Maven
  1. Maven
  2. MNG-4690

Transitive dependency lost when included another dependency

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0-beta-3
    • Component/s: Dependencies
    • Labels:
      None
    • Environment:
      maven 2.0.10 (tried with dependency plugin 2.0 and 2.1)

      Description

      We added a new dependency (velocity-tools) and the project didn't work any more. We've found that one transitive library (antlr used by struts and hibernate) is missing in the installed WAR file.

      It looks like the antlr transitive dependency is ignored from hibernate dependencies by plugin choosing struts-1.2.9 one while eventually struts is replaced by 1.2.7 version which does not have antlr dependency.

      There is a workaround to the problem - dependencies might be rearranged to include the missing library back (e.g. by moving struts-1.2.7 from parent to ui but only before velocity-tools - see the test case) however the problem is that the plugin behavior is unpredictable.

      Test case:
      There are root, parent, common, model, ui POM files. The purpose is to create dependency tree deep enough (ui depends on model and inherits from parent, model depends on common). They include external dependencies (velocity-tools, struts, hibernate).

      • WAR artifact created from the root or ui POM does not contain antlr in WEB-INF/lib which is required by hibernate
      • after removing velocity-tools from ui/pom.xml antlr library is included properly
      1. test.zip
        3 kB
        Michal Ropka
      2. test2.zip
        24 kB
        Michal Ropka

        Issue Links

          Activity

          Michal Ropka created issue -
          Brian Fox made changes -
          Field Original Value New Value
          Complexity Intermediate
          Component/s Dependencies [ 12028 ]
          Affects Version/s 2.1 [ 14007 ]
          Project Maven 2.x Dependency Plugin [ 11214 ] Maven 2 & 3 [ 10500 ]
          Component/s resolve [ 12675 ]
          Key MDEP-202 MNG-4690
          Hide
          Benjamin Bentmann added a comment -

          Running "mvn package" on the ui module yields a WAR with the folling contents for me:

          WEB-INF/lib/antlr-2.7.2.jar
          WEB-INF/lib/asm-1.5.3.jar
          WEB-INF/lib/asm-attrs-1.5.3.jar
          WEB-INF/lib/avalon-framework-4.1.3.jar
          WEB-INF/lib/cglib-2.1_3.jar
          WEB-INF/lib/common-1.jar
          WEB-INF/lib/commons-beanutils-1.7.0.jar
          WEB-INF/lib/commons-chain-1.0.jar
          WEB-INF/lib/commons-collections-3.2.jar
          WEB-INF/lib/commons-digester-1.8.jar
          WEB-INF/lib/commons-fileupload-1.0.jar
          WEB-INF/lib/commons-logging-1.1.jar
          WEB-INF/lib/commons-validator-1.3.1.jar
          WEB-INF/lib/dom4j-1.6.1.jar
          WEB-INF/lib/ehcache-1.2.3.jar
          WEB-INF/lib/hibernate-3.2.3.ga.jar
          WEB-INF/lib/jta-1.0.1B.jar
          WEB-INF/lib/log4j-1.2.12.jar
          WEB-INF/lib/logkit-1.0.1.jar
          WEB-INF/lib/model-1.jar
          WEB-INF/lib/oro-2.0.8.jar
          WEB-INF/lib/servlet-api-2.3.jar
          WEB-INF/lib/sslext-1.2-0.jar
          WEB-INF/lib/struts-1.2.7.jar
          WEB-INF/lib/velocity-1.4.jar
          WEB-INF/lib/velocity-dep-1.4.jar
          WEB-INF/lib/velocity-tools-1.3.jar
          

          i.e. despite the dependency on velocity-tools, antlr is still included. This matches the dependency tree output:

