Maven 2 & 3

Transitive dependency lost when included another dependency

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: 3.0-beta-3
  • Component/s: Dependencies
  • Labels:
    None
  • Environment:
    maven 2.0.10 (tried with dependency plugin 2.0 and 2.1)
  • Complexity:
    Intermediate
  • Testcase included:
    yes
  • Number of attachments :
    2

Description

We added a new dependency (velocity-tools) and the project didn't work any more. We've found that one transitive library (antlr used by struts and hibernate) is missing in the installed WAR file.

It looks like the antlr transitive dependency is ignored from hibernate dependencies by plugin choosing struts-1.2.9 one while eventually struts is replaced by 1.2.7 version which does not have antlr dependency.

There is a workaround to the problem - dependencies might be rearranged to include the missing library back (e.g. by moving struts-1.2.7 from parent to ui but only before velocity-tools - see the test case) however the problem is that the plugin behavior is unpredictable.

Test case:
There are root, parent, common, model, ui POM files. The purpose is to create dependency tree deep enough (ui depends on model and inherits from parent, model depends on common). They include external dependencies (velocity-tools, struts, hibernate).

  • WAR artifact created from the root or ui POM does not contain antlr in WEB-INF/lib which is required by hibernate
  • after removing velocity-tools from ui/pom.xml antlr library is included properly

Issue Links

is related to

Bug - A problem which impairs or prevents the functions of the product. MNG-4134 Conflict resolution with scope widening can cause transitive dependencies to be omitted

  • Major - Major loss of function.
  • Open - The issue is open and ready for the assignee to start work on it.

Bug - A problem which impairs or prevents the functions of the product. MNG-4768 Depending on declaration order, nearest matching version does not win when version range is involved in conflict

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Brian Fox made changes -
Field Original Value New Value
Project Maven 2.x Dependency Plugin [ 11214 ] Maven 2 & 3 [ 10500 ]
Key MDEP-202 MNG-4690
Affects Version/s 2.1 [ 14007 ]
Component/s Dependencies [ 12028 ]
Component/s resolve [ 12675 ]
Complexity Intermediate
Hide
Permalink
Benjamin Bentmann added a comment -

Running "mvn package" on the ui module yields a WAR with the folling contents for me:

WEB-INF/lib/antlr-2.7.2.jar
WEB-INF/lib/asm-1.5.3.jar
WEB-INF/lib/asm-attrs-1.5.3.jar
WEB-INF/lib/avalon-framework-4.1.3.jar
WEB-INF/lib/cglib-2.1_3.jar
WEB-INF/lib/common-1.jar
WEB-INF/lib/commons-beanutils-1.7.0.jar
WEB-INF/lib/commons-chain-1.0.jar
WEB-INF/lib/commons-collections-3.2.jar
WEB-INF/lib/commons-digester-1.8.jar
WEB-INF/lib/commons-fileupload-1.0.jar
WEB-INF/lib/commons-logging-1.1.jar
WEB-INF/lib/commons-validator-1.3.1.jar
WEB-INF/lib/dom4j-1.6.1.jar
WEB-INF/lib/ehcache-1.2.3.jar
WEB-INF/lib/hibernate-3.2.3.ga.jar
WEB-INF/lib/jta-1.0.1B.jar
WEB-INF/lib/log4j-1.2.12.jar
WEB-INF/lib/logkit-1.0.1.jar
WEB-INF/lib/model-1.jar
WEB-INF/lib/oro-2.0.8.jar
WEB-INF/lib/servlet-api-2.3.jar
WEB-INF/lib/sslext-1.2-0.jar
WEB-INF/lib/struts-1.2.7.jar
WEB-INF/lib/velocity-1.4.jar
WEB-INF/lib/velocity-dep-1.4.jar
WEB-INF/lib/velocity-tools-1.3.jar

i.e. despite the dependency on velocity-tools, antlr is still included. This matches the dependency tree output:

