Xavier Hanin a écrit :
I think the problem comes from the metadata in the maven 2 repo: commons-configuration 1.4 depends on commons-jxpath 1.2 in scope compile, which in turn depends on servletapi 2.2 in scope compile too. According to maven 2 scope management documentation [1], it's normal you get servletapi with this metadata. I guess there are similar reasons for other dependencies. To understand why Ivy brings a dependency, I suggest generating the html report (alternatively you can simply go in your ivy cache root and open the xml report file with a web browser). This should help you understand why you'll need a lot of excludes when using maven 2 repo...
Thank you, it's much clearer now. The dependencies of commons logging 1.1 were not properly scoped, it has been fixed with the 1.1.1 release. So in this case, adding a first level dependency on commons logging 1.1.1 in my module ensures that logkit and log4j are not retrieved.
There is something curious though, I looked at the pom for commons configuration 1.5, and the dependency on commons-logging is declared with an exclusion on logkit and avalon :
http://svn.apache.org/viewvc/commons/proper/configuration/tags/CONFIGURATION_1_5/pom.xml?view=markup But the exclusion disappeared in the pom published in the Maven repository : http://repo1.maven.org/maven2/commons-configuration/commons-configuration/1.5/commons-configuration-1.5.pom I wonder what may have caused this. Emmanuel Bourg
