On 06/06/07, Klaus Brunner <[EMAIL PROTECTED]> wrote:
Hi,I'm a bit unhappy with Maven's dependency conflict resolution (as of 2.0.6 at least), which results in surprising "version downgrades", multiple versions of the same dependency, and other unpleasant effects. Example: a WAR project depends on commons-configuration:1.4, which has these dependencies: commons-configuration:1.4 -> commons-collections:3.2 -> commons-jxpath:1.2 -> commons-collections:2.0 As a result, both versions of commons-collections (2.0 AND 3.2) are silently included in the WAR's WEB-INF/lib folder, which is obviously bad.
This shouldn't happen if you're clean packaging.
What's more, the "site" dependencies report for the project lists 2.0 *only*, ignoring 3.2. One can work around this problem using dependencyManagement to force the 3.2 version, but it takes some time finding out what the problem is in the first place.
The default conflict resolution is nearest-wins, see MNG-612 for more info.
At the very least, I would like to get a very obvious warning when something like this happens. The dependency convergence report is helpful (though it doesn't work on single project builds?), but this should really be part of the regular build's output. Is there any existing functionality for getting a notification of dependency version conflicts?
Version ranges will fail the build if they cannot all be satisfied, although there are a number of issues with using them at the moment. I'm currently working on some dependency diagnostic tools to be included in the dependency plugin which should help track down these types of problems. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
