[
https://issues.apache.org/jira/browse/MNG-7906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17814478#comment-17814478
]
Tamas Cservenak edited comment on MNG-7906 at 2/5/24 6:48 PM:
--------------------------------------------------------------
Moreover, to extend Guillaumes point: "project version" {{G:A:1.x}} can change
to {{G:A2:2.x}} as Maven GAV (you have two more coordinates to "express" the
intent) is not "version only" as in npm, ruby-gems etc. You could even "encode"
major version in A, so shift in x.y.z version into {{groupId:artifact-x:y.z}}
or alike (this is just for example sake). Moreover, there is a long history of
changes like these even in ASF history.
This is a reason more why "semantic versioning" is not one-to-one applicable to
Maven universe, simply put, maven universe is "broader" than that laid down by
SemVer.
was (Author: cstamas):
Moreover, to extend Guillaumes point: "project version" {(A:1.x}} can change to
{{G:A2:2.x}} as Maven GAV (you have two more coordinates to "express" the
intent) is not "version only" as in npm, ruby-gems etc. You could even "encode"
major version in A, so shift in x.y.z version into {{groupId:artifact-x:y.z}}
or alike (this is just for example sake). Moreover, there is a long history of
changes like these even in ASF history.
This is a reason more why "semantic versioning" is not one-to-one applicable to
Maven universe, simply put, maven universe is "broader" than that laid down by
SemVer.
> Dependency Management import does not work the "maven way"
> ----------------------------------------------------------
>
> Key: MNG-7906
> URL: https://issues.apache.org/jira/browse/MNG-7906
> Project: Maven
> Issue Type: Bug
> Components: Dependencies, Documentation: General
> Reporter: Tamas Cservenak
> Priority: Major
> Fix For: 4.0.x-candidate
>
>
> This affects all released Maven versions so far.
> Problem reproducer: https://github.com/cstamas/MNG-7852 (repo name is wrong,
> obviously).
> In short: unlike with dependencies, where you CAN override some "deep
> transitive" dependency by re-declaring it directly as 1st level dependency in
> POM, for depMgt import this does not work, actually, it works quite the
> opposite ("first comes, wins"). Moreover, Maven remains silent about this, as
> reproducer shows, and all of this goes unnoticed.
> Solution: at least depMgt import should make "the maven way", maybe not by
> default (to not break existing builds) but configurable. Problem is solved if
> in reproducer:
> - with fix enabled, junit 5.9.3 is used, AND
> - with fix disabled, Maven yells about ignored depMgt import
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
