Open someth2say opened 2 years ago
@maxandersen won't this be solved by simply only including the dependencies that are explicitly mentioned in all the //DEPS
statements? (We could do the resolve solely to check that the dependencies are actually correct, but theoretically we could just copy the //DEPS to the POM, right? Or am I missing something?)
correct, we should by default just add the explicit dependencies. leaving out implicit dependencies to be resolved by maven.
Describe the bug A clear and concise description of what the bug is.
The pom file generated by
jbang export mavenrepo
includes direct and transient dependencies. In maven, dependencies are resolved in inverse order (the last declaration overrides previous ones). If a transient dependency is included after a declared dependency, the transient dependency will override the declared dependency, effectively breaking the dependency tree,To Reproduce Steps to reproduce the behavior:
//DEPS com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.0
//DEPS com.hubspot.jinjava:jinjava:2.6.0
, that transitively depends onfasterxml.jackson.dataformat:jackson-dataformat:2.7.9
jbang export mavenrepo
Expected behavior The generated effective pom file (or the tree generated by
mvn dependency:tree
) should include only the declared dependency:com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.0
. In other words, the transitive dependencyfasterxml.jackson.dataformat:jackson-dataformat:2.7.9
should not appear in the generated pom file (or, if it appears, it should be before the declared dependency, so maven version resolution retains the declared dependency).JBang version 0.83.1
Additional context The same transitive dependencies appear in the
.classpath
files generated byjbang edit
. In this case, the order of dependencies in the.classpath
file is the same as the order of declared dependencies in the script. As dependency resolution, in this case, is in order (the first declaration overrides later ones), then the resolution is "correct" (meaning declared dependency is used)..claspath
files must include all dependencies, both direct and transitive. I didn´t test, but I suspect this might lead to hairy situations (p.e. when having transitive dependencies before and after a declared dependency).