[jira] Created: (MDEP-267) AnalyzeDepMgt Check if DepMgt overrides a (parent's) Transitive Dependency

Fri, 28 May 2010 13:17:39 -0700 

AnalyzeDepMgt Check if DepMgt overrides a (parent's) Transitive Dependency
--------------------------------------------------------------------------

                 Key: MDEP-267
                 URL: http://jira.codehaus.org/browse/MDEP-267
             Project: Maven 2.x Dependency Plugin
          Issue Type: Improvement
    Affects Versions: 2.1
            Reporter: Cole Mickens
            Assignee: Brian Fox
         Attachments: test-case.zip

Unzip the test-case.
In testArtifactParent, run `mvn -DskipTests=true install`.
In testArtifactChild, run `mvn -DskipTests=true dependency:tree`.

When it lists the tree, it prints:
[INFO] testGroup:testArtifactChild:jar:0.0.1-SNAPSHOT
[INFO] +- commons-beanutils:commons-beanutils:jar:1.8.3:compile
[INFO] +- commons-logging:commons-logging:jar:1.0.4:compile
[INFO] \- junit:junit:jar:4.8.1:test

If you remove 'commons-logging:commons-logging:jar' from the <dependency> 
section of the child pom, you get:
[INFO] +- commons-beanutils:commons-beanutils:jar:1.8.3:compile
[INFO] |  \- commons-logging:commons-logging:jar:1.0.4:compile (version managed 
from 1.1.1)
[INFO] \- junit:junit:jar:4.8.1:test

As you can see, the warning "version managed from x.x.x" is only printed out 
when the child doesn't declare a dependency on that package. (Possibly due to 
how DependencyNode render's itself based on whether or not it is a duplicate).

I'm trying to write a new mojo for the Dependency plugin but I'm having trouble 
getting a list of ALL project dependencies. Clearly the Dependency plugin has 
access to this because (at least in one case) it is aware that a dependency was 
overriden by the <dependencyManagement> section.

I think that the AnalyzeDepMgt mojo should probably  be updated to include a 
warning if a managed dependency is overriding a transitive dependency. 
Ironically it was originally meant to do more or less the opposite. That maybe 
confusing and I already have a skeleton for a new mojo to add, but like I said, 
I'm having difficulties getting that "full list of dependencies".

Hopefully this gives some more context. I'm going to pour through the 
DependencyNode stuff, try to figure out where that "version managed from" logic 
comes from and then implement/call that in the new AnalyzeDepMgtOverrides mojo 
I'm working on. Any input on how this list might be easily discovered would be 
appreciated!

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to