[jira] [Comment Edited] (MNG-7003) Inconsistent dependency tree

[Guillaume Nodet (Jira)]

    [ 
https://issues.apache.org/jira/browse/MNG-7003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17477798#comment-17477798
 ] 

Guillaume Nodet edited comment on MNG-7003 at 1/18/22, 12:12 PM:
-----------------------------------------------------------------

The problem is located in {{DefaultDependencyCollector#processDependency}} 
method iiuc.
The call to {{getArtifactDescriptorResult}} returns correctly the managed 
dependencies in the {{ArtifactDescriptorResult#managedDependencies}}, but those 
are not used, see 
https://github.com/apache/maven-resolver/blob/d87fda700544abffa75655fa9af8738e92c3cea2/maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/collect/DefaultDependencyCollector.java#L416-L464



was (Author: gnt):
The problem is located in {{DefaultDependencyCollector#processDependency}} 
method iiuc.
The call to {{getArtifactDescriptorResult}} returns correctly the managed 
dependencies, but those are not used, see 
https://github.com/apache/maven-resolver/blob/d87fda700544abffa75655fa9af8738e92c3cea2/maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/collect/DefaultDependencyCollector.java#L416-L464

> Inconsistent dependency tree
> ----------------------------
>
>                 Key: MNG-7003
>                 URL: https://issues.apache.org/jira/browse/MNG-7003
>             Project: Maven
>          Issue Type: Bug
>          Components: Dependencies
>    Affects Versions: 3.6.3, 3.8.4
>            Reporter: Arkadiusz Firus
>            Priority: Major
>         Attachments: maven_dependency_problem.tar.gz
>
>
> I have found maven building different dependency tree during module built 
> process and when a module is build as a dependency.
> The problematic case:
> pom ---> dependencyManagement (org.slf4j:slf4j-api:1.7.30)
>   |-- pom --> dependency (org.apache.logging.log4j:log4j-slf4j18-impl:2.13.3) 
> --> dependency (org.slf4j:slf4j-api:1.8.0-beta4)
>  
> When the project is built the dependency tree is OK. The version of transient 
> dependency to slf4j-api is overridden by the dependency management mechanism.
> {{[INFO] arcomp.maven_example:module:jar:1}}
>  {{[INFO] - org.apache.logging.log4j:log4j-slf4j18-impl:jar:2.13.3:compile}}
>  {{[INFO] +- org.slf4j:slf4j-api:jar:*1.7.30*:compile}}
>  {{[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile}}
>  {{[INFO] - org.apache.logging.log4j:log4j-core:jar:2.13.3:runtime}}
>   
> On the other hand when the module is being used as a dependency the version 
> of transient dependency is not overridden.
> {{[INFO] arcomp.maven_example:usage:jar:1}}
>  {{[INFO] - arcomp.maven_example:module:jar:1:compile}}
>  {{[INFO] - org.apache.logging.log4j:log4j-slf4j18-impl:jar:2.13.3:compile}}
>  {{[INFO] +- org.slf4j:slf4j-api:jar:*1.8.0-beta4*:compile}}
>  {{[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile}}
>  {{[INFO] - org.apache.logging.log4j:log4j-core:jar:2.13.3:runtime}}
>   
> Such behaviour may lead to a problem when jar is used with different 
> dependency than it was compiled and tested with.
> I have attached three maven projects packed into archive. Two are in 
> parent-child relationship where the dependency management mechanism is used 
> described above. The third is a usage example.
> I am new here, so please verify if I set the component (and other fields) 
> correctly.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)