I am migrating my project from maven 2 (2.2.1) to maven 3 (3.1.0) and I am having some issues with jar versions. When I tried to track down the problem, I experienced some inconsistent results from dependency plugin which confused me.
When I tried the following commands in maven 3:
mvn dependency:tree -Dincludes=commons-codec
the results was:
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ xxx ---
[INFO] com.xxx.yyy:zzz:war:2.6-SNAPSHOT
[INFO] \- net.sourceforge.jwebunit:jwebunit-htmlunit-plugin:jar:2.2:test
[INFO] \- net.sourceforge.htmlunit:htmlunit:jar:2.5:test
[INFO] \- commons-codec:commons-codec:jar:1.3:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
so the result suggest commons-codec-1.3.jar will be used. (maven 3 does include commons-codec-1.3.jar when packing).
However, if I add the option (-Dverbose) to the command
mvn dependency:tree -Dincludes=commons-codec -Dverbose
the result will be
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ xxx ---
[INFO] com.xxx.yyy:zzz:war:2.6-SNAPSHOT
[INFO] +- net.sourceforge.jwebunit:jwebunit-htmlunit-plugin:jar:2.2:test
[INFO] | \- net.sourceforge.htmlunit:htmlunit:jar:2.5:test
[INFO] | +- commons-httpclient:commons-httpclient:jar:3.1:test
[INFO] | | \- (commons-codec:commons-codec:jar:1.2:test - omitted for conflict with 1.3)
[INFO] | \- (commons-codec:commons-codec:jar:1.3:compile - scope updated from test; omitted for duplicate)
[INFO] \- xxx.yyy.zzz.core:www-core:jar:2.6-SNAPSHOT:compile
[INFO] +- org.apache.httpcomponents:httpclient:jar:4.2.2:compile
[INFO] | \- commons-codec:commons-codec:jar:1.6:compile
[INFO] \- xxx.yyy.zzz.security:datasecurity:jar:2.0:compile
[INFO] \- (commons-codec:commons-codec:jar:1.3:compile - omitted for conflict with 1.6)
[INFO] ------------------------------------------------------------------------
The second result suggests that the version 1.2 and 1.3 will be omitted due to conflict, and maven will use 1.6. Apparently it was not the case since maven 3 packaged commons-codec-1.3.jar in the war file.
Why did the plugin in maven 3 suggest different dependencies in two cases (It should not as -Dverbose should only show which dependencies omitted and why)? Is it a bug or am I missing something?
It is worth to note that maven 2 will package with commons-codec-1.6.jar.
P/s:
- Since version 2.5 of the Maven Dependency Plugin, dependency:tree works with Maven 3 - Maven3 - How do I found dependency resolution? ( mvn depedency:tree does not work for mvn3 )
- verbose: Whether to include omitted nodes in the serialized dependency tree. - http://maven.apache.org/plugins/maven-dependency-plugin/tree-mojo.html