[INFO] [dependency:tree]
[INFO] cern.ppt.test:ui:war:1
[INFO] +- cern.ppt.test:model:jar:1:compile
[INFO] |  \- cern.ppt.test:common:jar:1:compile
[INFO] |     \- org.hibernate:hibernate:jar:3.2.3.ga:compile
[INFO] |        +- net.sf.ehcache:ehcache:jar:1.2.3:compile
[INFO] |        +- javax.transaction:jta:jar:1.0.1B:compile
[INFO] |        +- asm:asm-attrs:jar:1.5.3:compile
[INFO] |        +- dom4j:dom4j:jar:1.6.1:compile
[INFO] |        +- cglib:cglib:jar:2.1_3:compile
[INFO] |        \- asm:asm:jar:1.5.3:compile
[INFO] +- org.apache.velocity:velocity-tools:jar:1.3:compile
[INFO] |  +- commons-beanutils:commons-beanutils:jar:1.7.0:compile
[INFO] |  +- commons-digester:commons-digester:jar:1.8:compile
[INFO] |  +- commons-collections:commons-collections:jar:3.2:compile
[INFO] |  +- commons-logging:commons-logging:jar:1.1:compile
[INFO] |  |  +- log4j:log4j:jar:1.2.12:compile
[INFO] |  |  +- logkit:logkit:jar:1.0.1:compile
[INFO] |  |  \- avalon-framework:avalon-framework:jar:4.1.3:compile
[INFO] |  +- commons-validator:commons-validator:jar:1.3.1:compile
[INFO] |  +- javax.servlet:servlet-api:jar:2.3:compile
[INFO] |  +- oro:oro:jar:2.0.8:compile
[INFO] |  +- sslext:sslext:jar:1.2-0:compile
[INFO] |  \- velocity:velocity:jar:1.4:compile
[INFO] |     \- velocity:velocity-dep:jar:1.4:runtime
[INFO] \- struts:struts:jar:1.2.7:compile
[INFO]    +- commons-chain:commons-chain:jar:1.0:compile
[INFO]    +- commons-fileupload:commons-fileupload:jar:1.0:compile
[INFO]    \- antlr:antlr:jar:2.7.2:compile

Further things that don't match up with the issue description: The example project does not refer to struts:1.2.9 anywhere. And both struts:1.2.7 and struts:1.2.9 depend on antlr:2.7.2.

