You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What is the smallest, simplest way to reproduce the problem?
I haven't yet managed to reproduce it in a unit test or small project, and I am not allowed to share one of our projects for you to reproduce the issue. I'll try to describe the situation and outcome:
We have a parent POM which imports two POMs in its dependencyManagement (spring-cloud-dependencies and solace-spring-integration-leader)
Some projects which use that parent import an additional bill-of-matierals in their dependencyManagement (another POM which contains nothing but a dependencyManagement section to define dependency versions)
When we update the parent POM in those projects, all used dependencies are copied from the bill-of-materials into the projects' dependencyManagement
This is limited to the dependencies from our bill-of-materials for some reasons. The same does not happen e.g. for the dependencies managed by the spring-cloud-dependencies, which is imported by the parent.
Excerpt of POM before upgrade:
<parent>
<groupId>ch.sbb.tms.capaopt</groupId>
<artifactId>releng-spring-boot-application-parent</artifactId>
<version>6.1.2</version>
</parent>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>ch.sbb.tms.capaopt</groupId>
<artifactId>releng-techstack-bom</artifactId>
<type>pom</type>
<scope>import</scope>
<version>7.0.3</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-stream</artifactId>
<!-- version is managed (indirectly) by parent -->
</dependency>
<dependency>
<groupId>community.solace.spring.boot</groupId>
<artifactId>spring-boot-starter-solace-client-config</artifactId>
<!-- version is managed by releng-techstack-bom -->
</dependency>
</dependencies>
What did you expect to see?
<parent>
<groupId>ch.sbb.tms.capaopt</groupId>
<artifactId>releng-spring-boot-application-parent</artifactId>
<version>7.0.0</version>
</parent>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>ch.sbb.tms.capaopt</groupId>
<artifactId>releng-techstack-bom</artifactId>
<type>pom</type>
<scope>import</scope>
<version>7.0.3</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-stream</artifactId>
<!-- version is still managed (indirectly) by parent -->
</dependency>
<dependency>
<groupId>community.solace.spring.boot</groupId>
<artifactId>spring-boot-starter-solace-client-config</artifactId>
<!-- version is still managed by releng-techstack-bom -->
</dependency>
</dependencies>
What did you see instead?
<parent>
<groupId>ch.sbb.tms.capaopt</groupId>
<artifactId>releng-spring-boot-application-parent</artifactId>
<version>7.0.0</version>
</parent>
<dependencyManagement>
<dependencies>
<!-- new redundant managed dependency, which is already managed by releng-techstack-bom: -->
<dependency>
<groupId>community.solace.spring.boot</groupId>
<artifactId>spring-boot-starter-solace-client-config</artifactId>
<version>1.0.0</version>
</dependency>
<dependency>
<groupId>ch.sbb.tms.capaopt</groupId>
<artifactId>releng-techstack-bom</artifactId>
<type>pom</type>
<scope>import</scope>
<version>7.0.3</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-stream</artifactId>
<!-- version is still managed (indirectly) by parent -->
</dependency>
<dependency>
<groupId>community.solace.spring.boot</groupId>
<artifactId>spring-boot-starter-solace-client-config</artifactId>
</dependency>
</dependencies>
We manage many dependencies in the releng-techstack-bom, so after the upgrade we have tens of redundant managed dependencies; note that the releng-techstack-bom is not removed from the managed dependencies.
Unfortunately, I have no capacity to look into that myself right now. I'll try to build a small reproducer, but so far I have not managed to reproduce the issue with publically available POMs.
simonzn
changed the title
UpgradeParentVersion sometimes blows up the dependencyManagement section
UpgradeParentVersion sometimes adds redundant managed dependencies
May 17, 2024
Thanks for the report! Could see indeed how this is a complicated one to replicate given all that's involved. I'll tag @sambsnyd based on his earlier work in a3e2d86 that you referenced, to see if he has any ideas given the above.
Do let us know if you manage to create that reproducer, as there's a lot of parts we'd hope to condense down into something we can test and fix.
What version of OpenRewrite are you using?
How are you running OpenRewrite?
Maven plugin from the command line
What is the smallest, simplest way to reproduce the problem?
I haven't yet managed to reproduce it in a unit test or small project, and I am not allowed to share one of our projects for you to reproduce the issue. I'll try to describe the situation and outcome:
This is limited to the dependencies from our bill-of-materials for some reasons. The same does not happen e.g. for the dependencies managed by the spring-cloud-dependencies, which is imported by the parent.
Excerpt of POM before upgrade:
What did you expect to see?
What did you see instead?
We manage many dependencies in the releng-techstack-bom, so after the upgrade we have tens of redundant managed dependencies; note that the releng-techstack-bom is not removed from the managed dependencies.
Are you interested in contributing a fix to OpenRewrite?
Unfortunately, I have no capacity to look into that myself right now. I'll try to build a small reproducer, but so far I have not managed to reproduce the issue with publically available POMs.
Workaround
This issue is not reproducible with
I think it was introduced with a3e2d86
The text was updated successfully, but these errors were encountered: