Maven 2 & 3
  1. Maven 2 & 3
  2. MNG-4690

Transitive dependency lost when included another dependency

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0-beta-3
    • Component/s: Dependencies
    • Labels:
      None
    • Environment:
      maven 2.0.10 (tried with dependency plugin 2.0 and 2.1)
    • Complexity:
      Intermediate
    • Testcase included:
      yes
    • Number of attachments :
      2

      Description

      We added a new dependency (velocity-tools) and the project didn't work any more. We've found that one transitive library (antlr used by struts and hibernate) is missing in the installed WAR file.

      It looks like the antlr transitive dependency is ignored from hibernate dependencies by plugin choosing struts-1.2.9 one while eventually struts is replaced by 1.2.7 version which does not have antlr dependency.

      There is a workaround to the problem - dependencies might be rearranged to include the missing library back (e.g. by moving struts-1.2.7 from parent to ui but only before velocity-tools - see the test case) however the problem is that the plugin behavior is unpredictable.

      Test case:
      There are root, parent, common, model, ui POM files. The purpose is to create dependency tree deep enough (ui depends on model and inherits from parent, model depends on common). They include external dependencies (velocity-tools, struts, hibernate).

      • WAR artifact created from the root or ui POM does not contain antlr in WEB-INF/lib which is required by hibernate
      • after removing velocity-tools from ui/pom.xml antlr library is included properly

        Issue Links

          Activity

          brianfox brianfox made changes -
          Field Original Value New Value
          Project Maven 2.x Dependency Plugin [ 11214 ] Maven 2 & 3 [ 10500 ]
          Key MDEP-202 MNG-4690
          Affects Version/s 2.1 [ 14007 ]
          Component/s Dependencies [ 12028 ]
          Component/s resolve [ 12675 ]
          Complexity Intermediate
          Hide
          Benjamin Bentmann added a comment -

          Running "mvn package" on the ui module yields a WAR with the folling contents for me:

          WEB-INF/lib/antlr-2.7.2.jar
          WEB-INF/lib/asm-1.5.3.jar
          WEB-INF/lib/asm-attrs-1.5.3.jar
          WEB-INF/lib/avalon-framework-4.1.3.jar
          WEB-INF/lib/cglib-2.1_3.jar
          WEB-INF/lib/common-1.jar
          WEB-INF/lib/commons-beanutils-1.7.0.jar
          WEB-INF/lib/commons-chain-1.0.jar
          WEB-INF/lib/commons-collections-3.2.jar
          WEB-INF/lib/commons-digester-1.8.jar
          WEB-INF/lib/commons-fileupload-1.0.jar
          WEB-INF/lib/commons-logging-1.1.jar
          WEB-INF/lib/commons-validator-1.3.1.jar
          WEB-INF/lib/dom4j-1.6.1.jar
          WEB-INF/lib/ehcache-1.2.3.jar
          WEB-INF/lib/hibernate-3.2.3.ga.jar
          WEB-INF/lib/jta-1.0.1B.jar
          WEB-INF/lib/log4j-1.2.12.jar
          WEB-INF/lib/logkit-1.0.1.jar
          WEB-INF/lib/model-1.jar
          WEB-INF/lib/oro-2.0.8.jar
          WEB-INF/lib/servlet-api-2.3.jar
          WEB-INF/lib/sslext-1.2-0.jar
          WEB-INF/lib/struts-1.2.7.jar
          WEB-INF/lib/velocity-1.4.jar
          WEB-INF/lib/velocity-dep-1.4.jar
          WEB-INF/lib/velocity-tools-1.3.jar
          

          i.e. despite the dependency on velocity-tools, antlr is still included. This matches the dependency tree output:

