Skip to content

Fix BOM version resolution for sibling modules in dependencyManagement#12416

Open
Hiteshsai007 wants to merge 1 commit into
apache:masterfrom
Hiteshsai007:maven-11147-bom-version-resolution
Open

Fix BOM version resolution for sibling modules in dependencyManagement#12416
Hiteshsai007 wants to merge 1 commit into
apache:masterfrom
Hiteshsai007:maven-11147-bom-version-resolution

Conversation

@Hiteshsai007

Copy link
Copy Markdown
Contributor

Description

This PR addresses MNG-11147, fixing a regression in Maven 4 where version and groupId inference were skipped for dependencies declared within the <dependencyManagement> section of a BOM-packaged project.

How it works:
I updated the transformFileToRaw method within DefaultModelBuilder to ensure that model.getDependencyManagement().getDependencies() is processed with the same inferDependencyVersion and inferDependencyGroupId logic that is already applied to direct dependencies (model.getDependencies()).

Why this is necessary:
Previously, if a BOM subproject declared sibling reactor modules within its <dependencyManagement> block but omitted the <version> tags (expecting them to be resolved from the reactor), the transformation to the raw model would skip them entirely. This resulted in the installed consumer POM missing the required version tags for those managed dependencies. This change ensures that the reactor versions are properly inherited and written to the consumer POM.

Testing:

  • Successfully verified the fix locally using the bom-example reproducer provided in the issue, confirming that the resulting consumer POM now contains the correctly inferred versions.
  • Formatted with spotless:apply and successfully passed all maven-impl unit tests. Note: Due to the complexity of simulating a full multi-module reactor state directly within DefaultModelBuilderTest, a standalone unit test for this specific code path was omitted in favor of the reproducer validation.

Following this checklist to help us incorporate your
contribution quickly and easily:

  • Your pull request should address just one issue, without pulling in other changes.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Each commit in the pull request should have a meaningful subject line and body.
    Note that commits might be squashed by a maintainer on merge.
  • Write unit tests that match behavioral changes, where the tests fail if the changes to the runtime are not applied.
    This may not always be possible but is a best-practice.
  • Run mvn verify to make sure basic checks pass.
    A more thorough check will be performed on your pull request automatically.
  • You have run the Core IT successfully.

If your pull request is about ~20 lines of code you don't need to sign an
Individual Contributor License Agreement if you are unsure
please ask on the developers list.

To make clear that you license your contribution under
the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant