Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-7906

Dependency Management import (BOM) does not work the "maven way"

Agile BoardAttach filesAttach ScreenshotAdd voteVotersStop watchingWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      This affects all released Maven versions so far.

      Problem reproducer: https://github.com/cstamas/MNG-7852 (repo name is wrong, obviously).

      In short: unlike with dependencies, where you CAN override some "deep transitive" dependency by re-declaring it directly as 1st level dependency in POM, for depMgt import this does not work, actually, it works quite the opposite ("first comes, wins"). Moreover, Maven remains silent about this, as reproducer shows, and all of this goes unnoticed.

      Solution: at least depMgt import should make "the maven way", maybe not by default (to not break existing builds) but configurable. Problem is solved if in reproducer:

      • with fix enabled, junit 5.9.3 is used, AND
      • with fix disabled, Maven yells about ignored depMgt import

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            cstamas Tamas Cservenak

            Dates

              Created:
              Updated:

              Slack

                Issue deployment