[ https://issues.apache.org/jira/browse/MNG-7906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17814478#comment-17814478 ]
Tamas Cservenak edited comment on MNG-7906 at 2/5/24 6:48 PM: -------------------------------------------------------------- Moreover, to extend Guillaumes point: "project version" {{G:A:1.x}} can change to {{G:A2:2.x}} as Maven GAV (you have two more coordinates to "express" the intent) is not "version only" as in npm, ruby-gems etc. You could even "encode" major version in A, so shift in x.y.z version into {{groupId:artifact-x:y.z}} or alike (this is just for example sake). Moreover, there is a long history of changes like these even in ASF history. This is a reason more why "semantic versioning" is not one-to-one applicable to Maven universe, simply put, maven universe is "broader" than that laid down by SemVer. was (Author: cstamas): Moreover, to extend Guillaumes point: "project version" {(A:1.x}} can change to {{G:A2:2.x}} as Maven GAV (you have two more coordinates to "express" the intent) is not "version only" as in npm, ruby-gems etc. You could even "encode" major version in A, so shift in x.y.z version into {{groupId:artifact-x:y.z}} or alike (this is just for example sake). Moreover, there is a long history of changes like these even in ASF history. This is a reason more why "semantic versioning" is not one-to-one applicable to Maven universe, simply put, maven universe is "broader" than that laid down by SemVer. > Dependency Management import does not work the "maven way" > ---------------------------------------------------------- > > Key: MNG-7906 > URL: https://issues.apache.org/jira/browse/MNG-7906 > Project: Maven > Issue Type: Bug > Components: Dependencies, Documentation: General > Reporter: Tamas Cservenak > Priority: Major > Fix For: 4.0.x-candidate > > > This affects all released Maven versions so far. > Problem reproducer: https://github.com/cstamas/MNG-7852 (repo name is wrong, > obviously). > In short: unlike with dependencies, where you CAN override some "deep > transitive" dependency by re-declaring it directly as 1st level dependency in > POM, for depMgt import this does not work, actually, it works quite the > opposite ("first comes, wins"). Moreover, Maven remains silent about this, as > reproducer shows, and all of this goes unnoticed. > Solution: at least depMgt import should make "the maven way", maybe not by > default (to not break existing builds) but configurable. Problem is solved if > in reproducer: > - with fix enabled, junit 5.9.3 is used, AND > - with fix disabled, Maven yells about ignored depMgt import -- This message was sent by Atlassian Jira (v8.20.10#820010)