-
Type: Bug
-
Status: Resolved
-
Priority: Critical
-
Resolution: Won't Fix
-
Affects Version/s: NDT-1.13
-
Fix Version/s: NDT-2.0.1
-
Component/s: nuxeo-distribution-tools (deprecated)
-
Tags:
-
Backlog priority:500
If the test scope uses a greater version for a given artifact than in the compile scope, then the artifact version of the compile scope is upgraded but its dependencies are unchanged!
Attached project reproducing the issue with xalan:xalan:2.7.0 and xalan:xalan:2.7.1.
xalan dependencies:
<groupId>xalan</groupId> <artifactId>xalan</artifactId> <version>2.7.0</version> <dependencies> <dependency> <groupId>xml-apis</groupId> <artifactId>xml-apis</artifactId> <version>1.0.b2</version> <!-- 2.0.2 relocated --> </dependency> </dependencies> <groupId>xalan</groupId> <artifactId>xalan</artifactId> <version>2.7.1</version> <dependencies> <dependency> <groupId>xalan</groupId> <artifactId>serializer</artifactId> <version>2.7.1</version> </dependency> </dependencies>
With xalan:serializer:2.7.1 depending on xml-apis:xml-apis:1.3.04
The tree is:
|-- net.sourceforge.htmlunit:htmlunit:jar:2.8:test |-- |-- xalan:xalan:jar:2.7.1:test |-- |-- |-- xalan:serializer:jar:2.7.1:test |-- |-- |-- |-- xml-apis:xml-apis:jar:1.3.04:test |-- xom:xom:jar:1.1:compile |-- |-- xalan:xalan:jar:2.7.0:compile |-- |-- |-- xml-apis:xml-apis:jar:1.0.b2:compile
The expanded (aka resolved) tree contains:
|-- net.sourceforge.htmlunit:htmlunit:jar:2.8:test |-- |-- xalan:xalan:jar:2.7.1:compile |-- |-- |-- xalan:serializer:jar:2.7.1:test |-- |-- |-- |-- xml-apis:xml-apis:jar:1.3.04:test |-- xom:xom:jar:1.1:compile |-- |-- xalan:xalan:jar:2.7.1:compile |-- |-- |-- xml-apis:xml-apis:jar:1.0.b2:compile In test scope: xalan-2.7.1.jar serializer-2.7.1.jar xml-apis-1.3.04.jar
In compile scope:
xalan-2.7.1.jar => upgraded version
=> missing serializer
xml-apis-1.0.b2.jar => wrong version
The issue is xalan was upgraded but not its dependency tree, so wrong versions and artifacts are pulled: we'll be missing serializer JAR and may have issues with not upgraded xml-apis JAR.
Notes:
- the maven-dependency-plugin:tree goal has the same issue,
[INFO] +- xalan:xalan:jar:2.7.1:compile [INFO] | \- xml-apis:xml-apis:jar:1.0.b2:compile
- the maven-dependency-plugin:go-offline goal looks fine.
[INFO] Resolved: xalan-2.7.1.jar [INFO] Resolved: serializer-2.7.1.jar [INFO] Resolved: xml-apis-1.3.04.jar