          [INFO] [dependency:tree]
          [INFO] cern.ppt.test:ui:war:1
          [INFO] +- cern.ppt.test:model:jar:1:compile
          [INFO] |  \- cern.ppt.test:common:jar:1:compile
          [INFO] |     \- org.hibernate:hibernate:jar:3.2.3.ga:compile
          [INFO] |        +- net.sf.ehcache:ehcache:jar:1.2.3:compile
          [INFO] |        +- javax.transaction:jta:jar:1.0.1B:compile
          [INFO] |        +- asm:asm-attrs:jar:1.5.3:compile
          [INFO] |        +- dom4j:dom4j:jar:1.6.1:compile
          [INFO] |        +- cglib:cglib:jar:2.1_3:compile
          [INFO] |        \- asm:asm:jar:1.5.3:compile
          [INFO] +- org.apache.velocity:velocity-tools:jar:1.3:compile
          [INFO] |  +- commons-beanutils:commons-beanutils:jar:1.7.0:compile
          [INFO] |  +- commons-digester:commons-digester:jar:1.8:compile
          [INFO] |  +- commons-collections:commons-collections:jar:3.2:compile
          [INFO] |  +- commons-logging:commons-logging:jar:1.1:compile
          [INFO] |  |  +- log4j:log4j:jar:1.2.12:compile
          [INFO] |  |  +- logkit:logkit:jar:1.0.1:compile
          [INFO] |  |  \- avalon-framework:avalon-framework:jar:4.1.3:compile
          [INFO] |  +- commons-validator:commons-validator:jar:1.3.1:compile
          [INFO] |  +- javax.servlet:servlet-api:jar:2.3:compile
          [INFO] |  +- oro:oro:jar:2.0.8:compile
          [INFO] |  +- sslext:sslext:jar:1.2-0:compile
          [INFO] |  \- velocity:velocity:jar:1.4:compile
          [INFO] |     \- velocity:velocity-dep:jar:1.4:runtime
          [INFO] \- struts:struts:jar:1.2.7:compile
          [INFO]    +- commons-chain:commons-chain:jar:1.0:compile
          [INFO]    +- commons-fileupload:commons-fileupload:jar:1.0:compile
          [INFO]    \- antlr:antlr:jar:2.7.2:compile
          

          Further things that don't match up with the issue description: The example project does not refer to struts:1.2.9 anywhere. And both struts:1.2.7 and struts:1.2.9 depend on antlr:2.7.2.

