[
http://jira.codehaus.org/browse/MDEP-267?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223323#action_223323
]
Cole Mickens commented on MDEP-267:
-----------------------------------
Another thing that seems strange to me... If you remove 'filters.add(
StateDependencyNodeFilter.INCLUDED );' from createDependencyNodeFilter() in
TreeMojo.java, the 'dependency:tree' goal yields:
[INFO] testGroup:testArtifactChild:jar:0.0.1-SNAPSHOT
[INFO] +- commons-beanutils:commons-beanutils:jar:1.8.3:compile
[INFO] | \- (commons-logging:commons-logging:jar:1.0.4:compile - version
managed from 1.1.1; omitted for duplicate)
[INFO] +- commons-logging:commons-logging:jar:1.0.4:compile
[INFO] \- junit:junit:jar:4.8.1:test
Is there a reason that it only gives "version managed from 1.1.1" on the nested
transitive dependency?
> AnalyzeDepMgt Check if DepMgt overrides a (parent's) Transitive Dependency
> --------------------------------------------------------------------------
>
> Key: MDEP-267
> URL: http://jira.codehaus.org/browse/MDEP-267
> Project: Maven 2.x Dependency Plugin
> Issue Type: Improvement
> Affects Versions: 2.1
> Reporter: Cole Mickens
> Assignee: Brian Fox
> Attachments: test-case.zip
>
>
> Unzip the test-case.
> In testArtifactParent, run `mvn -DskipTests=true install`.
> In testArtifactChild, run `mvn -DskipTests=true dependency:tree`.
> When it lists the tree, it prints:
> [INFO] testGroup:testArtifactChild:jar:0.0.1-SNAPSHOT
> [INFO] +- commons-beanutils:commons-beanutils:jar:1.8.3:compile
> [INFO] +- commons-logging:commons-logging:jar:1.0.4:compile
> [INFO] \- junit:junit:jar:4.8.1:test
> If you remove 'commons-logging:commons-logging:jar' from the <dependency>
> section of the child pom, you get:
> [INFO] +- commons-beanutils:commons-beanutils:jar:1.8.3:compile
> [INFO] | \- commons-logging:commons-logging:jar:1.0.4:compile (version
> managed from 1.1.1)
> [INFO] \- junit:junit:jar:4.8.1:test
> As you can see, the warning "version managed from x.x.x" is only printed out
> when the child doesn't declare a dependency on that package. (Possibly due to
> how DependencyNode render's itself based on whether or not it is a duplicate).
> I'm trying to write a new mojo for the Dependency plugin but I'm having
> trouble getting a list of ALL project dependencies. Clearly the Dependency
> plugin has access to this because (at least in one case) it is aware that a
> dependency was overriden by the <dependencyManagement> section.
> I think that the AnalyzeDepMgt mojo should probably be updated to include a
> warning if a managed dependency is overriding a transitive dependency.
> Ironically it was originally meant to do more or less the opposite. That
> maybe confusing and I already have a skeleton for a new mojo to add, but like
> I said, I'm having difficulties getting that "full list of dependencies".
> Hopefully this gives some more context. I'm going to pour through the
> DependencyNode stuff, try to figure out where that "version managed from"
> logic comes from and then implement/call that in the new
> AnalyzeDepMgtOverrides mojo I'm working on. Any input on how this list might
> be easily discovered would be appreciated!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
