[
https://issues.apache.org/jira/browse/MNG-7906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17936840#comment-17936840
]
Elliotte Rusty Harold commented on MNG-7906:
--------------------------------------------
This is confusing and surprising. If we were working from a green field, I
would agree with changing this. However, we're not. I don't think we should add
a configurable option to change this. Adding more options only increases the
complexity, and makes it all the more confusing. We should document this
carefully and fully, but we should not change the behavior.
At this late date it's hard to see this as a bug. It's really de facto working
as intended.
> Dependency Management import (BOM) does not work the "maven way"
> ----------------------------------------------------------------
>
> Key: MNG-7906
> URL: https://issues.apache.org/jira/browse/MNG-7906
> Project: Maven
> Issue Type: Bug
> Components: Dependencies, Documentation: General
> Reporter: Tamas Cservenak
> Priority: Major
> Fix For: 4.0.x-candidate
>
>
> This affects all released Maven versions so far (precisely since 2.0.9
> MNG-3220).
> Problem reproducer: https://github.com/cstamas/MNG-7852 (repo name is wrong,
> obviously).
> In short: unlike with dependencies, where you CAN override some "deep
> transitive" dependency by re-declaring it directly as 1st level dependency in
> POM, for depMgt import this does not work, actually, it works quite the
> opposite ("first comes, wins"). Moreover, Maven remains silent about this, as
> reproducer shows, and all of this goes unnoticed.
> Solution: at least depMgt import should make "the maven way", maybe not by
> default (to not break existing builds) but configurable. Problem is solved if
> in reproducer:
> - with fix enabled, junit 5.9.3 is used, AND
> - with fix disabled, Maven yells about ignored depMgt import
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