          Show
          Benjamin Bentmann added a comment - Running "mvn package" on the ui module yields a WAR with the folling contents for me: WEB-INF/lib/antlr-2.7.2.jar WEB-INF/lib/asm-1.5.3.jar WEB-INF/lib/asm-attrs-1.5.3.jar WEB-INF/lib/avalon-framework-4.1.3.jar WEB-INF/lib/cglib-2.1_3.jar WEB-INF/lib/common-1.jar WEB-INF/lib/commons-beanutils-1.7.0.jar WEB-INF/lib/commons-chain-1.0.jar WEB-INF/lib/commons-collections-3.2.jar WEB-INF/lib/commons-digester-1.8.jar WEB-INF/lib/commons-fileupload-1.0.jar WEB-INF/lib/commons-logging-1.1.jar WEB-INF/lib/commons-validator-1.3.1.jar WEB-INF/lib/dom4j-1.6.1.jar WEB-INF/lib/ehcache-1.2.3.jar WEB-INF/lib/hibernate-3.2.3.ga.jar WEB-INF/lib/jta-1.0.1B.jar WEB-INF/lib/log4j-1.2.12.jar WEB-INF/lib/logkit-1.0.1.jar WEB-INF/lib/model-1.jar WEB-INF/lib/oro-2.0.8.jar WEB-INF/lib/servlet-api-2.3.jar WEB-INF/lib/sslext-1.2-0.jar WEB-INF/lib/struts-1.2.7.jar WEB-INF/lib/velocity-1.4.jar WEB-INF/lib/velocity-dep-1.4.jar WEB-INF/lib/velocity-tools-1.3.jar i.e. despite the dependency on velocity-tools , antlr is still included. This matches the dependency tree output: [INFO] [dependency:tree] [INFO] cern.ppt.test:ui:war:1 [INFO] +- cern.ppt.test:model:jar:1:compile [INFO] | \- cern.ppt.test:common:jar:1:compile [INFO] | \- org.hibernate:hibernate:jar:3.2.3.ga:compile [INFO] | +- net.sf.ehcache:ehcache:jar:1.2.3:compile [INFO] | +- javax.transaction:jta:jar:1.0.1B:compile [INFO] | +- asm:asm-attrs:jar:1.5.3:compile [INFO] | +- dom4j:dom4j:jar:1.6.1:compile [INFO] | +- cglib:cglib:jar:2.1_3:compile [INFO] | \- asm:asm:jar:1.5.3:compile [INFO] +- org.apache.velocity:velocity-tools:jar:1.3:compile [INFO] | +- commons-beanutils:commons-beanutils:jar:1.7.0:compile [INFO] | +- commons-digester:commons-digester:jar:1.8:compile [INFO] | +- commons-collections:commons-collections:jar:3.2:compile [INFO] | +- commons-logging:commons-logging:jar:1.1:compile [INFO] | | +- log4j:log4j:jar:1.2.12:compile [INFO] | | +- logkit:logkit:jar:1.0.1:compile [INFO] | | \- avalon-framework:avalon-framework:jar:4.1.3:compile [INFO] | +- commons-validator:commons-validator:jar:1.3.1:compile [INFO] | +- javax.servlet:servlet-api:jar:2.3:compile [INFO] | +- oro:oro:jar:2.0.8:compile [INFO] | +- sslext:sslext:jar:1.2-0:compile [INFO] | \- velocity:velocity:jar:1.4:compile [INFO] | \- velocity:velocity-dep:jar:1.4:runtime [INFO] \- struts:struts:jar:1.2.7:compile [INFO] +- commons-chain:commons-chain:jar:1.0:compile [INFO] +- commons-fileupload:commons-fileupload:jar:1.0:compile [INFO] \- antlr:antlr:jar:2.7.2:compile Further things that don't match up with the issue description: The example project does not refer to struts:1.2.9 anywhere. And both struts:1.2.7 and struts:1.2.9 depend on antlr:2.7.2 .
          Benjamin Bentmann made changes -
          Status Open [ 1 ] Closed [ 6 ]
          Assignee Brian Fox [ brianfox ] Benjamin Bentmann [ bentmann ]
          Resolution Cannot Reproduce [ 5 ]
          Hide
          Michal Ropka added a comment -

          Fixed test case

          Show
          Michal Ropka added a comment - Fixed test case
          Michal Ropka made changes -
          Attachment test2.zip [ 50436 ]
          Benjamin Bentmann made changes -
          Resolution Cannot Reproduce [ 5 ]
          Status Closed [ 6 ] Reopened [ 4 ]
          Assignee Benjamin Bentmann [ bentmann ]
          Hide
          Michal Ropka added a comment -

          Hi,

          I've realized that the test case is not complete as my struts-1.2.7 library is different than deployed in the central repository and it contains no dependencies (was deployed manually before an official release was there) so you couldn't reproduce the problem.

          However the problem is still there. I've prepared quickly another example (test2.zip). After installing lib1 (version 1 and 2), lib2 and lib3 and running install in the top project you can see that there is no antlr library in ui/target WAR which is required for lib2 which is there.

          Cheers,
          Michal

          Show
          Michal Ropka added a comment - Hi, I've realized that the test case is not complete as my struts-1.2.7 library is different than deployed in the central repository and it contains no dependencies (was deployed manually before an official release was there) so you couldn't reproduce the problem. However the problem is still there. I've prepared quickly another example (test2.zip). After installing lib1 (version 1 and 2), lib2 and lib3 and running install in the top project you can see that there is no antlr library in ui/target WAR which is required for lib2 which is there. Cheers, Michal
          Hide
          Michal Ropka added a comment -

          More details:

          Dependencies in the files look like:

          parent/pom.xml
          	lib1:1
          common/pom.xml
          	lib2:1
          		antlr:antlr:2.7.6
          model/pom.xml
          	common
          ui/pom.xml (parent/pom.xml as parent)
          	model
          	lib3:1
          		lib1:2
          			antlr:antlr:2.7.2
          top/pom.xml
          	common
          	model
          	ui
          

