Jesse Glick created MNG-5497:
--------------------------------
Summary: maven-metadata.xml checked if dependency expressed
snapshot range even if actual version is fixed
Key: MNG-5497
URL: https://jira.codehaus.org/browse/MNG-5497
Project: Maven 2 & 3
Issue Type: Bug
Components: Artifacts and Repositories
Affects Versions: 3.1.0, 3.0.5, 2.2.1
Environment: Ubuntu, JDK 7
Reporter: Jesse Glick
Priority: Minor
Consider
{code:xml}
<project xmlns="http://maven.apache.org/POM/4.0.0";>
<modelVersion>4.0.0</modelVersion>
<groupId>test</groupId>
<artifactId>test</artifactId>
<version>1.0-SNAPSHOT</version>
<dependencies>
<!--
<dependency>
<artifactId>jffi</artifactId>
<groupId>com.github.jnr</groupId>
<version>1.2.7</version>
</dependency>
<dependency>
<artifactId>jnr-x86asm</artifactId>
<groupId>com.github.jnr</groupId>
<version>1.0.2</version>
</dependency>
-->
<dependency>
<groupId>com.github.jnr</groupId>
<artifactId>jnr-ffi</artifactId>
<version>1.0.4</version>
</dependency>
</dependencies>
</project>
{code}
i.e. a project with a dependency on {{jnr-ffi 1.0.4}}. Building this with
{{--update-snapshots}} checks the remote repositories for newer versions of
transitive dependencies:
{code:none}
...
[INFO] ------------------------------------------------------------------------
[INFO] Building test 1.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
Downloading:
http://repo.maven.apache.org/maven2/com/github/jnr/jffi/maven-metadata.xml
Downloading:
https://oss.sonatype.org/content/repositories/snapshots/com/github/jnr/jffi/maven-metadata.xml
Downloaded:
http://repo.maven.apache.org/maven2/com/github/jnr/jffi/maven-metadata.xml (605
B at 1.9 KB/sec)
Downloaded:
https://oss.sonatype.org/content/repositories/snapshots/com/github/jnr/jffi/maven-metadata.xml
(361 B at 0.4 KB/sec)
Downloading:
http://repo.maven.apache.org/maven2/com/github/jnr/jnr-x86asm/maven-metadata.xml
Downloading:
https://oss.sonatype.org/content/repositories/snapshots/com/github/jnr/jnr-x86asm/maven-metadata.xml
Downloaded:
http://repo.maven.apache.org/maven2/com/github/jnr/jnr-x86asm/maven-metadata.xml
(362 B at 3.9 KB/sec)
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ test ---
...
{code}
which makes sense since the dependency uses version ranges for the transitive
dependencies:
{code:xml}
...
<dependency>
<groupId>com.github.jnr</groupId>
<artifactId>jffi</artifactId>
<version>[1.2.1, 1.3.0)</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>com.github.jnr</groupId>
<artifactId>jffi</artifactId>
<version>[1.2.1, 1.3.0)</version>
<scope>runtime</scope>
<classifier>native</classifier>
</dependency>
...
<dependency>
<groupId>com.github.jnr</groupId>
<artifactId>jnr-x86asm</artifactId>
<version>[1.0.2,)</version>
<scope>compile</scope>
</dependency>
...
{code}
Now suppose you want your own project to use definite versions of the
transitive dependencies. Uncomment the lines in the original POM to do that (as
per {{dependency:tree}}). Yet when building this, Maven _still_ checks the
remote repositories even though the result cannot matter!
Same in Maven 2:
{code:none}
...
[INFO] artifact com.github.jnr:jffi: checking for updates from central
[INFO] artifact com.github.jnr:jnr-x86asm: checking for updates from central
...
{code}
This is annoying as even without {{-U}} a network connection is made once per
day or so when building your project. Affects {{jenkins-core}}.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
