to include a simple pom.xml to demo this later – schedule crunch at the moment precludes doing it now.

        Issue Links

          Activity

          Ray Ward created issue -
          John Casey made changes -
          Field Original Value New Value
          Fix Version/s 2.1 [ 11704 ]
          Joerg Schaible made changes -
          Link This issue duplicates MNG-1797 [ MNG-1797 ]
          Joerg Schaible made changes -
          Link This issue duplicates MNG-1797 [ MNG-1797 ]
          Joerg Schaible made changes -
          Link This issue duplicates MNG-1577 [ MNG-1577 ]
          Joerg Schaible made changes -
          Link This issue duplicates MNG-1577 [ MNG-1577 ]
          Joerg Schaible made changes -
          Link This issue is related to MNG-1577 [ MNG-1577 ]
          Jason van Zyl made changes -
          Fix Version/s 2.1 [ 11704 ]
          Fix Version/s 2.1.x [ 13142 ]
          Carlos Sanchez made changes -
          Resolution Cannot Reproduce [ 5 ]
          Fix Version/s 2.1.x [ 13142 ]
          Status Open [ 1 ] Closed [ 6 ]
          Assignee Carlos Sanchez [ carlos ]
          Mark Thomas made changes -
          Project Import Sun Apr 05 08:49:45 UTC 2015 [ 1428223785911 ]
          Mark Thomas made changes -
          Workflow jira [ 12712846 ] Default workflow, editable Closed status [ 12752728 ]
          Mark Thomas made changes -
          Project Import Sun Apr 05 21:45:26 UTC 2015 [ 1428270326204 ]
          Mark Thomas made changes -
          Workflow jira [ 12952015 ] Default workflow, editable Closed status [ 12989367 ]

            People

            • Assignee:
              Carlos Sanchez
              Reporter:
              Ray Ward
            • Votes:
              2 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development