Skip to content

[MASSEMBLY-1031] Respect dependency mediation when resolving dependencySets#1327

Open
sbrougher-cainc wants to merge 1 commit into
apache:masterfrom
sbrougher-cainc:MASSEMBLY-1031
Open

[MASSEMBLY-1031] Respect dependency mediation when resolving dependencySets#1327
sbrougher-cainc wants to merge 1 commit into
apache:masterfrom
sbrougher-cainc:MASSEMBLY-1031

Conversation

@sbrougher-cainc

@sbrougher-cainc sbrougher-cainc commented Jun 26, 2026

Copy link
Copy Markdown

This PR resolves transitive dependencies from the full declared dependency graph and applies the scope filter only when resolving, instead of pre-filtering the declared dependencies by scope before collection. Pre-filtering hid declarations that win Maven's mediation. This includes nearer versions, or directly provided dependencies, when the relevant declared dependency appeared transitively. This is clearly visible in the old version of the now-corrected src/it/projects/dependency-sets/massembly-1008/verify.groovy file. Despite being declared as test scoped in the pom, guava and all of its children were pulled into the assembly.

Note: in the new version of the code, even though guava is also declared as a transitive dependency of guice, guava will not be present in the final version of the assembly because the declared scope of guava is test. This is consistent with the compile/runtime classpath resolved by maven-dependency-plugin and the maven-jar-plugin.

This fixes when provided dependencies are included when they also occur transitively (MASSEMBLY-1031) and the wrong version being assembled on a cross-scope version conflict (MASSEMBLY-1026). The existing massembly-1008 integration test asserted the previous, incorrect output and is corrected to match Maven's resolution. Note: while this corrects two issues, this is because those two issues have the same underlying cause.

The substantive changes are just a few lines in DefaultDependencyResolver.java; everything else is testing.

Following this checklist to help us incorporate your contribution quickly and easily:

  • Your pull request should address just one issue, without pulling in other changes.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Each commit in the pull request should have a meaningful subject line and body.
    Note that commits might be squashed by a maintainer on merge.
  • Write unit tests that match behavioral changes, where the tests fail if the changes to the runtime are not applied.
    This may not always be possible but is a best-practice.
  • Run mvn verify to make sure basic checks pass.
    A more thorough check will be performed on your pull request automatically.
  • You have run the integration tests successfully (mvn -Prun-its verify).

If your pull request is about ~20 lines of code you don't need to sign an
Individual Contributor License Agreement if you are unsure
please ask on the developers list.

To make clear that you license your contribution under
the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.

…cySets

Resolve transitive dependencies from the full declared dependency graph
and apply the scope filter only when resolving, instead of pre-filtering
the declared dependencies by scope before collection. Pre-filtering hid
declarations that win Maven's mediation: a nearer version or a direct
provided dependency that also appeared transitively. This produced a graph
that disagreed with the compile/runtime classpath resolved by
maven-dependency-plugin and maven-jar-plugin.

This fixes provided dependencies being included when they also occur
transitively (MASSEMBLY-1031) and the wrong version being assembled on a
cross-scope version conflict (MASSEMBLY-1026). The existing massembly-1008
integration test asserted the previous, incorrect output and is corrected
to match Maven's resolution.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant