You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Dave Wichers (Jira)" <ji...@apache.org> on 2023/03/07 16:54:00 UTC
[jira] [Created] (MPIR-430) Dependency Convergence calculation should ignore 'provided' direct and transitive dependencies
Dave Wichers created MPIR-430:
---------------------------------
Summary: Dependency Convergence calculation should ignore 'provided' direct and transitive dependencies
Key: MPIR-430
URL: https://issues.apache.org/jira/browse/MPIR-430
Project: Maven Project Info Reports Plugin
Issue Type: Bug
Components: dependency-convergence
Affects Versions: 3.4.2
Reporter: Dave Wichers
If a direct or transitive dependency is 'provided', then excluding it has no affect I believe. As an example, this other Apache project: [https://maven.apache.org/enforcer/enforcer-rules/dependencyConvergence.html] - when it calculates enforcement of dependency convergence, it already ignores 'provided' dependencies. I have a project I'm supporting called ESAPI, and if you look at its pom here: [https://github.com/ESAPI/esapi-java-legacy/blob/develop/pom.xml#L165,] you'll see this pom excludes a dependency for the 'provided' dependency javax.servlet.jsp-api. The project does this to get 100% convergence for the MPIR convergence report even though 'excluding' this transitive dependency has no actual affect.
When I drop this exclusion, the 100% convergence requirement enforced by the maven enforcer plugin per: [https://github.com/ESAPI/esapi-java-legacy/blob/develop/pom.xml#570] still passes.
There is also a 'provided' transitive dependency of a real dependency here that we have to exclude: [https://github.com/ESAPI/esapi-java-legacy/blob/develop/pom.xml#189] (the xml-api exclusion).
These two exclusions are really unnecessary.
Can you enhance the dependency convergence calculations of the MPIR plugin to ignore all direct or transitive 'provided' dependencies to match the behavior of the Maven Enforcer Plugin?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)