[jira] (MNG-5708) Maven dependency resolution inconsistent with multiple excludes

Tue, 28 Oct 2014 16:14:59 -0700 

Henning Schmiedehausen created MNG-5708:
-------------------------------------------

             Summary: Maven dependency resolution inconsistent with multiple 
excludes
                 Key: MNG-5708
                 URL: https://jira.codehaus.org/browse/MNG-5708
             Project: Maven
          Issue Type: Bug
          Components: Dependencies
    Affects Versions: 3.2.3
         Environment: Apache Maven 3.2.3 
(33f8c3e1027c3ddde99d3cdebad2656a31e8fdf4; 2014-08-11T13:58:10-07:00)
Maven home: /home/henning/.apache-maven
Java version: 1.7.0_67, vendor: Oracle Corporation
Java home: /usr/lib/jvm/java-1.7.0-sun-1.7.0.67/jre
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "3.16.6-200.fc20.x86_64", arch: "amd64", family: 
"unix"

            Reporter: Henning Schmiedehausen
         Attachments: dependency-bug.tar.gz

This is how to reproduce the problem:

download and unpack the attached tarball. It contains three projects:

proj1 depends on log4j and commons-lang3
proj2 is a multi module project which uses proj1. But it uses slf4j, so for 
proj1 it has an exclusion in the dependency management section which excludes 
log4j
  module1 depends on proj1 and log4j-over-slf4j
  module2 depends on proj1

proj3 is a project that depends on module1.

enter each project one-by-one and do "mvn clean install". This works fine. So 
dependency exclusion etc. works. 

Now, remove the comments from the exclude block in proj2/module2/pom.xml

run "mvn clean install" in proj2.  Everything still builds fine in proj2. Same 
goes for "mvn clean install -pl :module2" (only build module2) and "mvn clean 
install -rf :module2" (resume from module2)

now go to proj3. The build fails because there are duplicates on the classpath. 
Looking at the dependency tree:

[INFO] group:proj3:jar:1-SNAPSHOT
[INFO] \- group:module1:jar:1-SNAPSHOT:compile
[INFO]    +- group:proj1:jar:1-SNAPSHOT:compile
[INFO]    |  \- log4j:log4j:jar:1.2.7:compile
[INFO]    \- org.slf4j:log4j-over-slf4j:jar:1.7.7:compile
[INFO]       \- org.slf4j:slf4j-api:jar:1.7.7:compile

log4j (which was excluded in the dependencyManagement section) has reappeared!

This only happens if there are excludes in the depMgt section of a parent pom 
*and* excludes in the dependency itself in a child project *and* the dependency 
is referred from outside the multi module project. For an in-tree project (such 
as module2), everything is fine.






--
This message was sent by Atlassian JIRA
(v6.1.6#6162)

Reply via email to