Uploaded image for project: 'Maven Enforcer Plugin'
  1. Maven Enforcer Plugin
  2. MENFORCER-394

DependencyConvergence in 3.0.0 fails on provided scoped dependencies

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.0.0
    • 3.1.0
    • Standard Rules
    • None

    Description

      In our project, using version 3.0.0-M3 of the maven-enforcer-plugin's DependencyConvergence rule passes.  Using version 3.0.0 starts to show convergence errors where provided scope dependencies have different versions than compile scope dependencies, for example:

      [WARNING] 
Dependency convergence error for org.javassist:javassist:jar:3.28.0-GA:compile paths to dependency are:
+-com.trib3:testing:jar:1.25-dependabot-maven-org.apache.maven.plugins-maven-enforcer-plugin-3.0.0-SNAPSHOT
  +-io.dropwizard:dropwizard-auth:jar:2.0.23:compile
    +-io.dropwizard:dropwizard-jersey:jar:2.0.23:compile
      +-org.javassist:javassist:jar:3.28.0-GA:compile
and
+-com.trib3:testing:jar:1.25-dependabot-maven-org.apache.maven.plugins-maven-enforcer-plugin-3.0.0-SNAPSHOT
  +-io.dropwizard:dropwizard-testing:jar:2.0.23:compile
    +-org.hibernate:hibernate-core:jar:5.5.2.Final:provided
      +-org.javassist:javassist:jar:3.27.0-GA:provided

      Is this an intended breaking change? I don't see anything in the release announcement that points obviously to a change here.  Seems like the provided version shouldn't matter as it doesn't get shipped with the artifact?

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. ZEPPELIN-5501 Improve Interpreter Shading

          • Major - Major loss of function.
          • Open
          is caused by

          Improvement - An improvement or enhancement to an existing feature or task. MENFORCER-277 Upgrade maven-dependency-tree to 3.x

          • Major - Major loss of function.
          • Closed
          is fixed by

          Bug - A problem which impairs or prevents the functions of the product. MSHARED-1016 Transitive provided dependencies are not removed from collected dependency graph

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MENFORCER-402 RequireUpperBoundDeps now follow scope provided transitive dependencies

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #102

          Activity

            People

              slachiewicz Sylwester Lachiewicz
              jbarnett Joe Barnett
              Votes:
              9 Vote for this issue
              Watchers:
              23 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: