gnodet opened a new pull request, #12316: URL: https://github.com/apache/maven/pull/12316
## Draft — RED IT only (no fix yet) Adds an integration test that reproduces the `TransitiveDependencyManager` version downgrade bug. ### Dependency chain ``` root → module-a:1.0 (parent=parent-a) → module-b:1.0 → lib-c:2.0 parent-a has <dependencyManagement> managing lib-c to 1.0 ``` **Expected:** `lib-c` resolves to `2.0` (declared by `module-b`). **Actual (bug):** `lib-c` is downgraded to `1.0` because `TransitiveDependencyManager` has `deriveUntil = Integer.MAX_VALUE`, collecting managed versions from every POM in the graph (vs Maven 3's `ClassicDependencyManager` with `deriveUntil = 2`). ### Root cause `TransitiveDependencyManager.manageDependency()` applies `<dependencyManagement>` at all depths during collection. Maven 3's `ClassicDependencyManager` only used the root project's `<dependencyManagement>`. Reproduces #12302 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
