Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
3.0.0
-
None
Description
In our project, using version 3.0.0-M3 of the maven-enforcer-plugin's DependencyConvergence rule passes. Using version 3.0.0 starts to show convergence errors where provided scope dependencies have different versions than compile scope dependencies, for example:
[WARNING]
Dependency convergence error for org.javassist:javassist:jar:3.28.0-GA:compile paths to dependency are:
+-com.trib3:testing:jar:1.25-dependabot-maven-org.apache.maven.plugins-maven-enforcer-plugin-3.0.0-SNAPSHOT
+-io.dropwizard:dropwizard-auth:jar:2.0.23:compile
+-io.dropwizard:dropwizard-jersey:jar:2.0.23:compile
+-org.javassist:javassist:jar:3.28.0-GA:compile
and
+-com.trib3:testing:jar:1.25-dependabot-maven-org.apache.maven.plugins-maven-enforcer-plugin-3.0.0-SNAPSHOT
+-io.dropwizard:dropwizard-testing:jar:2.0.23:compile
+-org.hibernate:hibernate-core:jar:5.5.2.Final:provided
+-org.javassist:javassist:jar:3.27.0-GA:provided
Is this an intended breaking change? I don't see anything in the release announcement that points obviously to a change here. Seems like the provided version shouldn't matter as it doesn't get shipped with the artifact?
Attachments
Issue Links
- blocks
-
ZEPPELIN-5501 Improve Interpreter Shading
- Open
- is caused by
-
MENFORCER-277 Upgrade maven-dependency-tree to 3.x
- Closed
- is fixed by
-
MSHARED-1016 Transitive provided dependencies are not removed from collected dependency graph
- Closed
- relates to
-
MENFORCER-402 RequireUpperBoundDeps now follow scope provided transitive dependencies
- Closed
- links to