diff --git a/pkg/java/pom/parse.go b/pkg/java/pom/parse.go
index 7d04efb2..e303e396 100644
--- a/pkg/java/pom/parse.go
+++ b/pkg/java/pom/parse.go
@@ -407,9 +407,14 @@ func (p *parser) resolveDepManagement(props map[string]string, depManagement []p
if err != nil {
continue
}
+
+ // We need to recursively check all nested depManagements,
+ // so that we don't miss dependencies on nested depManagements with `Import` scope.
+ newProps := utils.MergeMaps(props, result.properties)
+ result.dependencyManagement = p.resolveDepManagement(newProps, result.dependencyManagement)
for k, dd := range result.dependencyManagement {
// Evaluate variables and overwrite dependencyManagement
- result.dependencyManagement[k] = dd.Resolve(result.properties, nil, nil)
+ result.dependencyManagement[k] = dd.Resolve(newProps, nil, nil)
}
newDepManagement = p.mergeDependencyManagements(newDepManagement, result.dependencyManagement)
}
diff --git a/pkg/java/pom/testdata/import-dependency-management/pom.xml b/pkg/java/pom/testdata/import-dependency-management/pom.xml
index 1a712d13..f26a79f3 100644
--- a/pkg/java/pom/testdata/import-dependency-management/pom.xml
+++ b/pkg/java/pom/testdata/import-dependency-management/pom.xml
@@ -23,7 +23,7 @@
org.example
example-dependency-management
- 2.2.2
+ 3.3.3
import
pom
diff --git a/pkg/java/pom/testdata/repository/org/example/example-dependency-management/3.3.3/example-dependency-management-3.3.3.pom b/pkg/java/pom/testdata/repository/org/example/example-dependency-management/3.3.3/example-dependency-management-3.3.3.pom
new file mode 100644
index 00000000..000e70f1
--- /dev/null
+++ b/pkg/java/pom/testdata/repository/org/example/example-dependency-management/3.3.3/example-dependency-management-3.3.3.pom
@@ -0,0 +1,39 @@
+
+
+
+ 4.0.0
+
+ org.example
+ example-dependency-management
+ 3.3.3
+
+ pom
+ Example API Dependency Management
+ The example API
+
+
+ 1.1.1
+
+
+
+
+
+ org.example
+ example-dependency-management2
+ ${project.managed.version}
+ import
+ pom
+
+
+
+
+
+
+ org.example
+ example-dependency
+ 1.2.3
+
+
+
+
\ No newline at end of file
diff --git a/pkg/java/pom/testdata/repository/org/example/example-dependency-management2/1.1.1/example-dependency-management2-1.1.1.pom b/pkg/java/pom/testdata/repository/org/example/example-dependency-management2/1.1.1/example-dependency-management2-1.1.1.pom
index 08717f8b..58cdbf8c 100644
--- a/pkg/java/pom/testdata/repository/org/example/example-dependency-management2/1.1.1/example-dependency-management2-1.1.1.pom
+++ b/pkg/java/pom/testdata/repository/org/example/example-dependency-management2/1.1.1/example-dependency-management2-1.1.1.pom
@@ -12,12 +12,16 @@
Example API Dependency Management
The example API
+
+ 1.7.30
+
+
org.example
example-api
- 1.1.1
+ ${project.managed.version}
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index 5cb14b22..581fa815 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -57,10 +57,12 @@ func MergeMaps(parent, child map[string]string) map[string]string {
if parent == nil {
return child
}
+ // Clone parent map to avoid shadow overwrite
+ newParent := maps.Clone(parent)
for k, v := range child {
- parent[k] = v
+ newParent[k] = v
}
- return parent
+ return newParent
}
func PackageID(name, version string) string {