[MNG-7906] Dependency Management import (BOM) does not work the "maven way" - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: 4.0.x-candidate
Component/s: Dependencies, Documentation: General
Labels:
None

Description

This affects all released Maven versions so far.

Problem reproducer: https://github.com/cstamas/MNG-7852 (repo name is wrong, obviously).

In short: unlike with dependencies, where you CAN override some "deep transitive" dependency by re-declaring it directly as 1st level dependency in POM, for depMgt import this does not work, actually, it works quite the opposite ("first comes, wins"). Moreover, Maven remains silent about this, as reproducer shows, and all of this goes unnoticed.

Solution: at least depMgt import should make "the maven way", maybe not by default (to not break existing builds) but configurable. Problem is solved if in reproducer:

with fix enabled, junit 5.9.3 is used, AND
with fix disabled, Maven yells about ignored depMgt import

Attachments

Issue Links

is related to

MNG-7854 Non directly managed imported and conflicting depMgt entries should warn

Closed

relates to

MNG-7344 Effective pom should contain more finegrained details regarding its content origin: track dependencyManagement import

Open

MPH-183 Effective-pom + verbose should show import path to BOM dependencyManagement

Open

links to

GitHub Pull Request #1396

Activity

People

Assignee:: Unassigned

Reporter:: Tamas Cservenak

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 13/Oct/23 20:02

Updated:: 6 days ago 16:20