Closed rolodato closed 2 years ago
Seems this might not be a bug specific to depgraph, as mvn dependency:tree
shows very similar output:
$ mvn dependency:tree
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------< com.example:example >-------------------------
[INFO] Building example 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ example ---
[INFO] com.example:example:jar:0.0.1-SNAPSHOT
[INFO] +- com.amazonaws:aws-java-sdk-kms:jar:1.11.415:compile
[INFO] | +- com.amazonaws:aws-java-sdk-core:jar:1.11.415:compile <-- no dependency on httpclient:4.5.5 shown
[INFO] | | +- commons-logging:commons-logging:jar:1.1.3:compile
[INFO] | | +- software.amazon.ion:ion-java:jar:1.0.2:compile
[INFO] | | +- com.fasterxml.jackson.core:jackson-databind:jar:2.6.7.1:compile
[INFO] | | | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.6.0:compile
[INFO] | | | \- com.fasterxml.jackson.core:jackson-core:jar:2.6.7:compile
[INFO] | | +- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.6.7:compile
[INFO] | | \- joda-time:joda-time:jar:2.8.1:compile
[INFO] | \- com.amazonaws:jmespath-java:jar:1.11.415:compile
[INFO] \- com.jayway.restassured:rest-assured:jar:2.9.0:test
[INFO] +- org.codehaus.groovy:groovy:jar:2.4.4:test
[INFO] +- org.codehaus.groovy:groovy-xml:jar:2.4.4:test
[INFO] +- org.apache.httpcomponents:httpclient:jar:4.5.1:compile <-- compile instead of test scope
[INFO] | +- org.apache.httpcomponents:httpcore:jar:4.4.3:compile
[INFO] | \- commons-codec:commons-codec:jar:1.9:compile
[INFO] +- org.apache.httpcomponents:httpmime:jar:4.5.1:test
[INFO] +- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] +- org.hamcrest:hamcrest-library:jar:1.3:test
[INFO] +- org.ccil.cowan.tagsoup:tagsoup:jar:1.2.1:test
[INFO] +- com.jayway.restassured:json-path:jar:2.9.0:test
[INFO] | +- org.codehaus.groovy:groovy-json:jar:2.4.4:test
[INFO] | \- com.jayway.restassured:rest-assured-common:jar:2.9.0:test
[INFO] \- com.jayway.restassured:xml-path:jar:2.9.0:test
[INFO] \- org.apache.commons:commons-lang3:jar:3.3.2:test
The graph
goal also has similar behavior:
$ mvn com.github.ferstl:depgraph-maven-plugin:4.0.1:graph -DgraphFormat=text -DshowVersions=true -DshowGroupIds=true
[...]
[INFO] Dependency graph:
com.example:example:0.0.1-SNAPSHOT:compile
+- com.amazonaws:aws-java-sdk-kms:1.11.415:compile
| +- com.amazonaws:aws-java-sdk-core:1.11.415:compile
| | +- commons-logging:commons-logging:1.1.3:compile
| | +- software.amazon.ion:ion-java:1.0.2:compile
| | +- com.fasterxml.jackson.core:jackson-databind:2.6.7.1:compile
| | | +- com.fasterxml.jackson.core:jackson-annotations:2.6.0:compile
| | | \- com.fasterxml.jackson.core:jackson-core:2.6.7:compile
| | +- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.6.7:compile
| | \- joda-time:joda-time:2.8.1:compile
| \- com.amazonaws:jmespath-java:1.11.415:compile
\- com.jayway.restassured:rest-assured:2.9.0:test
+- org.codehaus.groovy:groovy:2.4.4:test
+- org.codehaus.groovy:groovy-xml:2.4.4:test
+- org.apache.httpcomponents:httpclient:4.5.1:compile <--
| +- org.apache.httpcomponents:httpcore:4.4.3:compile <--
| \- commons-codec:commons-codec:1.9:compile
+- org.apache.httpcomponents:httpmime:4.5.1:test
+- org.hamcrest:hamcrest-core:1.3:test
+- org.hamcrest:hamcrest-library:1.3:test
+- org.ccil.cowan.tagsoup:tagsoup:1.2.1:test
+- com.jayway.restassured:json-path:2.9.0:test
| +- org.codehaus.groovy:groovy-json:2.4.4:test
| \- com.jayway.restassured:rest-assured-common:2.9.0:test
\- com.jayway.restassured:xml-path:2.9.0:test
\- org.apache.commons:commons-lang3:3.3.2:test
I hadn't seen the options showConflicts
and showDuplicates
, I think those will get me closer to what I'm looking for. Closing this issue for now while I research :)
I think I've found a bug relating to multiple versions of the same transitive dependency. Consider this POM:
This is the resulting dependency graph:
If we modify the POM to only include each dependency individually, we get different results:
When analyzing both dependencies together, I would expect to see a result similar to this:
Thanks for your work and support!