Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-7003

Inconsistent dependency tree

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.6.3
    • Fix Version/s: None
    • Component/s: Dependencies
    • Labels:
      None

      Description

      I have found maven building different dependency tree during module built process and when a module is build as a dependency.

      The problematic case:

      pom ---> dependencyManagement (org.slf4j:slf4j-api:1.7.30)

        |-- pom --> dependency (org.apache.logging.log4j:log4j-slf4j18-impl:2.13.3) --> dependency (org.slf4j:slf4j-api:1.8.0-beta4)

       

      When the project is built the dependency tree is OK. The version of transient dependency to slf4j-api is overridden by the dependency management mechanism.

      [INFO] arcomp.maven_example:module:jar:1
      [INFO] - org.apache.logging.log4j:log4j-slf4j18-impl:jar:2.13.3:compile
      [INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
      [INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile
      [INFO] - org.apache.logging.log4j:log4j-core:jar:2.13.3:runtime
       

      On the other hand when the module is being used as a dependency the version of transient dependency is not overridden.

      [INFO] arcomp.maven_example:usage:jar:1
      [INFO] - arcomp.maven_example:module:jar:1:compile
      [INFO] - org.apache.logging.log4j:log4j-slf4j18-impl:jar:2.13.3:compile
      [INFO] +- org.slf4j:slf4j-api:jar:1.8.0-beta4:compile
      [INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile
      [INFO] - org.apache.logging.log4j:log4j-core:jar:2.13.3:runtime
       

      Such behaviour may lead to a problem when jar is used with different dependency than it was compiled and tested with.

      I have attached three maven projects packed into archive. Two are in parent-child relationship where the dependency management mechanism is used described above. The third is a usage example.

      I am new here, so please verify if I set the component (and other fields) correctly.

        Attachments

        1. maven_dependency_problem.tar.gz
          0.7 kB
          Arkadiusz Firus

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ArekF Arkadiusz Firus
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: