You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Thomas Mortagne (Jira)" <ji...@apache.org> on 2022/06/13 14:28:00 UTC
[jira] [Commented] (MENFORCER-402) RequireUpperBoundDeps now follow scope provided transitive dependencies
[ https://issues.apache.org/jira/browse/MENFORCER-402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17553611#comment-17553611 ]
Thomas Mortagne commented on MENFORCER-402:
-------------------------------------------
This definitely fixed most use cases, but I just hit the following:
{noformat}
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-upper-bounds) @ xwiki-platform-legacy-eventstream-store-hibernate ---
Downloading from central: https://repo1.maven.org/maven2/biz/aQute/bndlib/2.0.0.20130123-133441/bndlib-2.0.0.20130123-133441.pom
Downloaded from central: https://repo1.maven.org/maven2/biz/aQute/bndlib/2.0.0.20130123-133441/bndlib-2.0.0.20130123-133441.pom (2.0 kB at 5.7 kB/s)
Downloading from central: https://repo1.maven.org/maven2/com/github/javaparser/javaparser-core/3.23.1/javaparser-core-3.23.1.pom
Downloaded from central: https://repo1.maven.org/maven2/com/github/javaparser/javaparser-core/3.23.1/javaparser-core-3.23.1.pom (4.9 kB at 106 kB/s)
Downloading from central: https://repo1.maven.org/maven2/com/github/javaparser/javaparser-parent/3.23.1/javaparser-parent-3.23.1.pom
Downloaded from central: https://repo1.maven.org/maven2/com/github/javaparser/javaparser-parent/3.23.1/javaparser-parent-3.23.1.pom (22 kB at 422 kB/s)
Downloading from central: https://repo1.maven.org/maven2/com/github/luben/zstd-jni/1.5.2-2/zstd-jni-1.5.2-2.pom
Downloaded from central: https://repo1.maven.org/maven2/com/github/luben/zstd-jni/1.5.2-2/zstd-jni-1.5.2-2.pom (1.9 kB at 28 kB/s)
[ERROR] Rule 0: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps failed with message:
Failed while enforcing RequireUpperBoundDeps. The error(s) are [
Require upper bound dependencies error for jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.1 [runtime] paths to dependency are:
+-org.xwiki.platform:xwiki-platform-legacy-eventstream-store-hibernate:14.5-SNAPSHOT
+-org.xwiki.platform:xwiki-platform-eventstream-store-common:14.5-SNAPSHOT
+-org.xwiki.platform:xwiki-platform-oldcore:14.5-SNAPSHOT
+-jakarta.transaction:jakarta.transaction-api:1.3.3 (managed) <-- jakarta.transaction:jakarta.transaction-api:1.3.3
+-jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.1 [runtime]
and
+-org.xwiki.platform:xwiki-platform-legacy-eventstream-store-hibernate:14.5-SNAPSHOT
+-org.xwiki.platform:xwiki-platform-eventstream-store-common:14.5-SNAPSHOT
+-org.xwiki.platform:xwiki-platform-oldcore:14.5-SNAPSHOT
+-org.xwiki.commons:xwiki-commons-cache-infinispan:14.5-SNAPSHOT [runtime]
+-org.eclipse.microprofile.metrics:microprofile-metrics-api:3.0 [runtime] (managed) <-- org.eclipse.microprofile.metrics:microprofile-metrics-api:3.0 [runtime]
+-jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2 [runtime]
{noformat}
I checked jakarta.transaction-api and jakarta.enterprise.cdi-api is scope provided so not sure how it ended up thinking it was runtime.
> RequireUpperBoundDeps now follow scope provided transitive dependencies
> -----------------------------------------------------------------------
>
> Key: MENFORCER-402
> URL: https://issues.apache.org/jira/browse/MENFORCER-402
> Project: Maven Enforcer Plugin
> Issue Type: Bug
> Components: Plugin
> Affects Versions: 3.0.0
> Reporter: Thomas Mortagne
> Assignee: Slawomir Jaranowski
> Priority: Major
> Fix For: 3.1.0
>
>
> I have a dependency on org.infinispan:infinispan-core:12.1.7.Final and upgrading to the enforcer plugin 3.0.0 suddenly made my module fail because infinispan-core have conflicting provided dependencies on javax.annotation-api:
> {noformat}
> Require upper bound dependencies error for javax.annotation:javax.annotation-api:1.3.1 [provided] paths to dependency are:
> +-org.xwiki.commons:xwiki-commons-cache-infinispan:13.9-SNAPSHOT
> +-org.infinispan:infinispan-core:12.1.7.Final
> +-javax.annotation:javax.annotation-api:1.3.1 [provided]
> and
> +-org.xwiki.commons:xwiki-commons-cache-infinispan:13.9-SNAPSHOT
> +-org.infinispan:infinispan-core:12.1.7.Final
> +-org.infinispan:infinispan-commons:12.1.7.Final
> +-javax.annotation:javax.annotation-api:1.3.1 [provided]
> and
> +-org.xwiki.commons:xwiki-commons-cache-infinispan:13.9-SNAPSHOT
> +-org.infinispan:infinispan-core:12.1.7.Final
> +-org.infinispan:infinispan-component-processor:12.1.7.Final [provided]
> +-javax.annotation:javax.annotation-api:1.3.1 [provided]
> and
> +-org.xwiki.commons:xwiki-commons-cache-infinispan:13.9-SNAPSHOT
> +-org.infinispan:infinispan-core:12.1.7.Final
> +-org.infinispan.protostream:protostream-types:4.4.1.Final
> +-javax.annotation:javax.annotation-api:1.3.2 [provided]
> and
> +-org.xwiki.commons:xwiki-commons-cache-infinispan:13.9-SNAPSHOT
> +-org.infinispan:infinispan-core:12.1.7.Final
> +-org.infinispan.protostream:protostream-processor:4.4.1.Final [provided]
> +-javax.annotation:javax.annotation-api:1.3.2 [provided]
> and
> +-org.xwiki.commons:xwiki-commons-cache-infinispan:13.9-SNAPSHOT
> +-org.infinispan:infinispan-core:12.1.7.Final
> +-org.infinispan:infinispan-commons:12.1.7.Final
> +-org.infinispan:infinispan-commons-jdk11:12.1.7.Final [provided]
> +-javax.annotation:javax.annotation-api:1.3.1 [provided]
> {noformat}
> It's not clear if this was done on purpose since I cannot find anything about that in the release note, but I might have missed it. Problem is that provided scope dependencies are not necessarily used at runtime (it's often used as a way to avoid making transitive a dependency you only need at build time) and adding an <exclusion> for a non-transitive dependency feels quite weird.
> At least if this is not a bug, it would be nice to make this behavior configurable.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)