[jira] (MNG-4513) Add "additions"/"depedencies" to "dependency" element in "dependencyManagement".

Wed, 02 Jul 2014 06:54:32 -0700 

     [ 
https://jira.codehaus.org/browse/MNG-4513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Paul Benedict updated MNG-4513:
-------------------------------

    Fix Version/s:     (was: Issues to be reviewed for 3.x)

> Add "additions"/"depedencies" to "dependency" element in 
> "dependencyManagement".
> --------------------------------------------------------------------------------
>
>                 Key: MNG-4513
>                 URL: https://jira.codehaus.org/browse/MNG-4513
>             Project: Maven
>          Issue Type: New Feature
>          Components: Dependencies
>    Affects Versions: 2.2.1
>            Reporter: Maarten Billemont
>
> Quite often we need ugly hacks in our poms because of broken dependencies in 
> artifacts we depend on.
> For example, org.apache.ws.security:wss4j depends on xalan:xalan, but that 
> dependency is outdated or badly maintained (not sure now, but irrelevant); so 
> we need to exclude it and replace it with org.apache.xalan:xalan.  Only; we 
> can't do this from our dependencyManagement section for all our project 
> modules, no, we can exclude xalan:xalan, but for EACH module that uses wss4j, 
> we need to MANUALLY specify the dependency on org.apache.xalan:xalan; even 
> though this SHOULD be a transitional dependency from wss4j.  This is dirty 
> and causes unacceptable bugs and maintenance when artifact dependencies 
> change or artifacts are distributed to third parties.
> To fix this, we need to either host our own fixed version of wss4j, or Maven 
> would have to introduce a method of doing BOTH the exclusion of xalan:xalan 
> AND the addition of org.apache.xalan:xalan to the wss4j artifact from the 
> dependencyManagement section.  Personally; I'm not sure it makes much sense 
> supporting only one of the two.
> In this example, I'd like to see the following in my project's parent pom:
> <dependencyManagement>
>   <dependencies>
>     <dependency>
>         <groupId>org.apache.ws.security</groupId>
>         <artifactId>wss4j</artifactId>
>         <version>${wss4j.version}</version>
>         <exclusions>
>             <!-- We use org.apache.* instead -->
>             <exclusion>
>                 <groupId>xalan</groupId>
>                 <artifactId>xalan</artifactId>
>             </exclusion>
>             <exclusion>
>                 <groupId>xerces</groupId>
>                 <artifactId>xercesImpl</artifactId>
>             </exclusion>
>             <exclusion>
>                 <groupId>xml-security</groupId>
>                 <artifactId>xmlsec</artifactId>
>             </exclusion>
>             <exclusion>
>                 <groupId>xml-apis</groupId>
>                 <artifactId>xml-apis</artifactId>
>             </exclusion>
>         </exclusions>
>         <dependencies>
>             <dependency>
>                 <groupId>org.apache.xalan</groupId>
>                 <artifactId>xalan</artifactId>
>                 <version>${xalan.version}</version>
>             </dependency>
>             <dependency>
>                 <groupId>org.apache.xerces</groupId>
>                 <artifactId>xercesImpl</artifactId>
>                 <version>${xercesImpl.version}</version>
>             </dependency>
>             <dependency>
>                 <groupId>org.apache.santuario</groupId>
>                 <artifactId>xmlsec</artifactId>
>                 <version>${xmlsec.version}</version>
>             </dependency>
>             <dependency>
>                 <groupId>org.apache.santuario</groupId>
>                 <artifactId>xmlsec</artifactId>
>                 <version>${xmlsec.version}</version>
>             </dependency>
>         </dependencies>
>     </dependency>
>   </dependencies>
> </dependencyManagement>



--
This message was sent by Atlassian JIRA
(v6.1.6#6162)

Reply via email to