You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Robert Scholte (Jira)" <ji...@apache.org> on 2020/07/31 09:59:00 UTC
[jira] [Commented] (MENFORCER-252) DependencyConvergence rule
doesn't account dependencyManagement section correctly
[ https://issues.apache.org/jira/browse/MENFORCER-252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17168588#comment-17168588 ]
Robert Scholte commented on MENFORCER-252:
------------------------------------------
The code being used is just like Maven itself resolves the tree. However, there's an important detail. The code still uses the Dependency Tree from Maven 2, whereas it should be replaced with the Dependency Graph from Maven 3 (see MENFORCER-277). This might result in a slightly different tree.
What you call a workaround is almost the preferred solution. Instead you should add the following:
{code:xml}
<dependencyManagement>
<dependencies>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-bom</artifactId>
<version>4.0.45.Final</version> <!-- first version of a bom -->
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
{code}
> DependencyConvergence rule doesn't account dependencyManagement section correctly
> ---------------------------------------------------------------------------------
>
> Key: MENFORCER-252
> URL: https://issues.apache.org/jira/browse/MENFORCER-252
> Project: Maven Enforcer Plugin
> Issue Type: Bug
> Components: Plugin
> Affects Versions: 1.4.1
> Reporter: Dmitry Spikhalskiy
> Priority: Major
> Labels: dependency-tree
>
> DependencyConvergence doesn't catch dependencyManagement section of dependency correctly.
> Specific example:
> We have module that depends on async-http-client:
> {code:xml}
> <dependency>
> <groupId>org.asynchttpclient</groupId>
> <artifactId>async-http-client</artifactId>
> <version>2.0.3</version>
> </dependency>
> {code}
> From dependencyConvergence rule we get
> {noformat}
> [WARNING] Rule 0: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message:
> Failed while enforcing releasability the error(s) are [
> Dependency convergence error for io.netty:netty-handler:4.0.36.Final paths to dependency are:
> +-our_artifact
> +-org.asynchttpclient:async-http-client:2.0.3
> +-io.netty:netty-codec-http:4.0.36.Final
> +-io.netty:netty-handler:4.0.36.Final
> and
> +-our_artifact
> +-org.asynchttpclient:async-http-client:2.0.3
> +-com.typesafe.netty:netty-reactive-streams:1.0.4
> +-io.netty:netty-handler:4.0.34.Final
> {noformat}
> While, actually, dependencyManagement section of async-http-client specifies and enforce netty-handler:4.0.36.Final and it's dependency tree doesn't contain netty-handler:4.0.34.Final
> So... if it's not a bug, it should be a way to ignore such cases of explicitly resolved conflicts in external artifact maybe.
> Current fix for this is
> {code:xml}
> <dependency>
> <groupId>org.asynchttpclient</groupId>
> <artifactId>async-http-client</artifactId>
> <exclusions>
> <exclusion>
> <groupId>io.netty</groupId>
> <artifactId>netty-handler</artifactId>
> </exclusion>
> </exclusions>
> </dependency>
> <dependency>
> <groupId>io.netty</groupId>
> <artifactId>netty-handler</artifactId>
> <version>4.0.36.Final</version>
> </dependency>
> {code}
> But it's stupid, because netty-handler already contains only netty-handler:4.0.36.Final
--
This message was sent by Atlassian Jira
(v8.3.4#803005)