You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Matt Nelson (Jira)" <ji...@apache.org> on 2022/01/03 22:40:00 UTC

[jira] [Commented] (MENFORCER-407) Enforcer 3.0.0 breaks with Maven 3.8.4

    [ https://issues.apache.org/jira/browse/MENFORCER-407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17468257#comment-17468257 ] 

Matt Nelson commented on MENFORCER-407:
---------------------------------------

Trying to see if I can create a minimal reproducible example, not quite there yet.

But here is what I can share so far. A common theme is that all of the violations are related to a provided dependencies that do not match convergence between the other versions, provided or not.

Output from failing rule, redacted internal identifiers.
{noformat}
[WARNING]
Dependency convergence error for javax.servlet:javax.servlet-api:jar:4.0.1:provided paths to dependency are:
+-mygroup:myartifact:jar:myversion
  +-mygroup:myartifact:jar:myversion:compile
    +-mygroup:myartifact:jar:myversion:compile
      +-javax.servlet:javax.servlet-api:jar:4.0.1:provided
and
+-mygroup:myartifact:jar:myversion
  +-mygroup:myartifact:jar:myversion:test
    +-org.eclipse.jetty:jetty-jndi:jar:9.4.44.v20210927:test
      +-org.eclipse.jetty:jetty-util:jar:9.4.44.v20210927:test
        +-javax.servlet:javax.servlet-api:jar:3.1.0:test
and
+-mygroup:myartifact:jar:myversion
  +-mygroup:myartifact:jar:myversion:test
    +-org.eclipse.jetty:jetty-jndi:jar:9.4.44.v20210927:test
      +-org.eclipse.jetty:jetty-webapp:jar:9.4.44.v20210927:test
        +-org.eclipse.jetty:jetty-servlet:jar:9.4.44.v20210927:test
          +-org.eclipse.jetty:jetty-util-ajax:jar:9.4.44.v20210927:test
            +-javax.servlet:javax.servlet-api:jar:3.1.0:test

[WARNING]
Dependency convergence error for javax.servlet:servlet-api:jar:2.4:provided paths to dependency are:
+-mygroup:myartifact:jar:myversion
  +-mygroup:myartifact:jar:myversion:compile
    +-commons-configuration:commons-configuration:jar:1.10:compile
      +-javax.servlet:servlet-api:jar:2.4:provided
and
+-mygroup:myartifact:jar:myversion
  +-mygroup:myartifact:jar:myversion:compile
    +-mygroup:myartifact:jar:myversion:compile
      +-mygroup:myartifact:jar:myversion:compile
        +-net.oauth.core:oauth-provider:jar:20100527:compile
          +-javax.servlet:servlet-api:jar:2.4:provided
and
+-mygroup:myartifact:jar:myversion
  +-mygroup:myartifact:jar:myversion:compile
    +-mygroup:myartifact:jar:myversion:compile
      +-mygroup:myartifact:jar:myversion:compile
        +-javax.servlet:servlet-api:jar:2.5:provided
and
+-mygroup:myartifact:jar:myversion
  +-mygroup:myartifact:jar:myversion:compile
    +-mygroup:myartifact:jar:myversion:compile
      +-mygroup:myartifact:jar:myversion:compile
        +-javax.servlet:servlet-api:jar:2.5:provided
and
+-mygroup:myartifact:jar:myversion
  +-mygroup:myartifact:jar:myversion:compile
    +-mygroup:myartifact:jar:myversion:compile
      +-mygroup:myartifact:jar:myversion:compile
        +-javax.servlet:servlet-api:jar:2.4:provided
and
+-mygroup:myartifact:jar:myversion
  +-mygroup:myartifact:jar:myversion:compile
    +-javax.servlet:servlet-api:jar:2.5:provided
{noformat}

----

Another interesting bit. I am using the bannedDependencies rule on these artifacts since we are managing up to the compatible jakarta version. That rule was passing which leads me to believe that those were not being evaluated previously. Haven't got far enough into the build yet to see if this starts failing now as well.

{code:xml}
                                <bannedDependencies>
                                    <excludes>
                                        <exclude>javax.servlet:javax.servlet-api</exclude>
                                        <exclude>javax.servlet:servlet-api</exclude>
{code}

> Enforcer 3.0.0 breaks with Maven 3.8.4
> --------------------------------------
>
>                 Key: MENFORCER-407
>                 URL: https://issues.apache.org/jira/browse/MENFORCER-407
>             Project: Maven Enforcer Plugin
>          Issue Type: Bug
>          Components: Plugin
>    Affects Versions: 3.0.0
>            Reporter: David Pilato
>            Priority: Major
>             Fix For: waiting-for-feedback
>
>         Attachments: enforcer-3.0.0.log, enforcer.3.0.0-M3.log
>
>
> Here is the situation. I'm trying to [upgrade enforcer from 3.0.0-M3 to 3.0.0|https://github.com/dadoonet/fscrawler/pull/1214]. 
>  
> Everything worked well on my laptop with Maven 3.5.3. So I looked at the version used by Github actions and saw that it's using Maven 3.8.4.
> As soon as I upgraded my local version of Maven to 3.8.4, I started to hit the same exact issue. It seems to try to pull net.sf.ehcache:sizeof-agent:1.0.1. 
> If I revert Enforcer to 3.0.0-M3 with Maven 3.8.4, I can run without any issue mvn enforcer:enforce.
> So I suspect that the combination of both upgrades is triggering something. 
> I noted also that 3.0.0 now tries to enforce as well dependencies marked as provided. Might be the reason of this.
> I attached the full logs when running with 3.0.0 and 3.0.0-M3.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)