Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-5376

struts2-bom should not pull in non-struts dependencies from struts2-parent

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • None
    • 6.5.0
    • None
    • None

    Description

      The parent of struts-bom pom file is the struts2-parent pom file. The struts2-parent pom file includes a dependencyManagement section with many non-struts dependencies (including test dependencies such as junit and mockito), which are inherited in the struts-bom pom file. This is bad practice for a bom file since consumers of that bom will have versions for dependencies unrelated to struts locked down.

      See https://www.garretwilson.com/blog/2023/06/14/improve-maven-bom-pattern and https://github.com/apache/logging-log4j2 for an example of how they have both parent and bom pom files

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            tking Tyler King
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Slack

                Issue deployment