[jira] [Created] (MNG-8645) Plugins resolving don't use dependency management for plugin project

Mon, 24 Mar 2025 12:10:10 -0700 

Slawomir Jaranowski created MNG-8645:
----------------------------------------

             Summary: Plugins resolving don't use dependency management for 
plugin project
                 Key: MNG-8645
                 URL: https://issues.apache.org/jira/browse/MNG-8645
             Project: Maven
          Issue Type: Bug
    Affects Versions: 4.0.0-rc-3
            Reporter: Slawomir Jaranowski


example in maven-jar-plugin (3.x) we have dependencyManagement for commons-io

https://github.com/apache/maven-jar-plugin/blob/08cea8ed3caf1c7f6575b8392d4fc1396f24a09c/pom.xml#L82

Maven 3.9.x and rc-2 resolve as:

{code}
[DEBUG] org.apache.maven.plugins:maven-jar-plugin:jar:3.4.3-SNAPSHOT
[DEBUG] +- org.apache.maven.shared:file-management:jar:3.1.0 [compile]
[DEBUG] |  +- org.codehaus.plexus:plexus-utils:jar:4.0.1 [compile]
[DEBUG] |  \- commons-io:commons-io:jar:2.16.1 [compile]
[DEBUG] +- org.apache.maven:maven-archiver:jar:3.6.2 [compile]
[DEBUG] |  \- org.codehaus.plexus:plexus-interpolation:jar:1.27 [compile]
[DEBUG] +- org.codehaus.plexus:plexus-archiver:jar:4.9.2 [compile]
[DEBUG] |  +- org.codehaus.plexus:plexus-io:jar:3.4.2 [compile]
[DEBUG] |  +- org.apache.commons:commons-compress:jar:1.26.1 [compile]
[DEBUG] |  |  \- org.apache.commons:commons-lang3:jar:3.14.0 [compile]
[DEBUG] |  +- commons-codec:commons-codec:jar:1.16.1 [compile]
[DEBUG] |  +- org.iq80.snappy:snappy:jar:0.4 [compile]
[DEBUG] |  +- org.tukaani:xz:jar:1.9 [runtime]
[DEBUG] |  \- com.github.luben:zstd-jni:jar:1.5.5-11 [runtime]
[DEBUG] +- javax.inject:javax.inject:jar:1 [compile]
[DEBUG] \- org.slf4j:slf4j-api:jar:1.7.36 [compile]
{code}

but for rc-3 we have:
{code}
[DEBUG] org.apache.maven.plugins:maven-jar-plugin:jar:3.4.3-SNAPSHOT
[DEBUG] +- org.apache.maven.shared:file-management:jar:3.1.0 [compile]
[DEBUG] |  +- org.codehaus.plexus:plexus-utils:jar:3.4.2 [compile]
[DEBUG] |  \- commons-io:commons-io:jar:2.11.0 [compile]
[DEBUG] +- org.apache.maven:maven-archiver:jar:3.6.2 [compile]
[DEBUG] |  \- org.codehaus.plexus:plexus-interpolation:jar:1.27 [compile]
[DEBUG] +- org.codehaus.plexus:plexus-archiver:jar:4.9.2 [compile]
[DEBUG] |  +- org.codehaus.plexus:plexus-io:jar:3.4.2 [compile]
[DEBUG] |  +- org.apache.commons:commons-compress:jar:1.26.1 [compile]
[DEBUG] |  |  \- org.apache.commons:commons-lang3:jar:3.14.0 [compile]
[DEBUG] |  +- commons-codec:commons-codec:jar:1.16.1 [compile]
[DEBUG] |  +- org.iq80.snappy:snappy:jar:0.4 [compile]
[DEBUG] |  +- org.tukaani:xz:jar:1.9 [runtime]
[DEBUG] |  \- com.github.luben:zstd-jni:jar:1.5.5-11 [runtime]
[DEBUG] +- javax.inject:javax.inject:jar:1 [compile]
[DEBUG] \- org.slf4j:slf4j-api:jar:1.7.36 [compile]
{code}

{{commons-io}} and {{plexus-utils}} have defined versions in dependency 
management but it is not taken into account.




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to