You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Elliotte Rusty Harold (Jira)" <ji...@apache.org> on 2020/07/31 11:12:00 UTC

[jira] [Updated] (MENFORCER-252) DependencyConvergence rule doesn't account dependencyManagement section correctly

     [ https://issues.apache.org/jira/browse/MENFORCER-252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Elliotte Rusty Harold updated MENFORCER-252:
--------------------------------------------
    Labels: S2 dependency-tree  (was: dependency-tree)

> DependencyConvergence rule doesn't account dependencyManagement section correctly
> ---------------------------------------------------------------------------------
>
>                 Key: MENFORCER-252
>                 URL: https://issues.apache.org/jira/browse/MENFORCER-252
>             Project: Maven Enforcer Plugin
>          Issue Type: Bug
>          Components: Plugin
>    Affects Versions: 1.4.1
>            Reporter: Dmitry Spikhalskiy
>            Priority: Major
>              Labels: S2, dependency-tree
>
> DependencyConvergence doesn't catch dependencyManagement section of dependency correctly.
> Specific example:
> We have module that depends on async-http-client:
> {code:xml}
>         <dependency>
>             <groupId>org.asynchttpclient</groupId>
>             <artifactId>async-http-client</artifactId>
>             <version>2.0.3</version>
>         </dependency>
> {code}
> From dependencyConvergence rule we get
> {noformat}
> [WARNING] Rule 0: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message:
> Failed while enforcing releasability the error(s) are [
> Dependency convergence error for io.netty:netty-handler:4.0.36.Final paths to dependency are:
> +-our_artifact
>   +-org.asynchttpclient:async-http-client:2.0.3
>     +-io.netty:netty-codec-http:4.0.36.Final
>       +-io.netty:netty-handler:4.0.36.Final
> and
> +-our_artifact
>   +-org.asynchttpclient:async-http-client:2.0.3
>     +-com.typesafe.netty:netty-reactive-streams:1.0.4
>       +-io.netty:netty-handler:4.0.34.Final
> {noformat}
> While, actually, dependencyManagement section of async-http-client specifies and enforce netty-handler:4.0.36.Final and it's dependency tree doesn't contain netty-handler:4.0.34.Final
> So... if it's not a bug, it should be a way to ignore such cases of explicitly resolved conflicts in external artifact maybe.
> Current fix for this is
> {code:xml}
>         <dependency>
>             <groupId>org.asynchttpclient</groupId>
>             <artifactId>async-http-client</artifactId>
>             <exclusions>
>                 <exclusion>
>                     <groupId>io.netty</groupId>
>                     <artifactId>netty-handler</artifactId>
>                 </exclusion>
>             </exclusions>
>         </dependency>
>         <dependency>
>             <groupId>io.netty</groupId>
>             <artifactId>netty-handler</artifactId>
>             <version>4.0.36.Final</version>
>         </dependency>
> {code}
> But it's stupid, because netty-handler already contains only netty-handler:4.0.36.Final



--
This message was sent by Atlassian Jira
(v8.3.4#803005)