Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Won't Fix
-
3.6.3, 3.8.4
-
None
-
None
Description
I have found maven building different dependency tree during module built process and when a module is build as a dependency.
The problematic case:
pom ---> dependencyManagement (org.slf4j:slf4j-api:1.7.30)
|-- pom --> dependency (org.apache.logging.log4j:log4j-slf4j18-impl:2.13.3) --> dependency (org.slf4j:slf4j-api:1.8.0-beta4)
When the project is built the dependency tree is OK. The version of transient dependency to slf4j-api is overridden by the dependency management mechanism.
[INFO] arcomp.maven_example:module:jar:1
[INFO] - org.apache.logging.log4j:log4j-slf4j18-impl:jar:2.13.3:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile
[INFO] - org.apache.logging.log4j:log4j-core:jar:2.13.3:runtime
On the other hand when the module is being used as a dependency the version of transient dependency is not overridden.
[INFO] arcomp.maven_example:usage:jar:1
[INFO] - arcomp.maven_example:module:jar:1:compile
[INFO] - org.apache.logging.log4j:log4j-slf4j18-impl:jar:2.13.3:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.8.0-beta4:compile
[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile
[INFO] - org.apache.logging.log4j:log4j-core:jar:2.13.3:runtime
Such behaviour may lead to a problem when jar is used with different dependency than it was compiled and tested with.
I have attached three maven projects packed into archive. Two are in parent-child relationship where the dependency management mechanism is used described above. The third is a usage example.
I am new here, so please verify if I set the component (and other fields) correctly.
Attachments
Attachments
Issue Links
- is blocked by
-
-
- Reopened
-
-
-
- Closed
-