Exclusions are not applied when versions are provided by constraints
fmck3516 opened this issue · comments
Hi Spring team!
I made a observation and I'm not sure if it's a bug, or if my expectations are wrong.
Details
https://github.com/fmck3516/io.spring.dependency-management/tree/main
TLDR
The transitive dependency commons-logging
is excluded when the version for core-httpclient-impl
is provided directly:
dependencies {
implementation 'com.optimizely.ab:core-httpclient-impl:3.10.2'
}
The transitive dependency commons-logging
is _ NOT_ excluded when the version forcore-httpclient-impl
is provided via constraint:
dependencies {
constraints {
implementation 'com.optimizely.ab:core-httpclient-impl:3.10.2'
}
implementation 'com.optimizely.ab:core-httpclient-impl'
}
My expectation is that the runtime classpath is the the same: Whether I provide the version directly or via constraint.
Thanks for the report. I think this is a bug. When the plugin's trying to apply Maven-style exclusions it has to copy the configurations. This copying isn't considering constraints so they're lost. As a result, an attempt is made to resolve com.optimizely.ab:core-httpclient-impl:
. The lack of version causes it to fail so its pom isn't loaded and the exclusions aren't applied.