[
https://jira.codehaus.org/browse/MNG-5722?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=356011#comment-356011
]
Henning Schmiedehausen commented on MNG-5722:
---------------------------------------------
This seems to boil down that with projB present, the dependency for httpclient
is reduced to
[INFO] | \- org.apache.httpcomponents:httpclient:jar:4.3.6:compile
[INFO] | +- org.apache.httpcomponents:httpcore:jar:4.3.3:compile
[INFO] | \- commons-codec:commons-codec:jar:1.6:compile
which then in turn is applied to the dependency loaded from projC-component2
This actually *IS* order dependent, moving the projB dependency at the end of
the dependency list for projD will make the build fail, too.
> maven splills exclude rules from one dependency to another
> ----------------------------------------------------------
>
> Key: MNG-5722
> URL: https://jira.codehaus.org/browse/MNG-5722
> Project: Maven
> Issue Type: Bug
> Components: Dependencies
> Affects Versions: 3.2.3
> Environment: mvn --version
> Apache Maven 3.2.3 (33f8c3e1027c3ddde99d3cdebad2656a31e8fdf4;
> 2014-08-11T13:58:10-07:00)
> Maven home: /home/hschmiedehausen/.apache-maven
> Java version: 1.7.0_67, vendor: Oracle Corporation
> Java home: /usr/lib/jvm/java-1.7.0-sun-1.7.0.67/jre
> Default locale: en_US, platform encoding: UTF-8
> OS name: "linux", version: "3.16.6-200.fc20.x86_64", arch: "amd64", family:
> "unix"
> Reporter: Henning Schmiedehausen
> Attachments: exclude-dependency-bug.tar.gz,
> exclude-dependency-bug.tar.gz
>
>
> unpack the attached archive (note HAUS-2405 for possible problems here, the
> file might be double-compressed). It contains four projects: projA - projD
> for each project run "mvn clean install". All builds succeed
> However, the resulting project D includes
> projB -> jcl-over-slf4j
> projC-component1 -> projC-component2 -> httpclient, which includes commons
> logging
> So the resulting project *should* fail with duplicate classes. However, the
> build succeeds.
> To make the build fail:
> - remove the dependency on projB from projD and rebuild.
> INFO] --- maven-duplicate-finder-plugin:1.0.9:check (default) @ projD ---
> [INFO] Checking compile classpath
> [WARNING] Found duplicate and different classes in
> [commons-logging:commons-logging:1.1.3,org.slf4j:jcl-over-slf4j:1.7.7] :
> [WARNING] org.apache.commons.logging.Log
> [WARNING] org.apache.commons.logging.LogConfigurationException
> [WARNING] org.apache.commons.logging.LogFactory
> [WARNING] org.apache.commons.logging.impl.NoOpLog
> [WARNING] org.apache.commons.logging.impl.SimpleLog
> the separate dependency trees:
> projB:
> [INFO] group:projB:jar:1-SNAPSHOT
> [INFO] \- group:projA:jar:1-SNAPSHOT:compile
> [INFO] +- commons-lang:commons-lang:jar:2.6:compile
> [INFO] \- org.apache.httpcomponents:httpclient:jar:4.3.6:compile
> [INFO] +- org.apache.httpcomponents:httpcore:jar:4.3.3:compile
> [INFO] \- commons-codec:commons-codec:jar:1.6:compile
> projC-component1
> [INFO] group:projC-component1:jar:1-SNAPSHOT
> [INFO] \- group:projC-component2:jar:1-SNAPSHOT:compile
> [INFO] \- org.apache.httpcomponents:httpclient:jar:4.3.6:compile
> [INFO] +- org.apache.httpcomponents:httpcore:jar:4.3.3:compile
> [INFO] +- commons-logging:commons-logging:jar:1.1.3:compile
> [INFO] \- commons-codec:commons-codec:jar:1.6:compile
> projC-component1 *should* include commons-logging which in turn should clash
> with jcl-over-slf4j in projD (proojD depends on projB, projC-component1 and
> jcl-over-slf4j). However, the presence of projB excludes commons-logging from
> the dependencies in projC-component1.
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
