gnodet commented on issue #12302: URL: https://github.com/apache/maven/issues/12302#issuecomment-4751509112
Closing this issue — after investigation and discussion with Tamás Cservenák, the behavior described in case 2 (parent-inherited `<dependencyManagement>` affecting transitive dependency versions) is correct and by design. `TransitiveDependencyManager` applies depMgmt "down the tree" within the same branch where it was discovered. When a POM inherits depMgmt from its parent, that management correctly applies to child nodes in its subtree. The resolver collects managed dependencies with `putIfAbsent` semantics (closer-to-root wins), so this does not leak sideways to other branches. The fix for consumers who need a different version is to explicitly declare the dependency in their own `<dependencyManagement>` — root-level depMgmt is collected at depth 0 and takes precedence. _Claude Code on behalf of Guillaume Nodet_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
