[
https://issues.apache.org/jira/browse/MNG-5708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17088455#comment-17088455
]
Maarten Mulders edited comment on MNG-5708 at 4/21/20, 9:05 AM:
----------------------------------------------------------------
I've tried this with Apache Maven 3.6.3
(cecedd343002696d0abb50b32b541b8a6ba2883f). I needed to do things a little
different than described in the bug (e.g., edit proj2/*module1*/pom.xml and run
{{mvn verify}} on proj3), but that latter command shows:
{code:java}
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ proj3 ---
[INFO] group:proj3:jar:1-SNAPSHOT
[INFO] \- group:module1:jar:1-SNAPSHOT:compile
[INFO] +- group:proj1:jar:1-SNAPSHOT:compile
[INFO] | \- log4j:log4j:jar:1.2.7:compile
[INFO] \- org.slf4j:log4j-over-slf4j:jar:1.7.7:compile
[INFO] \- org.slf4j:slf4j-api:jar:1.7.7:compile
{code}
Log4J is still being included through {{group:proj1}}.
was (Author: mthmulders):
I've tried this with Apache Maven 3.6.3
(cecedd343002696d0abb50b32b541b8a6ba2883f). I needed to do things a little
different than described in the bug (e.g., edit proj2/module*1*/pom.xml and run
{{mvn verify}} on proj3), but that latter command shows:
{code:java}
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ proj3 ---
[INFO] group:proj3:jar:1-SNAPSHOT
[INFO] \- group:module1:jar:1-SNAPSHOT:compile
[INFO] +- group:proj1:jar:1-SNAPSHOT:compile
[INFO] | \- log4j:log4j:jar:1.2.7:compile
[INFO] \- org.slf4j:log4j-over-slf4j:jar:1.7.7:compile
[INFO] \- org.slf4j:slf4j-api:jar:1.7.7:compile
{code}
Log4J is still being included through {{group:proj1}}.
> Maven dependency resolution inconsistent with multiple excludes
> ---------------------------------------------------------------
>
> Key: MNG-5708
> URL: https://issues.apache.org/jira/browse/MNG-5708
> Project: Maven
> Issue Type: Bug
> Components: Dependencies
> Affects Versions: 3.2.3
> Environment: Apache Maven 3.2.3
> (33f8c3e1027c3ddde99d3cdebad2656a31e8fdf4; 2014-08-11T13:58:10-07:00)
> Maven home: /home/henning/.apache-maven
> Java version: 1.7.0_67, vendor: Oracle Corporation
> Java home: /usr/lib/jvm/java-1.7.0-sun-1.7.0.67/jre
> Default locale: en_US, platform encoding: UTF-8
> OS name: "linux", version: "3.16.6-200.fc20.x86_64", arch: "amd64", family:
> "unix"
> Reporter: Henning Schmiedehausen
> Priority: Major
> Fix For: needing-scrub-3.4.0-fallout
>
> Attachments: dependency-bug-2.tar.gz, dependency-bug-3.tar.gz,
> dependency-bug.tar.gz
>
>
> This is how to reproduce the problem:
> download and unpack the attached tarball. It contains three projects:
> proj1 depends on log4j and commons-lang3
> proj2 is a multi module project which uses proj1. But it uses slf4j, so for
> proj1 it has an exclusion in the dependency management section which excludes
> log4j
> module1 depends on proj1 and log4j-over-slf4j
> module2 depends on proj1
> proj3 is a project that depends on module1.
> enter each project one-by-one and do "mvn clean install". This works fine. So
> dependency exclusion etc. works.
> Now, remove the comments from the exclude block in proj2/module2/pom.xml
> run "mvn clean install" in proj2. Everything still builds fine in proj2.
> Same goes for "mvn clean install -pl :module2" (only build module2) and "mvn
> clean install -rf :module2" (resume from module2)
> now go to proj3. The build fails because there are duplicates on the
> classpath. Looking at the dependency tree:
> [INFO] group:proj3:jar:1-SNAPSHOT
> [INFO] \- group:module1:jar:1-SNAPSHOT:compile
> [INFO] +- group:proj1:jar:1-SNAPSHOT:compile
> [INFO] | \- log4j:log4j:jar:1.2.7:compile
> [INFO] \- org.slf4j:log4j-over-slf4j:jar:1.7.7:compile
> [INFO] \- org.slf4j:slf4j-api:jar:1.7.7:compile
> log4j (which was excluded in the dependencyManagement section) has reappeared!
> This only happens if there are excludes in the depMgt section of a parent pom
> *and* excludes in the dependency itself in a child project *and* the
> dependency is referred from outside the multi module project. For an in-tree
> project (such as module2), everything is fine.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
