Skip to content

Commit

Permalink
Fix the inappropriate application of dependency management sections d…
Browse files Browse the repository at this point in the history 
…uring dependency resolution.
  • Loading branch information
@sambsnyd
sambsnyd committed Jun 19, 2024
1 parent 637b1d1 commit 4df7f3a
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 3 deletions.
7 changes: 4 additions & 3 deletions rewrite-maven/src/main/java/org/openrewrite/maven/tree/ResolvedPom.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -825,9 +825,10 @@ public List<ResolvedDependency> resolveDependencies(Scope scope, Map<GroupArtifa
List<DependencyAndDependent> dependenciesAtNextDepth = new ArrayList<>();

for (DependencyAndDependent dd : dependenciesAtDepth) {
//First get the dependency (relative to the pom it was defined in)
Dependency d = dd.getDefinedIn().getValues(dd.getDependency(), depth);
//The dependency may be modified by the current pom's managed dependencies
// First get the dependency (relative to the pom it was defined in)
// Depth 0 prevents its dependency management from overriding versions of its own direct dependencies
Dependency d = dd.getDefinedIn().getValues(dd.getDependency(), 0);
// The dependency may be modified by the current pom's dependency management
d = getValues(d, depth);
try {
if (d.getVersion() == null) {
Expand Down
72 changes: 72 additions & 0 deletions rewrite-maven/src/test/java/org/openrewrite/maven/MavenParserTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2936,4 +2936,76 @@ void escapedA() {
)
);
}

@Test
void transitiveDependencyManagement() {
rewriteRun(
mavenProject("depends-on-guava",
pomXml("""
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>org.example</groupId>
<artifactId>depends-on-guava</artifactId>
<version>0.0.1</version>
<dependencies>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>29.0-jre</version>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>30.0-jre</version>
</dependency>
</dependencies>
</dependencyManagement>
</project>
""",
spec -> spec.afterRecipe(pom -> {
//noinspection OptionalGetWithoutIsPresent
List<ResolvedDependency> guava = pom.getMarkers().findFirst(MavenResolutionResult.class)
.map(mrr -> mrr.findDependencies("com.google.guava", "guava", Scope.Compile))
.get();

assertThat(guava)
.singleElement()
.as("Dependency management cannot override the version of a direct dependency")
.matches(it -> "29.0-jre".equals(it.getVersion()));
})
)),
mavenProject("transitively-depends-on-guava",
pomXml("""
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>org.example</groupId>
<artifactId>transitively-depends-on-guava</artifactId>
<version>0.0.1</version>
<dependencies>
<dependency>
<groupId>org.example</groupId>
<artifactId>depends-on-guava</artifactId>
<version>0.0.1</version>
</dependency>
</dependencies>
</project>
""",
spec -> spec.afterRecipe(pom -> {
//noinspection OptionalGetWithoutIsPresent
List<ResolvedDependency> guava = pom.getMarkers().findFirst(MavenResolutionResult.class)
.map(mrr -> mrr.findDependencies("com.google.guava", "guava", Scope.Compile))
.get();

assertThat(guava)
.singleElement()
.as("The dependency management of dependency does not override the versions of its own direct dependencies")
.matches(it -> "29.0-jre".equals(it.getVersion()));
})
)
)
);
}
}

0 comments on commit 4df7f3a

Please sign in to comment.