          While dependency tree in ui

          [INFO] ------------------------------------
          [INFO] [dependency:tree]
          [INFO] test:ui:war:1
          [INFO] +- test:model:jar:1:compile
          [INFO] |  \- test:common:jar:1:compile
          [INFO] |     \- test.lib:lib2:jar:1:compile
          [INFO] +- test.lib:lib3:jar:1:compile
          [INFO] \- test.lib:lib1:jar:1:compile
          [INFO] ------------------------------------
          

          so lib2 even when requires anrlr does not have it. I believe it is due to some problem when resolving dependencies for lib1.

          Show
          Michal Ropka added a comment - More details: Dependencies in the files look like: parent/pom.xml lib1:1 common/pom.xml lib2:1 antlr:antlr:2.7.6 model/pom.xml common ui/pom.xml (parent/pom.xml as parent) model lib3:1 lib1:2 antlr:antlr:2.7.2 top/pom.xml common model ui While dependency tree in ui [INFO] ------------------------------------ [INFO] [dependency:tree] [INFO] test:ui:war:1 [INFO] +- test:model:jar:1:compile [INFO] | \- test:common:jar:1:compile [INFO] | \- test.lib:lib2:jar:1:compile [INFO] +- test.lib:lib3:jar:1:compile [INFO] \- test.lib:lib1:jar:1:compile [INFO] ------------------------------------ so lib2 even when requires anrlr does not have it. I believe it is due to some problem when resolving dependencies for lib1 .
          Hide
          Benjamin Bentmann added a comment -

          The dirty tree for the ui modules looks like this:

          test:ui:1
          +- test:model:1
          |  \- test:common:1
          |     \- test.lib:lib2:1
          |        \- antlr:antlr:2.7.6          <--\
          +- test.lib:lib3:1                        |
          |  \- test.lib:lib1:2        <--\         |(a)
          |     \- antlr:antlr:2.7.2      |(b)   ---/
          \- test.lib:lib1:1           ---/
          

          For conflict resolution, Maven basically performs a DFS on this tree. When visiting antlr:2.7.2 it eliminates antlr:2.7.6 (a) and when visiting lib1:1 it eliminates lib1:2 (b). Unfortunately, this last step also eliminates the last path to antlr, i.e. antlr:2.7.6 is not reenabled.

          Moving lib1:1 before lib3:1 is a possible workaround for the missing back-tracking in the conflict resolution.

          Show
          Benjamin Bentmann added a comment - The dirty tree for the ui modules looks like this: test:ui:1 +- test:model:1 | \- test:common:1 | \- test.lib:lib2:1 | \- antlr:antlr:2.7.6 <--\ +- test.lib:lib3:1 | | \- test.lib:lib1:2 <--\ |(a) | \- antlr:antlr:2.7.2 |(b) ---/ \- test.lib:lib1:1 ---/ For conflict resolution, Maven basically performs a DFS on this tree. When visiting antlr:2.7.2 it eliminates antlr:2.7.6 (a) and when visiting lib1:1 it eliminates lib1:2 (b). Unfortunately, this last step also eliminates the last path to antlr, i.e. antlr:2.7.6 is not reenabled. Moving lib1:1 before lib3:1 is a possible workaround for the missing back-tracking in the conflict resolution.
          Benjamin Bentmann made changes -
          Link This issue is related to MNG-4768 [ MNG-4768 ]
          Hide
          Benjamin Bentmann added a comment -

          Fixed by r988749.

          Show
          Benjamin Bentmann added a comment - Fixed by r988749 .
          Benjamin Bentmann made changes -
          Status Reopened [ 4 ] Closed [ 6 ]
          Assignee Benjamin Bentmann [ bentmann ]
          Fix Version/s 3.0-beta-3 [ 16681 ]
          Resolution Fixed [ 1 ]
          Benjamin Bentmann made changes -
          Link This issue is related to MNG-4134 [ MNG-4134 ]

            People

            • Assignee:
              Benjamin Bentmann
              Reporter:
              Michal Ropka
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: