Maven 2.x Project Info Reports Plugin

Dependencies report is incorrect

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 2.0.1
  • Fix Version/s: 2.1
  • Component/s: dependencies
  • Labels:
    None
  • Environment:
    Maven 2.0.7, SUN JVM 1.5.0_12, Windows XP
  • Number of attachments :
    0

Description

When generating a site from the following POM, the Dependencies report is incorrect.

<project xmlns="http://maven.apache.org/POM/4.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>test</groupId>
  <artifactId>Test</artifactId>
  <packaging>jar</packaging>
  <version>0.0.1-SNAPSHOT</version>
  <name>Test</name>
  <description>Test Dependency Graphs</description>
  <dependencies>
    <dependency>
      <groupId>commons-logging</groupId>
      <artifactId>commons-logging</artifactId>
      <version>1.1</version>
      <scope>compile</scope>
    </dependency>
    <!-- override commons-logging's transitive dependency on servlet-api 2.3 -->
    <dependency>
      <groupId>javax.servlet</groupId>
      <artifactId>servlet-api</artifactId>
      <version>2.4</version>
      <scope>compile</scope>
    </dependency>
  </dependencies>
  <distributionManagement>
    <site>
      <id>TestDependencyGraph</id>
      <url>file://${site.distribution.directory}/TestDependencyGraph</url>
    </site>
  </distributionManagement>
</project>

The Dependencies report of this project's generated site doesn't show the javax.servlet:servlet-api 2.4 as a compile dependency. Instead it shows it as a transitivie dependency. My guess is that it finds the servlet-api 2.3 transitive dependency of commons-logging. However, the strange thing is that it does show the 2.4 version number in the report.

The Dependency Graph has the same error, it shows the servlet-api as a transitive dependency of commons-logging instead of a compile dependency of my own project.

Issue Links

relates to

Bug - A problem which impairs or prevents the functions of the product. MPIR-106 Regression in 2.1-SNAPSHOT, the Project Dependencies and the Project Transitive Dependencies are the same

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Improvement - An improvement or enhancement to an existing feature or task. MPIR-110 Update code due to deprecated classes in maven-dependency-tree:1.1

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Dennis Lundberg added a comment -

I am unable to reproduce the error that you present. I have tried using both 2.0.1 and 2.1-SNAPSHOT, and none of the produce the stuff that you say they do on my machine. I have the same setup, but use Sun JDK 1.4.2_16.

Show
Dennis Lundberg added a comment - I am unable to reproduce the error that you present. I have tried using both 2.0.1 and 2.1-SNAPSHOT, and none of the produce the stuff that you say they do on my machine. I have the same setup, but use Sun JDK 1.4.2_16.
Hide
Permalink
Duncan Doyle added a comment -

That's really strange. I have got this problem with multiple projects, the POM presented here is just a basic example. It also occurs when using the Maven2 Dependency Analyzer tool which can be found here: http://www.jfrog.org/sites/dep-analyzer/1.0/introduction.html

But, I just tested it on my laptop and I can't seem to reproduce it as well. I'll try to reproduce it again tomorrow on my development workstation.

Show
Duncan Doyle added a comment - That's really strange. I have got this problem with multiple projects, the POM presented here is just a basic example. It also occurs when using the Maven2 Dependency Analyzer tool which can be found here: http://www.jfrog.org/sites/dep-analyzer/1.0/introduction.html But, I just tested it on my laptop and I can't seem to reproduce it as well. I'll try to reproduce it again tomorrow on my development workstation.
Hide
Permalink
Dennis Lundberg added a comment -

Thanks Duncan.

Your project would benefit greatly from upgrading to commons-logging 1.1.1, because it has had all the previous dependency problems fixed.

Show
Dennis Lundberg added a comment - Thanks Duncan. Your project would benefit greatly from upgrading to commons-logging 1.1.1, because it has had all the previous dependency problems fixed.
Hide
Permalink
Jim Christenson added a comment -

I have the same problem with a different set of dependencies. Doesn't seem to matter what order I put them in, one dependency does not get listed in the project dependencies. It does get listed in the Transitive list. One additional note, it does not get listed in the dependency tree.

Show
Jim Christenson added a comment - I have the same problem with a different set of dependencies. Doesn't seem to matter what order I put them in, one dependency does not get listed in the project dependencies. It does get listed in the Transitive list. One additional note, it does not get listed in the dependency tree.
Hide
Permalink
Dennis Lundberg added a comment -

Jim, can you give us a sample project that reproduces this issue?

Show
Dennis Lundberg added a comment - Jim, can you give us a sample project that reproduces this issue?
Hide
Permalink
Jim Christenson added a comment -

Here are the dependency nodes from the pom (yes, I know there are updates...)

<dependency>
<groupId>javax.annotation</groupId>
<artifactId>jsr250-api</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>javax.xml.ws</groupId>
<artifactId>jaxws-api</artifactId>
<version>2.0</version>
</dependency>
<dependency>
<groupId>javazoom</groupId>
<artifactId>uploadbean</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>2.0.5-incubator-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi</artifactId>
<version>3.0-FINAL</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate</artifactId>
<version>3.2.0.ga</version>
</dependency>

<dependency>
<groupId>org.apache.geronimo.specs</groupId>
<artifactId>geronimo-ws-metadata_2.0_spec</artifactId>
<version>1.1.2</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.3</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.14</version>
</dependency>

-------------

The dependency report from maven-project-info-reports-plugin-2.0 and 2.0.1 generate a list of compile dependencies that does not include geronimo-ws-metadata_2.0_spec, servlet-api, commons-loggin and log4j even though they are listed as project dependencies. However, these are listed in the transitive dependencies.

Further, the Dependency Tree should contain all of the project dependencies as well as the transitive dependencies – it doesn't match as it is missing several of the transitive dependencies.

I have tried a number of things to resolve this, but can't seem to get the answer.

Show
Jim Christenson added a comment - Here are the dependency nodes from the pom (yes, I know there are updates...) <dependency> <groupId>javax.annotation</groupId> <artifactId>jsr250-api</artifactId> <version>1.0</version> </dependency> <dependency> <groupId>javax.xml.ws</groupId> <artifactId>jaxws-api</artifactId> <version>2.0</version> </dependency> <dependency> <groupId>javazoom</groupId> <artifactId>uploadbean</artifactId> <version>1.0</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-transports-http</artifactId> <version>2.0.5-incubator-SNAPSHOT</version> </dependency> <dependency> <groupId>org.apache.poi</groupId> <artifactId>poi</artifactId> <version>3.0-FINAL</version> </dependency> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate</artifactId> <version>3.2.0.ga</version> </dependency> <dependency> <groupId>org.apache.geronimo.specs</groupId> <artifactId>geronimo-ws-metadata_2.0_spec</artifactId> <version>1.1.2</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.3</version> </dependency> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.1</version> </dependency> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.14</version> </dependency> ------------- The dependency report from maven-project-info-reports-plugin-2.0 and 2.0.1 generate a list of compile dependencies that does not include geronimo-ws-metadata_2.0_spec, servlet-api, commons-loggin and log4j even though they are listed as project dependencies. However, these are listed in the transitive dependencies. Further, the Dependency Tree should contain all of the project dependencies as well as the transitive dependencies – it doesn't match as it is missing several of the transitive dependencies. I have tried a number of things to resolve this, but can't seem to get the answer.
Hide
Permalink
Jim Christenson added a comment -

This morning I ran the dependency:tree goal – this view is correct and is different than the project-info-reports:dependencies list. I would think that these are getting their information from the same place...

Show
Jim Christenson added a comment - This morning I ran the dependency:tree goal – this view is correct and is different than the project-info-reports:dependencies list. I would think that these are getting their information from the same place...
Hide
Permalink
Dennis Lundberg added a comment -

I've updated the component that is used to produce the tree. That mean that this plugin is using the same version of that component as the dependency plugin does.

A new 2.1-SNAPSHOT have been uploaded to the SNAPSHOT repository. Please give a try.

Show
Dennis Lundberg added a comment - I've updated the component that is used to produce the tree. That mean that this plugin is using the same version of that component as the dependency plugin does. A new 2.1-SNAPSHOT have been uploaded to the SNAPSHOT repository. Please give a try.

People

  • Assignee:
    Dennis Lundberg
    Reporter:
    Duncan Doyle
Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved: