Uploaded image for project: 'Nuxeo ECM Build/Test Environment'
  1. Nuxeo ECM Build/Test Environment
  2. NXBT-539

The tree must contain the right dependencies when there's an artifact version conflict between scopes

    XMLWordPrintable

    Details

    • Tags:
    • Backlog priority:
      500

      Description

      If the test scope uses a greater version for a given artifact than in the compile scope, then the artifact version of the compile scope is upgraded but its dependencies are unchanged!

      Attached project reproducing the issue with xalan:xalan:2.7.0 and xalan:xalan:2.7.1.

      xalan dependencies:

        <groupId>xalan</groupId>
  <artifactId>xalan</artifactId>
  <version>2.7.0</version>
  <dependencies>
    <dependency>
      <groupId>xml-apis</groupId>
      <artifactId>xml-apis</artifactId>
      <version>1.0.b2</version> <!-- 2.0.2 relocated -->
    </dependency>
  </dependencies>

  <groupId>xalan</groupId>
  <artifactId>xalan</artifactId>
  <version>2.7.1</version>
  <dependencies>
    <dependency>
      <groupId>xalan</groupId>
      <artifactId>serializer</artifactId>
      <version>2.7.1</version>
    </dependency>
  </dependencies>

      With xalan:serializer:2.7.1 depending on xml-apis:xml-apis:1.3.04

      The tree is:

       |-- net.sourceforge.htmlunit:htmlunit:jar:2.8:test
 |--  |-- xalan:xalan:jar:2.7.1:test
 |--  |--  |-- xalan:serializer:jar:2.7.1:test
 |--  |--  |--  |-- xml-apis:xml-apis:jar:1.3.04:test
 |-- xom:xom:jar:1.1:compile
 |--  |-- xalan:xalan:jar:2.7.0:compile
 |--  |--  |-- xml-apis:xml-apis:jar:1.0.b2:compile

      The expanded (aka resolved) tree contains:

       |-- net.sourceforge.htmlunit:htmlunit:jar:2.8:test
 |--  |-- xalan:xalan:jar:2.7.1:compile
 |--  |--  |-- xalan:serializer:jar:2.7.1:test
 |--  |--  |--  |-- xml-apis:xml-apis:jar:1.3.04:test

 |-- xom:xom:jar:1.1:compile
 |--  |-- xalan:xalan:jar:2.7.1:compile
 |--  |--  |-- xml-apis:xml-apis:jar:1.0.b2:compile

In test scope:
xalan-2.7.1.jar
serializer-2.7.1.jar
xml-apis-1.3.04.jar

      In compile scope:
      xalan-2.7.1.jar => upgraded version
      => missing serializer
      xml-apis-1.0.b2.jar => wrong version

      The issue is xalan was upgraded but not its dependency tree, so wrong versions and artifacts are pulled: we'll be missing serializer JAR and may have issues with not upgraded xml-apis JAR.

      Notes:

      • the maven-dependency-plugin:tree goal has the same issue, 
        [INFO]    +- xalan:xalan:jar:2.7.1:compile
[INFO]    |  \- xml-apis:xml-apis:jar:1.0.b2:compile
      • the maven-dependency-plugin:go-offline goal looks fine. 
        [INFO] Resolved: xalan-2.7.1.jar
[INFO] Resolved: serializer-2.7.1.jar
[INFO] Resolved: xml-apis-1.3.04.jar

        Attachments

        1. assembly.xml
          1 kB
        2. assembly.xml
          1 kB
        3. pom.xml
          2 kB
        4. pom.xml
          2 kB
        5. pom-NXBT-552.xml
          2 kB

          Issue Links

          depends on

          Improvement - An improvement or enhancement to an existing feature or task. NXP-11304 Update/Manage Xalan version

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. NXBT-552 Logback should not be part of coreserver

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: