[jira] Created: (MNG-2192) Transitive dependency overrides version specified in POM

Thu, 30 Mar 2006 05:57:09 -0800 

Transitive dependency overrides version specified in POM
--------------------------------------------------------

         Key: MNG-2192
         URL: http://jira.codehaus.org/browse/MNG-2192
     Project: Maven 2
        Type: Bug

  Components: Dependencies  
    Versions: 2.0.2, 2.0.3    
    Reporter: Ray Ward


I'm seeing this in both 2.0.2 and 2.0.3, but not in 1.0.2.  I specify a version 
for a dependency in the parent pom.xml.  As the build goes on, one or more 
dependencies will be processed in the modules that have earlier versions, and 
those earlier versions override the version I specified in pom.xml. 
 
For example:
                <dependency>
                        <groupId>commons-collections</groupId>
                        <artifactId>commons-collections</artifactId>
                        <version> 3.1</version>
                </dependency>
 
Then from the log:
...
[DEBUG]   struts:struts:jar:1.2.4:compile (selected for compile)
[DEBUG]     oro:oro:jar:2.0.7:compile (selected for compile)
[DEBUG]     commons-logging:commons-logging:jar:1.0.4:compile (selected for 
compile) 
[DEBUG]     commons-fileupload:commons-fileupload:jar:1.0:compile (selected for 
compile)
[DEBUG]     commons-collections:commons-collections:jar:2.1:compile (selected 
for compile)
[DEBUG]     commons-beanutils:commons-beanutils:jar: 1.6.1:compile (selected 
for compile)
[DEBUG]       commons-logging:commons-logging:jar:1.0:compile (removed - nearer 
found: 1.0.4)
[DEBUG]       commons-collections:commons-collections:jar:2.0:compile (removed 
- nearer found: 2.1)
[DEBUG]     commons-digester:commons-digester:jar:1.5:compile (selected for 
compile)
[DEBUG]       commons-beanutils:commons-beanutils:jar:1.6:compile (removed - 
nearer found: 1.6.1)
...
 
And what is in the WAR file is:
[DEBUG] adding entry WEB-INF/lib/commons-collections-2.1.jar
(verified this from the .war file)
 
This is contrary to the documentation on the web site:
http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html
Which says:  
Dependency mediation - this determines what version of a dependency will be 
used when multiple versions of an artifact are encountered. Currently, Maven 
2.0 only supports using the "nearest definition" - so you can always guarantee 
a version by declaring it explicitly in your project's POM. 
I take this to mean that the POM is based on the parent pom.xml in a 
multiproject build, and the modules should inherit the version setting from the 
parent.  So I haven't tried to specify the version again in a child pom.xml.

I came across this while converting a project from M1 to M2.  The M1 WAR file 
contains version 3.1, as expected.

Hope to include a simple pom.xml to demo this later -- schedule crunch at the 
moment precludes doing it now.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to