          [INFO] [dependency:tree]
          [INFO] cern.ppt.test:ui:war:1
          [INFO] +- cern.ppt.test:model:jar:1:compile
          [INFO] |  \- cern.ppt.test:common:jar:1:compile
          [INFO] |     \- org.hibernate:hibernate:jar:3.2.3.ga:compile
          [INFO] |        +- net.sf.ehcache:ehcache:jar:1.2.3:compile
          [INFO] |        +- javax.transaction:jta:jar:1.0.1B:compile
          [INFO] |        +- asm:asm-attrs:jar:1.5.3:compile
          [INFO] |        +- dom4j:dom4j:jar:1.6.1:compile
          [INFO] |        +- cglib:cglib:jar:2.1_3:compile
          [INFO] |        \- asm:asm:jar:1.5.3:compile
          [INFO] +- org.apache.velocity:velocity-tools:jar:1.3:compile
          [INFO] |  +- commons-beanutils:commons-beanutils:jar:1.7.0:compile
          [INFO] |  +- commons-digester:commons-digester:jar:1.8:compile
          [INFO] |  +- commons-collections:commons-collections:jar:3.2:compile
          [INFO] |  +- commons-logging:commons-logging:jar:1.1:compile
          [INFO] |  |  +- log4j:log4j:jar:1.2.12:compile
          [INFO] |  |  +- logkit:logkit:jar:1.0.1:compile
          [INFO] |  |  \- avalon-framework:avalon-framework:jar:4.1.3:compile
          [INFO] |  +- commons-validator:commons-validator:jar:1.3.1:compile
          [INFO] |  +- javax.servlet:servlet-api:jar:2.3:compile
          [INFO] |  +- oro:oro:jar:2.0.8:compile
          [INFO] |  +- sslext:sslext:jar:1.2-0:compile
          [INFO] |  \- velocity:velocity:jar:1.4:compile
          [INFO] |     \- velocity:velocity-dep:jar:1.4:runtime
          [INFO] \- struts:struts:jar:1.2.7:compile
          [INFO]    +- commons-chain:commons-chain:jar:1.0:compile
          [INFO]    +- commons-fileupload:commons-fileupload:jar:1.0:compile
          [INFO]    \- antlr:antlr:jar:2.7.2:compile
          

          Further things that don't match up with the issue description: The example project does not refer to struts:1.2.9 anywhere. And both struts:1.2.7 and struts:1.2.9 depend on antlr:2.7.2.

          Show
          Benjamin Bentmann added a comment - Running "mvn package" on the ui module yields a WAR with the folling contents for me: WEB-INF/lib/antlr-2.7.2.jar WEB-INF/lib/asm-1.5.3.jar WEB-INF/lib/asm-attrs-1.5.3.jar WEB-INF/lib/avalon-framework-4.1.3.jar WEB-INF/lib/cglib-2.1_3.jar WEB-INF/lib/common-1.jar WEB-INF/lib/commons-beanutils-1.7.0.jar WEB-INF/lib/commons-chain-1.0.jar WEB-INF/lib/commons-collections-3.2.jar WEB-INF/lib/commons-digester-1.8.jar WEB-INF/lib/commons-fileupload-1.0.jar WEB-INF/lib/commons-logging-1.1.jar WEB-INF/lib/commons-validator-1.3.1.jar WEB-INF/lib/dom4j-1.6.1.jar WEB-INF/lib/ehcache-1.2.3.jar WEB-INF/lib/hibernate-3.2.3.ga.jar WEB-INF/lib/jta-1.0.1B.jar WEB-INF/lib/log4j-1.2.12.jar WEB-INF/lib/logkit-1.0.1.jar WEB-INF/lib/model-1.jar WEB-INF/lib/oro-2.0.8.jar WEB-INF/lib/servlet-api-2.3.jar WEB-INF/lib/sslext-1.2-0.jar WEB-INF/lib/struts-1.2.7.jar WEB-INF/lib/velocity-1.4.jar WEB-INF/lib/velocity-dep-1.4.jar WEB-INF/lib/velocity-tools-1.3.jar i.e. despite the dependency on velocity-tools , antlr is still included. This matches the dependency tree output: [INFO] [dependency:tree] [INFO] cern.ppt.test:ui:war:1 [INFO] +- cern.ppt.test:model:jar:1:compile [INFO] | \- cern.ppt.test:common:jar:1:compile [INFO] | \- org.hibernate:hibernate:jar:3.2.3.ga:compile [INFO] | +- net.sf.ehcache:ehcache:jar:1.2.3:compile [INFO] | +- javax.transaction:jta:jar:1.0.1B:compile [INFO] | +- asm:asm-attrs:jar:1.5.3:compile [INFO] | +- dom4j:dom4j:jar:1.6.1:compile [INFO] | +- cglib:cglib:jar:2.1_3:compile [INFO] | \- asm:asm:jar:1.5.3:compile [INFO] +- org.apache.velocity:velocity-tools:jar:1.3:compile [INFO] | +- commons-beanutils:commons-beanutils:jar:1.7.0:compile [INFO] | +- commons-digester:commons-digester:jar:1.8:compile [INFO] | +- commons-collections:commons-collections:jar:3.2:compile [INFO] | +- commons-logging:commons-logging:jar:1.1:compile [INFO] | | +- log4j:log4j:jar:1.2.12:compile [INFO] | | +- logkit:logkit:jar:1.0.1:compile [INFO] | | \- avalon-framework:avalon-framework:jar:4.1.3:compile [INFO] | +- commons-validator:commons-validator:jar:1.3.1:compile [INFO] | +- javax.servlet:servlet-api:jar:2.3:compile [INFO] | +- oro:oro:jar:2.0.8:compile [INFO] | +- sslext:sslext:jar:1.2-0:compile [INFO] | \- velocity:velocity:jar:1.4:compile [INFO] | \- velocity:velocity-dep:jar:1.4:runtime [INFO] \- struts:struts:jar:1.2.7:compile [INFO] +- commons-chain:commons-chain:jar:1.0:compile [INFO] +- commons-fileupload:commons-fileupload:jar:1.0:compile [INFO] \- antlr:antlr:jar:2.7.2:compile Further things that don't match up with the issue description: The example project does not refer to struts:1.2.9 anywhere. And both struts:1.2.7 and struts:1.2.9 depend on antlr:2.7.2 .
          Benjamin Bentmann made changes -
          Resolution Cannot Reproduce [ 5 ]
          Assignee Brian Fox [ brianfox ] Benjamin Bentmann [ bentmann ]
          Status Open [ 1 ] Closed [ 6 ]
          Hide
          Michal Ropka added a comment -

