[
https://issues.apache.org/jira/browse/MNG-5988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15354679#comment-15354679
]
Jostein Gogstad commented on MNG-5988:
--------------------------------------
That's true, explicitly depending on some transitive dependency some library
needs will force maven to use that version. It's the easiest solution, but the
problem is unexpected and it is some times difficult to detect which library to
depend on.
When a test-scoped dependency requires a _different_ (not necessarily newer)
version of a library at shallow depth, maven has two choices:
# Package the test-scoped version, strictly adhering to nearest-definition and
possibly downgrading the library that production code requires.
# Package the compile/runtime scoped version, possibly downgrading the library
that test code requires
Alternative 2 is the better option of these choices because errors as a result
of conflicting dependencies are detected earlier and they don't affect
production code. CI being fairly common among development teams these days will
catch errors resulting from choosing the "wrong" library when the tests are
run. On the other hand, it the tests gets to dictate which library are chosen,
errors aren't visible until the application is run. Even though the transitive
dependencies are compile scoped, it won't matter since the direct dependency is
already compiled.
Maven should use "nearest definition" when choosing dependencies, but it
consider the scope of the direct dependency when doing so.
> Dependency mediation should prioritize transitive dependencies based on scope.
> ------------------------------------------------------------------------------
>
> Key: MNG-5988
> URL: https://issues.apache.org/jira/browse/MNG-5988
> Project: Maven
> Issue Type: Bug
> Components: Dependencies
> Affects Versions: 3.2.3
> Reporter: Jostein Gogstad
>
> The
> [documentation|https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html]
> states that dependency mediation only supports "nearest definition",
> regardless of the scope of the parent dependency.
> If both compile- and test scoped dependencies shares the same transitive
> dependency, the test-scoped one will win if it has shallower depth. That in
> turn will lead to runtime exceptions since the transitive dependency is no
> longer on the classpath.
> Take the following pom from a typical [Spring
> Boot|http://projects.spring.io/spring-boot/] application. Since the
> {{camel-test-spring}} dependency also depends on spring, it wins and Spring
> is no longer available to the application at runtime.
> {code:xml}
> <project xmlns="http://maven.apache.org/POM/4.0.0";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> http://maven.apache.org/maven-v4_0_0.xsd";>
> <modelVersion>4.0.0</modelVersion>
> <groupId>com.example</groupId>
> <artifactId>bugreport</artifactId>
> <packaging>jar</packaging>
> <version>1.0.0-SNAPSHOT</version>
> <dependencies>
> <dependency>
> <groupId>org.springframework.boot</groupId>
> <artifactId>spring-boot-starter-web</artifactId>
> <version>1.3.2.RELEASE</version>
> </dependency>
> <dependency>
> <groupId>org.apache.camel</groupId>
> <artifactId>camel-test-spring</artifactId>
> <version>2.16.2</version>
> <scope>test</scope>
> </dependency>
> </dependencies>
> </project>
> {code}
> Now look for {{spring-beans}} or {{spring-context}} in the following
> dependency graphs:
> {code:xml|title=mvn dependency:tree (with camel-test-spring)}
> [INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ bugreport ---
> [INFO] com.example:bugreport:jar:1.0.0-SNAPSHOT
> [INFO] +-
> org.springframework.boot:spring-boot-starter-web:jar:1.3.2.RELEASE:compile
> [INFO] | +-
> org.springframework.boot:spring-boot-starter:jar:1.3.2.RELEASE:compile
> [INFO] | | +- org.springframework.boot:spring-boot:jar:1.3.2.RELEASE:compile
> [INFO] | | +-
> org.springframework.boot:spring-boot-autoconfigure:jar:1.3.2.RELEASE:compile
> [INFO] | | +-
> org.springframework.boot:spring-boot-starter-logging:jar:1.3.2.RELEASE:compile
> [INFO] | | | +- ch.qos.logback:logback-classic:jar:1.1.3:compile
> [INFO] | | | | \- ch.qos.logback:logback-core:jar:1.1.3:compile
> [INFO] | | | +- org.slf4j:jcl-over-slf4j:jar:1.7.13:compile
> [INFO] | | | +- org.slf4j:jul-to-slf4j:jar:1.7.13:compile
> [INFO] | | | \- org.slf4j:log4j-over-slf4j:jar:1.7.13:compile
> [INFO] | | \- org.yaml:snakeyaml:jar:1.16:runtime
> [INFO] | +-
> org.springframework.boot:spring-boot-starter-tomcat:jar:1.3.2.RELEASE:compile
> [INFO] | | +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.0.30:compile
> [INFO] | | +- org.apache.tomcat.embed:tomcat-embed-el:jar:8.0.30:compile
> [INFO] | | +-
> org.apache.tomcat.embed:tomcat-embed-logging-juli:jar:8.0.30:compile
> [INFO] | | \-
> org.apache.tomcat.embed:tomcat-embed-websocket:jar:8.0.30:compile
> [INFO] | +-
> org.springframework.boot:spring-boot-starter-validation:jar:1.3.2.RELEASE:compile
> [INFO] | | \- org.hibernate:hibernate-validator:jar:5.2.2.Final:compile
> [INFO] | | +- javax.validation:validation-api:jar:1.1.0.Final:compile
> [INFO] | | +- org.jboss.logging:jboss-logging:jar:3.2.1.Final:compile
> [INFO] | | \- com.fasterxml:classmate:jar:1.1.0:compile
> [INFO] | +- com.fasterxml.jackson.core:jackson-databind:jar:2.6.5:compile
> [INFO] | | +-
> com.fasterxml.jackson.core:jackson-annotations:jar:2.6.0:compile
> [INFO] | | \- com.fasterxml.jackson.core:jackson-core:jar:2.6.5:compile
> [INFO] | +- org.springframework:spring-web:jar:4.2.4.RELEASE:compile
> [INFO] | \- org.springframework:spring-webmvc:jar:4.2.4.RELEASE:compile
> [INFO] \- org.apache.camel:camel-test-spring:jar:2.16.2:test
> [INFO] +- org.apache.camel:camel-test:jar:2.16.2:test
> [INFO] | +- org.apache.camel:camel-core:jar:2.16.2:test
> [INFO] | | \- org.slf4j:slf4j-api:jar:1.6.6:compile
> [INFO] | \- junit:junit:jar:4.11:test
> [INFO] | \- org.hamcrest:hamcrest-core:jar:1.3:test
> [INFO] +- org.apache.camel:camel-spring:jar:2.16.2:test
> [INFO] +- org.springframework:spring-test:jar:4.1.9.RELEASE:test
> [INFO] +- org.springframework:spring-context:jar:4.1.9.RELEASE:compile
> [INFO] +- org.springframework:spring-beans:jar:4.1.9.RELEASE:compile
> [INFO] +- org.springframework:spring-expression:jar:4.1.9.RELEASE:compile
> [INFO] +- org.springframework:spring-aop:jar:4.1.9.RELEASE:compile
> [INFO] | \- aopalliance:aopalliance:jar:1.0:compile
> [INFO] +- org.springframework:spring-tx:jar:4.1.9.RELEASE:test
> [INFO] +- org.springframework:spring-core:jar:4.1.9.RELEASE:compile
> [INFO] | \- commons-logging:commons-logging:jar:1.2:compile
> [INFO] +- com.sun.xml.bind:jaxb-core:jar:2.2.11:test
> [INFO] \- com.sun.xml.bind:jaxb-impl:jar:2.2.11:test
> {code}
> {code:xml|title=mvn dependency:tree (without camel-test-spring)}
> [INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ bugreport ---
> [INFO] com.example:bugreport:jar:1.0.0-SNAPSHOT
> [INFO] \-
> org.springframework.boot:spring-boot-starter-web:jar:1.3.2.RELEASE:compile
> [INFO] +-
> org.springframework.boot:spring-boot-starter:jar:1.3.2.RELEASE:compile
> [INFO] | +- org.springframework.boot:spring-boot:jar:1.3.2.RELEASE:compile
> [INFO] | +-
> org.springframework.boot:spring-boot-autoconfigure:jar:1.3.2.RELEASE:compile
> [INFO] | +-
> org.springframework.boot:spring-boot-starter-logging:jar:1.3.2.RELEASE:compile
> [INFO] | | +- ch.qos.logback:logback-classic:jar:1.1.3:compile
> [INFO] | | | +- ch.qos.logback:logback-core:jar:1.1.3:compile
> [INFO] | | | \- org.slf4j:slf4j-api:jar:1.7.7:compile
> [INFO] | | +- org.slf4j:jcl-over-slf4j:jar:1.7.13:compile
> [INFO] | | +- org.slf4j:jul-to-slf4j:jar:1.7.13:compile
> [INFO] | | \- org.slf4j:log4j-over-slf4j:jar:1.7.13:compile
> [INFO] | +- org.springframework:spring-core:jar:4.2.4.RELEASE:compile
> [INFO] | \- org.yaml:snakeyaml:jar:1.16:runtime
> [INFO] +-
> org.springframework.boot:spring-boot-starter-tomcat:jar:1.3.2.RELEASE:compile
> [INFO] | +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.0.30:compile
> [INFO] | +- org.apache.tomcat.embed:tomcat-embed-el:jar:8.0.30:compile
> [INFO] | +-
> org.apache.tomcat.embed:tomcat-embed-logging-juli:jar:8.0.30:compile
> [INFO] | \-
> org.apache.tomcat.embed:tomcat-embed-websocket:jar:8.0.30:compile
> [INFO] +-
> org.springframework.boot:spring-boot-starter-validation:jar:1.3.2.RELEASE:compile
> [INFO] | \- org.hibernate:hibernate-validator:jar:5.2.2.Final:compile
> [INFO] | +- javax.validation:validation-api:jar:1.1.0.Final:compile
> [INFO] | +- org.jboss.logging:jboss-logging:jar:3.2.1.Final:compile
> [INFO] | \- com.fasterxml:classmate:jar:1.1.0:compile
> [INFO] +- com.fasterxml.jackson.core:jackson-databind:jar:2.6.5:compile
> [INFO] | +-
> com.fasterxml.jackson.core:jackson-annotations:jar:2.6.0:compile
> [INFO] | \- com.fasterxml.jackson.core:jackson-core:jar:2.6.5:compile
> [INFO] +- org.springframework:spring-web:jar:4.2.4.RELEASE:compile
> [INFO] | +- org.springframework:spring-aop:jar:4.2.4.RELEASE:compile
> [INFO] | | \- aopalliance:aopalliance:jar:1.0:compile
> [INFO] | +- org.springframework:spring-beans:jar:4.2.4.RELEASE:compile
> [INFO] | \- org.springframework:spring-context:jar:4.2.4.RELEASE:compile
> [INFO] \- org.springframework:spring-webmvc:jar:4.2.4.RELEASE:compile
> [INFO] \-
> org.springframework:spring-expression:jar:4.2.4.RELEASE:compile
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
