Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-5988

Dependency mediation should prioritize transitive dependencies based on scope.

    Details

      Description

      The documentation states that dependency mediation only supports "nearest definition", regardless of the scope of the parent dependency.

      If both compile- and test scoped dependencies shares the same transitive dependency, the test-scoped one will win if it has shallower depth. That in turn will lead to runtime exceptions since the transitive dependency is no longer on the classpath.

      Take the following pom from a typical Spring Boot application. Since the camel-test-spring dependency also depends on spring, it wins and Spring is no longer available to the application at runtime.

      <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
      
          <modelVersion>4.0.0</modelVersion>
      
          <groupId>com.example</groupId>
          <artifactId>bugreport</artifactId>
          <packaging>jar</packaging>
          <version>1.0.0-SNAPSHOT</version>
      
          <dependencies>
              <dependency>
                  <groupId>org.springframework.boot</groupId>
                  <artifactId>spring-boot-starter-web</artifactId>
                  <version>1.3.2.RELEASE</version>
              </dependency>
              <dependency>
                  <groupId>org.apache.camel</groupId>
                  <artifactId>camel-test-spring</artifactId>
                  <version>2.16.2</version>
                  <scope>test</scope>
              </dependency>
          </dependencies>
      
      </project>
      

      Now look for spring-beans or spring-context in the following dependency graphs:

      mvn dependency:tree (with camel-test-spring)
      [INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ bugreport ---
      [INFO] com.example:bugreport:jar:1.0.0-SNAPSHOT
      [INFO] +- org.springframework.boot:spring-boot-starter-web:jar:1.3.2.RELEASE:compile
      [INFO] |  +- org.springframework.boot:spring-boot-starter:jar:1.3.2.RELEASE:compile
      [INFO] |  |  +- org.springframework.boot:spring-boot:jar:1.3.2.RELEASE:compile
      [INFO] |  |  +- org.springframework.boot:spring-boot-autoconfigure:jar:1.3.2.RELEASE:compile
      [INFO] |  |  +- org.springframework.boot:spring-boot-starter-logging:jar:1.3.2.RELEASE:compile
      [INFO] |  |  |  +- ch.qos.logback:logback-classic:jar:1.1.3:compile
      [INFO] |  |  |  |  \- ch.qos.logback:logback-core:jar:1.1.3:compile
      [INFO] |  |  |  +- org.slf4j:jcl-over-slf4j:jar:1.7.13:compile
      [INFO] |  |  |  +- org.slf4j:jul-to-slf4j:jar:1.7.13:compile
      [INFO] |  |  |  \- org.slf4j:log4j-over-slf4j:jar:1.7.13:compile
      [INFO] |  |  \- org.yaml:snakeyaml:jar:1.16:runtime
      [INFO] |  +- org.springframework.boot:spring-boot-starter-tomcat:jar:1.3.2.RELEASE:compile
      [INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.0.30:compile
      [INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-el:jar:8.0.30:compile
      [INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-logging-juli:jar:8.0.30:compile
      [INFO] |  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:8.0.30:compile
      [INFO] |  +- org.springframework.boot:spring-boot-starter-validation:jar:1.3.2.RELEASE:compile
      [INFO] |  |  \- org.hibernate:hibernate-validator:jar:5.2.2.Final:compile
      [INFO] |  |     +- javax.validation:validation-api:jar:1.1.0.Final:compile
      [INFO] |  |     +- org.jboss.logging:jboss-logging:jar:3.2.1.Final:compile
      [INFO] |  |     \- com.fasterxml:classmate:jar:1.1.0:compile
      [INFO] |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.6.5:compile
      [INFO] |  |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.6.0:compile
      [INFO] |  |  \- com.fasterxml.jackson.core:jackson-core:jar:2.6.5:compile
      [INFO] |  +- org.springframework:spring-web:jar:4.2.4.RELEASE:compile
      [INFO] |  \- org.springframework:spring-webmvc:jar:4.2.4.RELEASE:compile
      [INFO] \- org.apache.camel:camel-test-spring:jar:2.16.2:test
      [INFO]    +- org.apache.camel:camel-test:jar:2.16.2:test
      [INFO]    |  +- org.apache.camel:camel-core:jar:2.16.2:test
      [INFO]    |  |  \- org.slf4j:slf4j-api:jar:1.6.6:compile
      [INFO]    |  \- junit:junit:jar:4.11:test
      [INFO]    |     \- org.hamcrest:hamcrest-core:jar:1.3:test
      [INFO]    +- org.apache.camel:camel-spring:jar:2.16.2:test
      [INFO]    +- org.springframework:spring-test:jar:4.1.9.RELEASE:test
      [INFO]    +- org.springframework:spring-context:jar:4.1.9.RELEASE:compile
      [INFO]    +- org.springframework:spring-beans:jar:4.1.9.RELEASE:compile
      [INFO]    +- org.springframework:spring-expression:jar:4.1.9.RELEASE:compile
      [INFO]    +- org.springframework:spring-aop:jar:4.1.9.RELEASE:compile
      [INFO]    |  \- aopalliance:aopalliance:jar:1.0:compile
      [INFO]    +- org.springframework:spring-tx:jar:4.1.9.RELEASE:test
      [INFO]    +- org.springframework:spring-core:jar:4.1.9.RELEASE:compile
      [INFO]    |  \- commons-logging:commons-logging:jar:1.2:compile
      [INFO]    +- com.sun.xml.bind:jaxb-core:jar:2.2.11:test
      [INFO]    \- com.sun.xml.bind:jaxb-impl:jar:2.2.11:test
      
