Skip to content

Commit 4df7f3a

Browse files
sambsnydsambsnyd
committed
Fix the inappropriate application of dependency management sections during dependency resolution.
1 parent 637b1d1 commit 4df7f3a

File tree

2 files changed

+76
-3
lines changed

2 files changed

+76
-3
lines changed

rewrite-maven/src/main/java/org/openrewrite/maven/tree/ResolvedPom.java

+4-3
Original file line numberDiff line numberDiff line change
@@ -825,9 +825,10 @@ public List<ResolvedDependency> resolveDependencies(Scope scope, Map<GroupArtifa
825825
List<DependencyAndDependent> dependenciesAtNextDepth = new ArrayList<>();
826826

827827
for (DependencyAndDependent dd : dependenciesAtDepth) {
828-
//First get the dependency (relative to the pom it was defined in)
829-
Dependency d = dd.getDefinedIn().getValues(dd.getDependency(), depth);
830-
//The dependency may be modified by the current pom's managed dependencies
828+
// First get the dependency (relative to the pom it was defined in)
829+
// Depth 0 prevents its dependency management from overriding versions of its own direct dependencies
830+
Dependency d = dd.getDefinedIn().getValues(dd.getDependency(), 0);
831+
// The dependency may be modified by the current pom's dependency management
831832
d = getValues(d, depth);
832833
try {
833834
if (d.getVersion() == null) {

rewrite-maven/src/test/java/org/openrewrite/maven/MavenParserTest.java

+72
Original file line numberDiff line numberDiff line change
@@ -2936,4 +2936,76 @@ void escapedA() {
29362936
)
29372937
);
29382938
}
2939+
2940+
@Test
2941+
void transitiveDependencyManagement() {
2942+
rewriteRun(
2943+
mavenProject("depends-on-guava",
2944+
pomXml("""
2945+
<project>
2946+
<modelVersion>4.0.0</modelVersion>
2947+
<groupId>org.example</groupId>
2948+
<artifactId>depends-on-guava</artifactId>
2949+
<version>0.0.1</version>
2950+
<dependencies>
2951+
<dependency>
2952+
<groupId>com.google.guava</groupId>
2953+
<artifactId>guava</artifactId>
2954+
<version>29.0-jre</version>
2955+
</dependency>
2956+
</dependencies>
2957+
<dependencyManagement>
2958+
<dependencies>
2959+
<dependency>
2960+
<groupId>com.google.guava</groupId>
2961+
<artifactId>guava</artifactId>
2962+
<version>30.0-jre</version>
2963+
</dependency>
2964+
</dependencies>
2965+
</dependencyManagement>
2966+
</project>
2967+
""",
2968+
spec -> spec.afterRecipe(pom -> {
2969+
//noinspection OptionalGetWithoutIsPresent
2970+
List<ResolvedDependency> guava = pom.getMarkers().findFirst(MavenResolutionResult.class)
2971+
.map(mrr -> mrr.findDependencies("com.google.guava", "guava", Scope.Compile))
2972+
.get();
2973+
2974+
assertThat(guava)
2975+
.singleElement()
2976+
.as("Dependency management cannot override the version of a direct dependency")
2977+
.matches(it -> "29.0-jre".equals(it.getVersion()));
2978+
})
2979+
)),
2980+
mavenProject("transitively-depends-on-guava",
2981+
pomXml("""
2982+
<project>
2983+
<modelVersion>4.0.0</modelVersion>
2984+
<groupId>org.example</groupId>
2985+
<artifactId>transitively-depends-on-guava</artifactId>
2986+
<version>0.0.1</version>
2987+
<dependencies>
2988+
<dependency>
2989+
<groupId>org.example</groupId>
2990+
<artifactId>depends-on-guava</artifactId>
2991+
<version>0.0.1</version>
2992+
</dependency>
2993+
</dependencies>
2994+
</project>
2995+
""",
2996+
spec -> spec.afterRecipe(pom -> {
2997+
//noinspection OptionalGetWithoutIsPresent
2998+
List<ResolvedDependency> guava = pom.getMarkers().findFirst(MavenResolutionResult.class)
2999+
.map(mrr -> mrr.findDependencies("com.google.guava", "guava", Scope.Compile))
3000+
.get();
3001+
3002+
assertThat(guava)
3003+
.singleElement()
3004+
.as("The dependency management of dependency does not override the versions of its own direct dependencies")
3005+
.matches(it -> "29.0-jre".equals(it.getVersion()));
3006+
})
3007+
)
3008+
)
3009+
);
3010+
}
29393011
}

0 commit comments

Comments
 (0)