Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-3383

Downloaded plugin dependencies influence project dependencies

    XMLWordPrintableJSON

Details

    Description

      Currently, a plugin may define additional pluginRepositories, which are used to resolve dependencies of that plugin.

      This leads to the fact that a plugin might resolve a dependency which would normally not be available to the project.

      When it does that, it seems to write a metadata-central (although on the central repo this artifact does not exist) and thus, the project will use that dependency, too.

      How to reproduce:
      1. remove xstream from local repo:

      rm -Rf ~/.m2/repository/com/thoughtworks/xstream

      2. run mvn clean install on the attached pom.xml
      -> the build should fail because the version 1.3.0-SNAPSHOT is not available at repo1.maven.org
      3. edit the pom.xml, uncomment the plugin definition (jspc used for demonstration purposes only)
      3. run mvn clean install again
      -> the build succeeds and the 1.3.0-SNAPSHOT is being built into the artifact, which is wrong.

      Attachments

        1. pom.xml
          1 kB

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. MNG-3330 reporting plugin poms are retrieved from the wrong repository

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MNG-3384 Repos defined in plugin are used to download dependencies

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              seidler Stefan Seidel
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: