[
https://issues.apache.org/jira/browse/MNG-7906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17813051#comment-17813051
]
Herve Boutemy edited comment on MNG-7906 at 2/1/24 6:25 AM:
------------------------------------------------------------
{quote}So I think the first step would be to add a WARNING when the POM being
built contains a managed dependency which is lost because not first.
This will explain to the user what's wrong and that the dependency should be
moved up at the top of the managed dependency section in order to be useful.
That should be easily done and back ported to 3.9.x.
{quote}
this idea about warning *only on the POM being built* is the right approach:
not too noisy, actionable, not breaking anything
(going back to the dependencyManagement import topic)
was (Author: hboutemy):
{quote}So I think the first step would be to add a WARNING when the POM being
built contains a managed dependency which is lost because not first.
This will explain to the user what's wrong and that the dependency should be
moved up at the top of the managed dependency section in order to be useful.
That should be easily done and back ported to 3.9.x.
{quote}
this idea about warning *only on the POM being built* is the right approach:
not too noisy, actionable, not breaking anything
> Dependency Management import does not work the "maven way"
> ----------------------------------------------------------
>
> Key: MNG-7906
> URL: https://issues.apache.org/jira/browse/MNG-7906
> Project: Maven
> Issue Type: Bug
> Components: Dependencies, Documentation: General
> Reporter: Tamas Cservenak
> Priority: Major
> Fix For: 4.0.x-candidate
>
>
> This affects all released Maven versions so far.
> Problem reproducer: https://github.com/cstamas/MNG-7852 (repo name is wrong,
> obviously).
> In short: unlike with dependencies, where you CAN override some "deep
> transitive" dependency by re-declaring it directly as 1st level dependency in
> POM, for depMgt import this does not work, actually, it works quite the
> opposite ("first comes, wins"). Moreover, Maven remains silent about this, as
> reproducer shows, and all of this goes unnoticed.
> Solution: at least depMgt import should make "the maven way", maybe not by
> default (to not break existing builds) but configurable. Problem is solved if
> in reproducer:
> - with fix enabled, junit 5.9.3 is used, AND
> - with fix disabled, Maven yells about ignored depMgt import
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