          Fixed test case

          Show
          Michal Ropka added a comment - Fixed test case
          Michal Ropka made changes -
          Attachment test2.zip [ 50436 ]
          Benjamin Bentmann made changes -
          Status Closed [ 6 ] Reopened [ 4 ]
          Assignee Benjamin Bentmann [ bentmann ]
          Resolution Cannot Reproduce [ 5 ]
          Hide
          Michal Ropka added a comment -

          Hi,

          I've realized that the test case is not complete as my struts-1.2.7 library is different than deployed in the central repository and it contains no dependencies (was deployed manually before an official release was there) so you couldn't reproduce the problem.

          However the problem is still there. I've prepared quickly another example (test2.zip). After installing lib1 (version 1 and 2), lib2 and lib3 and running install in the top project you can see that there is no antlr library in ui/target WAR which is required for lib2 which is there.

          Cheers,
          Michal

          Show
          Michal Ropka added a comment - Hi, I've realized that the test case is not complete as my struts-1.2.7 library is different than deployed in the central repository and it contains no dependencies (was deployed manually before an official release was there) so you couldn't reproduce the problem. However the problem is still there. I've prepared quickly another example (test2.zip). After installing lib1 (version 1 and 2), lib2 and lib3 and running install in the top project you can see that there is no antlr library in ui/target WAR which is required for lib2 which is there. Cheers, Michal
          Hide
          Michal Ropka added a comment -

          More details:

          Dependencies in the files look like:

          parent/pom.xml
          	lib1:1
          common/pom.xml
          	lib2:1
          		antlr:antlr:2.7.6
          model/pom.xml
          	common
          ui/pom.xml (parent/pom.xml as parent)
          	model
          	lib3:1
          		lib1:2
          			antlr:antlr:2.7.2
          top/pom.xml
          	common
          	model
          	ui
          

          While dependency tree in ui

          [INFO] ------------------------------------
          [INFO] [dependency:tree]
          [INFO] test:ui:war:1
          [INFO] +- test:model:jar:1:compile
          [INFO] |  \- test:common:jar:1:compile
          [INFO] |     \- test.lib:lib2:jar:1:compile
          [INFO] +- test.lib:lib3:jar:1:compile
          [INFO] \- test.lib:lib1:jar:1:compile
          [INFO] ------------------------------------
          

          so lib2 even when requires anrlr does not have it. I believe it is due to some problem when resolving dependencies for lib1.

