Hi all, Concerned by this thread, I did some tests. And I have to say, the new Maven 3.4.0 dependency resolution rules seem like a step backwards.
== REAL-WORLD EXAMPLE == Consider the following project: https://github.com/fiji/fiji/blob/ced9faee1c4fba9997a3d614759fb6e78e359d4f/pom.xml Amongst many other dependencies, this project has: <dependency> <groupId>ca.mcgill</groupId> <artifactId>Sholl_Analysis</artifactId> <scope>runtime</scope> </dependency> This is defined in the parent sc.fiji:pom-fiji:24.1.0 here: * https://github.com/fiji/pom-fiji/blob/pom-fiji-24.1.0/pom.xml#L830-L835 * https://github.com/fiji/pom-fiji/blob/pom-fiji-24.1.0/pom.xml#L255-L256 <properties> <!-- Sholl Analysis - https://github.com/tferr/ASA --> <Sholl_Analysis.version>3.6.2</Sholl_Analysis.version> </properties> ... <dependencyManagement> <dependencies> <!-- Sholl Analysis - https://github.com/tferr/ASA --> <dependency> <groupId>ca.mcgill</groupId> <artifactId>Sholl_Analysis</artifactId> <version>${Sholl_Analysis.version}</version> </dependency> </dependencies> </dependencyManagement> With Maven 3.3.9, we have: $ mvn dependency:list|grep Sholl [INFO] ca.mcgill:Sholl_Analysis:jar:3.6.2:runtime But with Maven 3.4.0-20160806.181437-172, we get: $ mvn dependency:list|grep Sholl [INFO] ca.mcgill:Sholl_Analysis:jar:3.6.1:runtime !!! I believe this surprising behavior is caused by the fact that the toplevel fiji POM needs to also include other BOMs via import scope: * https://github.com/fiji/fiji/blob/ced9faee1c4fba9997a3d614759fb6e78e359d4f/pom.xml#L49-L68 <dependencyManagement> <dependencies> <!-- BigDataViewer BOM --> <dependency> <groupId>sc.fiji</groupId> <artifactId>pom-bigdataviewer</artifactId> <version>${pom-bigdataviewer.version}</version> <type>pom</type> <scope>import</scope> </dependency> <!-- TrakEM2 BOM --> <dependency> <groupId>sc.fiji</groupId> <artifactId>pom-trakem2</artifactId> <version>${pom-trakem2.version}</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement> The version of pom-bigdataviewer is 3.2.0: * https://github.com/fiji/pom-fiji/blob/pom-fiji-24.1.0/pom.xml#L135-L136 Which extends pom-fiji version 22.3.0 instead of 24.1.0: * https://github.com/bigdataviewer/pom-bigdataviewer/blob/pom-bigdataviewer-3.2.0/pom.xml#L5-L9 And that version of pom-fiji defines Sholl_Analysis at 3.6.1 instead: * https://github.com/fiji/pom-fiji/blob/pom-fiji-22.3.0/pom.xml#L261-L262 == GIST OF THE PROBLEM == So, with Maven 3.4.0, dependency management brought in from import scope is now trumping that brought in from the parent POM itself. This is problematic because: - IMHO, it violates the Principle of Least Astonishment. - It is now more complicated to compose together multiple "subtrees" of components into a final application which needs to inherit multiple BOMs from these subtrees. - It is now not possible to override version properties _in the POM itself_ to trump the dependencyManagement versions. But strangely, you _can_ still override the version property on the CLI via -DSholl_Analysis.version=x.y.z. I understand and appreciate that I am naive of the deepest nuances of the Maven project model and how it gets synthesized. But: 1) The above behavior will break all of my projects. 2) I do not know how to restructure my components for Maven 3.4.0 to avoid this problem. My vote would be to revert to the old behavior, which seems better to me. However, if this behavior really must be changed, I would suggest pushing it till Maven 4, since it will surely break a lot of existing builds. Regards, Curtis -- Curtis Rueden LOCI software architect - http://loci.wisc.edu/software ImageJ2 lead, Fiji maintainer - http://imagej.net/User:Rueden Did you know ImageJ has a forum? http://forum.imagej.net/ On Fri, Aug 12, 2016 at 10:58 AM, Christian Schulte <[email protected]> wrote: > Am 08/12/16 um 14:41 schrieb Samuel Langlois: > > Hello > > > > I noticed a change of behaviour in Maven 3.4, which made one of our > builds > > fail. > > It may be a bit of a corner case, so I'll let someone else decide whether > > it's a regression or a bug fix... > > You can read all about it here: > > <https://issues.apache.org/jira/browse/MNG-5971> > > Regards, > -- > Christian > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