      mvn dependency:tree (without camel-test-spring)
      [INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ bugreport ---
      [INFO] com.example:bugreport:jar:1.0.0-SNAPSHOT
      [INFO] \- org.springframework.boot:spring-boot-starter-web:jar:1.3.2.RELEASE:compile
      [INFO]    +- org.springframework.boot:spring-boot-starter:jar:1.3.2.RELEASE:compile
      [INFO]    |  +- org.springframework.boot:spring-boot:jar:1.3.2.RELEASE:compile
      [INFO]    |  +- org.springframework.boot:spring-boot-autoconfigure:jar:1.3.2.RELEASE:compile
      [INFO]    |  +- org.springframework.boot:spring-boot-starter-logging:jar:1.3.2.RELEASE:compile
      [INFO]    |  |  +- ch.qos.logback:logback-classic:jar:1.1.3:compile
      [INFO]    |  |  |  +- ch.qos.logback:logback-core:jar:1.1.3:compile
      [INFO]    |  |  |  \- org.slf4j:slf4j-api:jar:1.7.7:compile
      [INFO]    |  |  +- org.slf4j:jcl-over-slf4j:jar:1.7.13:compile
      [INFO]    |  |  +- org.slf4j:jul-to-slf4j:jar:1.7.13:compile
      [INFO]    |  |  \- org.slf4j:log4j-over-slf4j:jar:1.7.13:compile
      [INFO]    |  +- org.springframework:spring-core:jar:4.2.4.RELEASE:compile
      [INFO]    |  \- org.yaml:snakeyaml:jar:1.16:runtime
      [INFO]    +- org.springframework.boot:spring-boot-starter-tomcat:jar:1.3.2.RELEASE:compile
      [INFO]    |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.0.30:compile
      [INFO]    |  +- org.apache.tomcat.embed:tomcat-embed-el:jar:8.0.30:compile
      [INFO]    |  +- org.apache.tomcat.embed:tomcat-embed-logging-juli:jar:8.0.30:compile
      [INFO]    |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:8.0.30:compile
      [INFO]    +- org.springframework.boot:spring-boot-starter-validation:jar:1.3.2.RELEASE:compile
      [INFO]    |  \- org.hibernate:hibernate-validator:jar:5.2.2.Final:compile
      [INFO]    |     +- javax.validation:validation-api:jar:1.1.0.Final:compile
      [INFO]    |     +- org.jboss.logging:jboss-logging:jar:3.2.1.Final:compile
      [INFO]    |     \- com.fasterxml:classmate:jar:1.1.0:compile
      [INFO]    +- com.fasterxml.jackson.core:jackson-databind:jar:2.6.5:compile
      [INFO]    |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.6.0:compile
      [INFO]    |  \- com.fasterxml.jackson.core:jackson-core:jar:2.6.5:compile
      [INFO]    +- org.springframework:spring-web:jar:4.2.4.RELEASE:compile
      [INFO]    |  +- org.springframework:spring-aop:jar:4.2.4.RELEASE:compile
      [INFO]    |  |  \- aopalliance:aopalliance:jar:1.0:compile
      [INFO]    |  +- org.springframework:spring-beans:jar:4.2.4.RELEASE:compile
      [INFO]    |  \- org.springframework:spring-context:jar:4.2.4.RELEASE:compile
      [INFO]    \- org.springframework:spring-webmvc:jar:4.2.4.RELEASE:compile
      [INFO]       \- org.springframework:spring-expression:jar:4.2.4.RELEASE:compile
      

        Attachments

        1. Collected.svg
          7 kB
          Christian Schulte
        2. MNG-5988.zip
          3 kB
          Christian Schulte
        3. PRE.svg
          183 kB
          Christian Schulte
        4. Resolved.svg
          6 kB
          Christian Schulte

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jgogstad Jostein Gogstad
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: