Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-7003

Inconsistent dependency tree

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Won't Fix
    • 3.6.3, 3.8.4
    • None
    • Dependencies
    • None

    Description

      I have found maven building different dependency tree during module built process and when a module is build as a dependency.

      The problematic case:

      pom ---> dependencyManagement (org.slf4j:slf4j-api:1.7.30)

        |-- pom --> dependency (org.apache.logging.log4j:log4j-slf4j18-impl:2.13.3) --> dependency (org.slf4j:slf4j-api:1.8.0-beta4)

       

      When the project is built the dependency tree is OK. The version of transient dependency to slf4j-api is overridden by the dependency management mechanism.

      [INFO] arcomp.maven_example:module:jar:1
      [INFO] - org.apache.logging.log4j:log4j-slf4j18-impl:jar:2.13.3:compile
      [INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
      [INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile
      [INFO] - org.apache.logging.log4j:log4j-core:jar:2.13.3:runtime
       

      On the other hand when the module is being used as a dependency the version of transient dependency is not overridden.

      [INFO] arcomp.maven_example:usage:jar:1
      [INFO] - arcomp.maven_example:module:jar:1:compile
      [INFO] - org.apache.logging.log4j:log4j-slf4j18-impl:jar:2.13.3:compile
      [INFO] +- org.slf4j:slf4j-api:jar:1.8.0-beta4:compile
      [INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile
      [INFO] - org.apache.logging.log4j:log4j-core:jar:2.13.3:runtime
       

      Such behaviour may lead to a problem when jar is used with different dependency than it was compiled and tested with.

      I have attached three maven projects packed into archive. Two are in parent-child relationship where the dependency management mechanism is used described above. The third is a usage example.

      I am new here, so please verify if I set the component (and other fields) correctly.

      Attachments

        1. maven_dependency_problem.tar.gz
          0.7 kB
          Arkadiusz Firus

        Issue Links

          Activity

            People

              Unassigned Unassigned
              ArekF Arkadiusz Firus
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: