maven 3 dependency plugin - inconsistent result

2
votes

I am migrating my project from maven 2 (2.2.1) to maven 3 (3.1.0) and I am having some issues with jar versions. When I tried to track down the problem, I experienced some inconsistent results from dependency plugin which confused me.

When I tried the following commands in maven 3:

mvn dependency:tree -Dincludes=commons-codec

the results was:

[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ xxx ---
[INFO] com.xxx.yyy:zzz:war:2.6-SNAPSHOT
[INFO] \- net.sourceforge.jwebunit:jwebunit-htmlunit-plugin:jar:2.2:test
[INFO]    \- net.sourceforge.htmlunit:htmlunit:jar:2.5:test
[INFO]       \- commons-codec:commons-codec:jar:1.3:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS

so the result suggest commons-codec-1.3.jar will be used. (maven 3 does include commons-codec-1.3.jar when packing).

However, if I add the option (-Dverbose) to the command 

mvn dependency:tree -Dincludes=commons-codec -Dverbose

the result will be 

[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ xxx ---
[INFO] com.xxx.yyy:zzz:war:2.6-SNAPSHOT
[INFO] +- net.sourceforge.jwebunit:jwebunit-htmlunit-plugin:jar:2.2:test
[INFO] |  \- net.sourceforge.htmlunit:htmlunit:jar:2.5:test
[INFO] |     +- commons-httpclient:commons-httpclient:jar:3.1:test
[INFO] |     |  \- (commons-codec:commons-codec:jar:1.2:test - omitted for conflict with 1.3)
[INFO] |     \- (commons-codec:commons-codec:jar:1.3:compile - scope updated from test; omitted for duplicate)
[INFO] \- xxx.yyy.zzz.core:www-core:jar:2.6-SNAPSHOT:compile
[INFO]    +- org.apache.httpcomponents:httpclient:jar:4.2.2:compile
[INFO]    |  \- commons-codec:commons-codec:jar:1.6:compile
[INFO]    \- xxx.yyy.zzz.security:datasecurity:jar:2.0:compile
[INFO]       \- (commons-codec:commons-codec:jar:1.3:compile - omitted for conflict with 1.6)
[INFO] ------------------------------------------------------------------------

The second result suggests that the version 1.2 and 1.3 will be omitted due to conflict, and maven will use 1.6. Apparently it was not the case since maven 3 packaged commons-codec-1.3.jar in the war file.

Why did the plugin in maven 3 suggest different dependencies in two cases (It should not as -Dverbose should only show which dependencies omitted and why)? Is it a bug or am I missing something?

It is worth to note that maven 2 will package with commons-codec-1.6.jar.

P/s:

1
maven-3maven-dependency-plugin
Please take a look herekhmarbaise
Thanks, I did. I understood that in some cases the dependencies can be resolved different between maven 2 & maven 3. What I don't understand is "Why the plugin suggested different dependencies in two cases just because of "-Dverbose").oppjinx

1 Answers

0
votes

Maven always is the closest dependency that match, in this case 1.2, 1.3 and 1.6 are of the same level of depth: 3. So Maven has to chose one of them and takes 1.6.

You could force a given dependency version by adding the dependency directly in your module pom.xml which would make it in the first level of depth and force maven to use it with the version you defined.

Furthermore, this seems strange to me that you expect version 1.2 since it is a transitive dependency of one the test dependencies (commons-httpclient:commons-httpclient:jar:3.1:test), this should never be packaged.