maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cole Mickens (JIRA)" <>
Subject [jira] Closed: (MDEP-267) AnalyzeDepMgt Check if DepMgt overrides a (parent's) Transitive Dependency
Date Wed, 07 Jul 2010 18:38:33 GMT


Cole Mickens closed MDEP-267.

    Resolution: Not A Bug

> AnalyzeDepMgt Check if DepMgt overrides a (parent's) Transitive Dependency
> --------------------------------------------------------------------------
>                 Key: MDEP-267
>                 URL:
>             Project: Maven 2.x Dependency Plugin
>          Issue Type: Improvement
>    Affects Versions: 2.1
>            Reporter: Cole Mickens
>            Assignee: Brian Fox
>         Attachments:
> Unzip the test-case.
> In testArtifactParent, run `mvn -DskipTests=true install`.
> In testArtifactChild, run `mvn -DskipTests=true dependency:tree`.
> When it lists the tree, it prints:
> [INFO] testGroup:testArtifactChild:jar:0.0.1-SNAPSHOT
> [INFO] +- commons-beanutils:commons-beanutils:jar:1.8.3:compile
> [INFO] +- commons-logging:commons-logging:jar:1.0.4:compile
> [INFO] \- junit:junit:jar:4.8.1:test
> If you remove 'commons-logging:commons-logging:jar' from the <dependency> section
of the child pom, you get:
> [INFO] +- commons-beanutils:commons-beanutils:jar:1.8.3:compile
> [INFO] |  \- commons-logging:commons-logging:jar:1.0.4:compile (version managed from
> [INFO] \- junit:junit:jar:4.8.1:test
> As you can see, the warning "version managed from x.x.x" is only printed out when the
child doesn't declare a dependency on that package. (Possibly due to how DependencyNode render's
itself based on whether or not it is a duplicate).
> I'm trying to write a new mojo for the Dependency plugin but I'm having trouble getting
a list of ALL project dependencies. Clearly the Dependency plugin has access to this because
(at least in one case) it is aware that a dependency was overriden by the <dependencyManagement>
> I think that the AnalyzeDepMgt mojo should probably  be updated to include a warning
if a managed dependency is overriding a transitive dependency. Ironically it was originally
meant to do more or less the opposite. That maybe confusing and I already have a skeleton
for a new mojo to add, but like I said, I'm having difficulties getting that "full list of
> Hopefully this gives some more context. I'm going to pour through the DependencyNode
stuff, try to figure out where that "version managed from" logic comes from and then implement/call
that in the new AnalyzeDepMgtOverrides mojo I'm working on. Any input on how this list might
be easily discovered would be appreciated!

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:


View raw message