Show
Benjamin Bentmann added a comment - Running "mvn package" on the ui module yields a WAR with the folling contents for me: WEB-INF/lib/antlr-2.7.2.jar WEB-INF/lib/asm-1.5.3.jar WEB-INF/lib/asm-attrs-1.5.3.jar WEB-INF/lib/avalon-framework-4.1.3.jar WEB-INF/lib/cglib-2.1_3.jar WEB-INF/lib/common-1.jar WEB-INF/lib/commons-beanutils-1.7.0.jar WEB-INF/lib/commons-chain-1.0.jar WEB-INF/lib/commons-collections-3.2.jar WEB-INF/lib/commons-digester-1.8.jar WEB-INF/lib/commons-fileupload-1.0.jar WEB-INF/lib/commons-logging-1.1.jar WEB-INF/lib/commons-validator-1.3.1.jar WEB-INF/lib/dom4j-1.6.1.jar WEB-INF/lib/ehcache-1.2.3.jar WEB-INF/lib/hibernate-3.2.3.ga.jar WEB-INF/lib/jta-1.0.1B.jar WEB-INF/lib/log4j-1.2.12.jar WEB-INF/lib/logkit-1.0.1.jar WEB-INF/lib/model-1.jar WEB-INF/lib/oro-2.0.8.jar WEB-INF/lib/servlet-api-2.3.jar WEB-INF/lib/sslext-1.2-0.jar WEB-INF/lib/struts-1.2.7.jar WEB-INF/lib/velocity-1.4.jar WEB-INF/lib/velocity-dep-1.4.jar WEB-INF/lib/velocity-tools-1.3.jar i.e. despite the dependency on velocity-tools , antlr is still included. This matches the dependency tree output: [INFO] [dependency:tree] [INFO] cern.ppt.test:ui:war:1 [INFO] +- cern.ppt.test:model:jar:1:compile [INFO] | \- cern.ppt.test:common:jar:1:compile [INFO] | \- org.hibernate:hibernate:jar:3.2.3.ga:compile [INFO] | +- net.sf.ehcache:ehcache:jar:1.2.3:compile [INFO] | +- javax.transaction:jta:jar:1.0.1B:compile [INFO] | +- asm:asm-attrs:jar:1.5.3:compile [INFO] | +- dom4j:dom4j:jar:1.6.1:compile [INFO] | +- cglib:cglib:jar:2.1_3:compile [INFO] | \- asm:asm:jar:1.5.3:compile [INFO] +- org.apache.velocity:velocity-tools:jar:1.3:compile [INFO] | +- commons-beanutils:commons-beanutils:jar:1.7.0:compile [INFO] | +- commons-digester:commons-digester:jar:1.8:compile [INFO] | +- commons-collections:commons-collections:jar:3.2:compile [INFO] | +- commons-logging:commons-logging:jar:1.1:compile [INFO] | | +- log4j:log4j:jar:1.2.12:compile [INFO] | | +- logkit:logkit:jar:1.0.1:compile [INFO] | | \- avalon-framework:avalon-framework:jar:4.1.3:compile [INFO] | +- commons-validator:commons-validator:jar:1.3.1:compile [INFO] | +- javax.servlet:servlet-api:jar:2.3:compile [INFO] | +- oro:oro:jar:2.0.8:compile [INFO] | +- sslext:sslext:jar:1.2-0:compile [INFO] | \- velocity:velocity:jar:1.4:compile [INFO] | \- velocity:velocity-dep:jar:1.4:runtime [INFO] \- struts:struts:jar:1.2.7:compile [INFO] +- commons-chain:commons-chain:jar:1.0:compile [INFO] +- commons-fileupload:commons-fileupload:jar:1.0:compile [INFO] \- antlr:antlr:jar:2.7.2:compile Further things that don't match up with the issue description: The example project does not refer to struts:1.2.9 anywhere. And both struts:1.2.7 and struts:1.2.9 depend on antlr:2.7.2 .
Benjamin Bentmann made changes -
Status Open [ 1 ] Closed [ 6 ]
Assignee Brian Fox [ brianfox ] Benjamin Bentmann [ bentmann ]
Resolution Cannot Reproduce [ 5 ]
Hide
Permalink
Michal Ropka added a comment -

Fixed test case

Show
Michal Ropka added a comment - Fixed test case
Michal Ropka made changes -
Attachment test2.zip [ 50436 ]
Benjamin Bentmann made changes -
Resolution Cannot Reproduce [ 5 ]
Status Closed [ 6 ] Reopened [ 4 ]
Assignee Benjamin Bentmann [ bentmann ]
Hide
Permalink
Michal Ropka added a comment -

Hi,

I've realized that the test case is not complete as my struts-1.2.7 library is different than deployed in the central repository and it contains no dependencies (was deployed manually before an official release was there) so you couldn't reproduce the problem.

However the problem is still there. I've prepared quickly another example (test2.zip). After installing lib1 (version 1 and 2), lib2 and lib3 and running install in the top project you can see that there is no antlr library in ui/target WAR which is required for lib2 which is there.

Cheers,
Michal

Show
Michal Ropka added a comment - Hi, I've realized that the test case is not complete as my struts-1.2.7 library is different than deployed in the central repository and it contains no dependencies (was deployed manually before an official release was there) so you couldn't reproduce the problem. However the problem is still there. I've prepared quickly another example (test2.zip). After installing lib1 (version 1 and 2), lib2 and lib3 and running install in the top project you can see that there is no antlr library in ui/target WAR which is required for lib2 which is there. Cheers, Michal
Hide
Permalink
Michal Ropka added a comment -

More details:

Dependencies in the files look like:

parent/pom.xml
	lib1:1
common/pom.xml
	lib2:1
		antlr:antlr:2.7.6
model/pom.xml
	common
ui/pom.xml (parent/pom.xml as parent)
	model
	lib3:1
		lib1:2
			antlr:antlr:2.7.2
top/pom.xml
	common
	model
	ui

