Uploaded image for project: 'Maven Enforcer Plugin'
  1. Maven Enforcer Plugin
  2. MENFORCER-252

DependencyConvergence rule doesn't account dependencyManagement section correctly

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.4.1
    • Fix Version/s: None
    • Component/s: Plugin

      Description

      DependencyConvergence doesn't catch dependencyManagement section of dependency correctly.

      Specific example:
      We have module that depends on async-http-client:

              <dependency>
                  <groupId>org.asynchttpclient</groupId>
                  <artifactId>async-http-client</artifactId>
                  <version>2.0.3</version>
              </dependency>
      

      From dependencyConvergence rule we get

      [WARNING] Rule 0: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message:
      Failed while enforcing releasability the error(s) are [
      Dependency convergence error for io.netty:netty-handler:4.0.36.Final paths to dependency are:
      +-our_artifact
        +-org.asynchttpclient:async-http-client:2.0.3
          +-io.netty:netty-codec-http:4.0.36.Final
            +-io.netty:netty-handler:4.0.36.Final
      and
      +-our_artifact
        +-org.asynchttpclient:async-http-client:2.0.3
          +-com.typesafe.netty:netty-reactive-streams:1.0.4
            +-io.netty:netty-handler:4.0.34.Final
      

      While, actually, dependencyManagement section of async-http-client specifies and enforce netty-handler:4.0.36.Final and it's dependency tree doesn't contain netty-handler:4.0.34.Final

      So... if it's not a bug, it should be a way to ignore such cases of explicitly resolved conflicts in external artifact maybe.

      Current fix for this is

              <dependency>
                  <groupId>org.asynchttpclient</groupId>
                  <artifactId>async-http-client</artifactId>
                  <exclusions>
                      <exclusion>
                          <groupId>io.netty</groupId>
                          <artifactId>netty-handler</artifactId>
                      </exclusion>
                  </exclusions>
              </dependency>
              <dependency>
                  <groupId>io.netty</groupId>
                  <artifactId>netty-handler</artifactId>
                  <version>4.0.36.Final</version>
              </dependency>
      

      But it's stupid, because netty-handler already contains only netty-handler:4.0.36.Final

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                spikhalskiy Dmitry Spikhalskiy
              • Votes:
                2 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated: