Details
-
Type:
Bug
-
Status:
Open
-
Priority:
Critical
-
Resolution: Unresolved
-
Affects Version/s: 3.0.3
-
Fix Version/s: None
-
Component/s: Dependencies
-
Labels:None
-
Complexity:Intermediate
-
Number of attachments :
Description
Optional compile-time dependencies are being resolved (in WAR projects, at least) into the packaged artifact.
There has been a regression since Maven 2.2.1 in regards to resolving optional dependencies.
In the attached pom (which builds a WAR), there are two dependencies:
- org.springframework:spring-core:2.5.6 - at compile scope
- org.dbunit:dbunit:2.3.0 - at test scope.
The dependency tree looks like this:
net.twasink:webapp:war:1.0
+- org.springframework:spring-core:jar:2.5.6:compile
| - commons-logging:commons-logging:jar:1.1.1:compile - org.dbunit:dbunit:jar:2.3.0:test +- junit:junit:jar:3.8.2:test +- junit-addons:junit-addons:jar:1.4:test |
| +- xerces:xercesImpl:jar:2.6.2:test |
| - xerces:xmlParserAPIs:jar:2.6.2:test +- org.apache.poi:poi:jar:3.1-FINAL:test |
| - log4j:log4j:jar:1.2.13:test +- commons-collections:commons-collections:jar:3.1:test +- commons-lang:commons-lang:jar:2.1:test +- org.slf4j:slf4j-api:jar:1.4.3:test - org.slf4j:slf4j-nop:jar:1.4.3:test |
Note that log4j:log4j:1.2.13 is a test dependency. However, when you do 'mvn package', and inspect the resulting WAR file, it includes log4j!
The problem appears to be that commons-logging (a compile dependency brought in by spring-core) declares log4j as an optional compile dependency. This is clashing with the test dependency brought in transitively by dbunit.
To make it worse, this is still brought in if you add an explicit exclusion of log4j to spring-core.
Maven 2.2.1 did not bring in the log4j JAR - this is a regression under Maven 3.0.3
Issue Links
- relates to
-
MNG-5188
Test scope dependency incorrectly promoted to compile scope
-
Part of the issue is commons-logging:1.1, declaring commons-logging:1.1.1 in <dependencyManagement> can be used to workaround the bug.