[
https://issues.apache.org/jira/browse/MNG-7906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17814478#comment-17814478
]
Tamas Cservenak edited comment on MNG-7906 at 2/5/24 6:45 PM:
--------------------------------------------------------------
Moreover, to extend Guillaume point: "project version" {(A:1.x}} can change to
\{{G:A2:2.x}} as Maven GAV (remember, you have two more coordinates to
"express" the intent) not found.) is not "version only". You could even
"encode" major version in A, so shift in x.y.z version into
{{groupId:artifact-x:y.z}} or alike (this is just for exampel sake).
This is a reason more why "semantic versioning" is not one-to-one applicable to
Maven universe, simply put, maven universe is "broader" than that laid down by
SemVer.
was (Author: cstamas):
Moreover, to extend Guillaume point: "project version" != "artifact version"
(or it does not have to be). There is a long history, that a project that
evolves, and assuming it gets incompatible changes, change the GAV as well (to
be clear about incompatible changes). So, {{G:A:1.x}} can change to
{{G:A2:2.x}} as Maven GAV (remember, you have two more coordinates to "express"
the intent!) is not "version only". You could even "encode" major version in A,
so shift in x.y.z version into {{groupId:artifact-x:y.z}} or alike (this is
just for exampel sake).
This is a reason more why "semantic versioning" is not one-to-one applicable to
Maven universe, simply put, maven universe is "broader" than that laid down by
SemVer.
> Dependency Management import does not work the "maven way"
> ----------------------------------------------------------
>
> Key: MNG-7906
> URL: https://issues.apache.org/jira/browse/MNG-7906
> Project: Maven
> Issue Type: Bug
> Components: Dependencies, Documentation: General
> Reporter: Tamas Cservenak
> Priority: Major
> Fix For: 4.0.x-candidate
>
>
> This affects all released Maven versions so far.
> Problem reproducer: https://github.com/cstamas/MNG-7852 (repo name is wrong,
> obviously).
> In short: unlike with dependencies, where you CAN override some "deep
> transitive" dependency by re-declaring it directly as 1st level dependency in
> POM, for depMgt import this does not work, actually, it works quite the
> opposite ("first comes, wins"). Moreover, Maven remains silent about this, as
> reproducer shows, and all of this goes unnoticed.
> Solution: at least depMgt import should make "the maven way", maybe not by
> default (to not break existing builds) but configurable. Problem is solved if
> in reproducer:
> - with fix enabled, junit 5.9.3 is used, AND
> - with fix disabled, Maven yells about ignored depMgt import
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