          Show
          Michal Ropka added a comment - More details: Dependencies in the files look like: parent/pom.xml lib1:1 common/pom.xml lib2:1 antlr:antlr:2.7.6 model/pom.xml common ui/pom.xml (parent/pom.xml as parent) model lib3:1 lib1:2 antlr:antlr:2.7.2 top/pom.xml common model ui While dependency tree in ui [INFO] ------------------------------------ [INFO] [dependency:tree] [INFO] test:ui:war:1 [INFO] +- test:model:jar:1:compile [INFO] | \- test:common:jar:1:compile [INFO] | \- test.lib:lib2:jar:1:compile [INFO] +- test.lib:lib3:jar:1:compile [INFO] \- test.lib:lib1:jar:1:compile [INFO] ------------------------------------ so lib2 even when requires anrlr does not have it. I believe it is due to some problem when resolving dependencies for lib1 .
          Hide
          Benjamin Bentmann added a comment -

          The dirty tree for the ui modules looks like this:

          test:ui:1
          +- test:model:1
          |  \- test:common:1
          |     \- test.lib:lib2:1
          |        \- antlr:antlr:2.7.6          <--\
          +- test.lib:lib3:1                        |
          |  \- test.lib:lib1:2        <--\         |(a)
          |     \- antlr:antlr:2.7.2      |(b)   ---/
          \- test.lib:lib1:1           ---/
          

          For conflict resolution, Maven basically performs a DFS on this tree. When visiting antlr:2.7.2 it eliminates antlr:2.7.6 (a) and when visiting lib1:1 it eliminates lib1:2 (b). Unfortunately, this last step also eliminates the last path to antlr, i.e. antlr:2.7.6 is not reenabled.

          Moving lib1:1 before lib3:1 is a possible workaround for the missing back-tracking in the conflict resolution.

          Show
          Benjamin Bentmann added a comment - The dirty tree for the ui modules looks like this: test:ui:1 +- test:model:1 | \- test:common:1 | \- test.lib:lib2:1 | \- antlr:antlr:2.7.6 <--\ +- test.lib:lib3:1 | | \- test.lib:lib1:2 <--\ |(a) | \- antlr:antlr:2.7.2 |(b) ---/ \- test.lib:lib1:1 ---/ For conflict resolution, Maven basically performs a DFS on this tree. When visiting antlr:2.7.2 it eliminates antlr:2.7.6 (a) and when visiting lib1:1 it eliminates lib1:2 (b). Unfortunately, this last step also eliminates the last path to antlr, i.e. antlr:2.7.6 is not reenabled. Moving lib1:1 before lib3:1 is a possible workaround for the missing back-tracking in the conflict resolution.
          Benjamin Bentmann made changes -
          Link This issue is related to MNG-4768 [ MNG-4768 ]
          Hide
          Benjamin Bentmann added a comment -

          Fixed by r988749.

          Show
          Benjamin Bentmann added a comment - Fixed by r988749 .
          Benjamin Bentmann made changes -
          Fix Version/s 3.0-beta-3 [ 16681 ]
          Status Reopened [ 4 ] Closed [ 6 ]
          Assignee Benjamin Bentmann [ bentmann ]
          Resolution Fixed [ 1 ]
          Benjamin Bentmann made changes -
          Link This issue is related to MNG-4134 [ MNG-4134 ]
          Mark Thomas made changes -
          Project Import Sun Apr 05 08:49:45 UTC 2015 [ 1428223785911 ]
          Mark Thomas made changes -
          Workflow jira [ 12714433 ] Default workflow, editable Closed status [ 12754172 ]
          Mark Thomas made changes -
          Project Import Sun Apr 05 21:45:26 UTC 2015 [ 1428270326204 ]
          Mark Thomas made changes -
          Workflow jira [ 12952358 ] Default workflow, editable Closed status [ 12989710 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Closed Closed
          509d 4h 59m 1 Benjamin Bentmann 31/Jul/10 18:07
          Closed Closed Reopened Reopened
          1d 15h 45m 1 Benjamin Bentmann 02/Aug/10 09:52
          Reopened Reopened Closed Closed
          22d 9h 29m 1 Benjamin Bentmann 24/Aug/10 19:22

            People

            • Assignee:
              Benjamin Bentmann
              Reporter:
              Michal Ropka
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development