While dependency tree in ui

[INFO] ------------------------------------
[INFO] [dependency:tree]
[INFO] test:ui:war:1
[INFO] +- test:model:jar:1:compile
[INFO] |  \- test:common:jar:1:compile
[INFO] |     \- test.lib:lib2:jar:1:compile
[INFO] +- test.lib:lib3:jar:1:compile
[INFO] \- test.lib:lib1:jar:1:compile
[INFO] ------------------------------------

so lib2 even when requires anrlr does not have it. I believe it is due to some problem when resolving dependencies for lib1.

Show
Michal Ropka added a comment - More details: Dependencies in the files look like: parent/pom.xml lib1:1 common/pom.xml lib2:1 antlr:antlr:2.7.6 model/pom.xml common ui/pom.xml (parent/pom.xml as parent) model lib3:1 lib1:2 antlr:antlr:2.7.2 top/pom.xml common model ui While dependency tree in ui [INFO] ------------------------------------ [INFO] [dependency:tree] [INFO] test:ui:war:1 [INFO] +- test:model:jar:1:compile [INFO] | \- test:common:jar:1:compile [INFO] | \- test.lib:lib2:jar:1:compile [INFO] +- test.lib:lib3:jar:1:compile [INFO] \- test.lib:lib1:jar:1:compile [INFO] ------------------------------------ so lib2 even when requires anrlr does not have it. I believe it is due to some problem when resolving dependencies for lib1 .
Hide
Permalink
Benjamin Bentmann added a comment -

The dirty tree for the ui modules looks like this:

test:ui:1
+- test:model:1
|  \- test:common:1
|     \- test.lib:lib2:1
|        \- antlr:antlr:2.7.6          <--\
+- test.lib:lib3:1                        |
|  \- test.lib:lib1:2        <--\         |(a)
|     \- antlr:antlr:2.7.2      |(b)   ---/
\- test.lib:lib1:1           ---/

For conflict resolution, Maven basically performs a DFS on this tree. When visiting antlr:2.7.2 it eliminates antlr:2.7.6 (a) and when visiting lib1:1 it eliminates lib1:2 (b). Unfortunately, this last step also eliminates the last path to antlr, i.e. antlr:2.7.6 is not reenabled.

Moving lib1:1 before lib3:1 is a possible workaround for the missing back-tracking in the conflict resolution.

Show
Benjamin Bentmann added a comment - The dirty tree for the ui modules looks like this: test:ui:1 +- test:model:1 | \- test:common:1 | \- test.lib:lib2:1 | \- antlr:antlr:2.7.6 <--\ +- test.lib:lib3:1 | | \- test.lib:lib1:2 <--\ |(a) | \- antlr:antlr:2.7.2 |(b) ---/ \- test.lib:lib1:1 ---/ For conflict resolution, Maven basically performs a DFS on this tree. When visiting antlr:2.7.2 it eliminates antlr:2.7.6 (a) and when visiting lib1:1 it eliminates lib1:2 (b). Unfortunately, this last step also eliminates the last path to antlr, i.e. antlr:2.7.6 is not reenabled. Moving lib1:1 before lib3:1 is a possible workaround for the missing back-tracking in the conflict resolution.
Benjamin Bentmann made changes -
Link This issue is related to MNG-4768 [ MNG-4768 ]
Hide
Permalink
Benjamin Bentmann added a comment -

Fixed by r988749.

Show
Benjamin Bentmann added a comment - Fixed by r988749 .
Benjamin Bentmann made changes -
Status Reopened [ 4 ] Closed [ 6 ]
Assignee Benjamin Bentmann [ bentmann ]
Fix Version/s 3.0-beta-3 [ 16681 ]
Resolution Fixed [ 1 ]
Benjamin Bentmann made changes -
Link This issue is related to MNG-4134 [ MNG-4134 ]

People

  • Assignee:
    Benjamin Bentmann
    Reporter:
    Michal Ropka
Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved: