[
https://issues.apache.org/jira/browse/MNG-8003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17805542#comment-17805542
]
ASF GitHub Bot commented on MNG-8003:
-------------------------------------
cstamas commented on PR #1374:
URL: https://github.com/apache/maven/pull/1374#issuecomment-1887018741
ITmng6127 again, sigh https://issues.apache.org/jira/browse/MNG-7976
> Maven BOM is not what it looks like
> -----------------------------------
>
> Key: MNG-8003
> URL: https://issues.apache.org/jira/browse/MNG-8003
> Project: Maven
> Issue Type: Bug
> Reporter: Tamas Cservenak
> Priority: Major
> Fix For: 4.0.0, 4.0.0-alpha-11
>
>
> Maven project at top level POM (current master) has 3 imports:
> * maven-bom
> * junit bom
> * mockito bom
> While debugging, spotted that junit and mockito imports are "pristine" (in a
> way they contain what one can expect), but the maven-bom had more than BOM
> enlists! It turns out that BOM uses maven-parent@41 (same as top level POM or
> Maven project), and it has 4 extra depMgt entries (plexus, sisu, plexus-xml
> and plexus-util). Basically whoever imports Maven BOM will import these as
> well.
> Moreover, this causes a bit of mess, as maven-parent depMgt section is:
> * imported via maven-bom that inherits them from maven-parent
> * but also inherited as maven top level POM uses maven-parent as well
> Reported conflicts:
> * org.eclipse.sisu:org.eclipse.sisu.plexus:jar:0.9.0.M2@compile vs
> org.eclipse.sisu:org.eclipse.sisu.plexus:jar:0.9.0.M2@compile[2 exclusions]
> -- as in Maven project we add exclusions to decouple plexus and sisu
> * org.codehaus.plexus:plexus-xml:jar:3.0.0@compile vs
> org.codehaus.plexus:plexus-xml:jar:4.0.1@compile -- this is a version conflict
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
