[
https://issues.apache.org/jira/browse/MENFORCER-394?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17544634#comment-17544634
]
Matt Nelson commented on MENFORCER-394:
---------------------------------------
Noticing some odd behavior trying to verify this change.
The scope of transitive dependencies appear to be converted from provided to
runtime.
{noformat}
Dependency convergence error for
org.robolectric:android-all:jar:12-robolectric-7732740:runtime paths to
dependency are:
+-company:module:jar:0.85-SNAPSHOT
+-company:other-module:jar:3.0:compile
+-dnsjava:dnsjava:jar:3.5.1:compile
+-org.robolectric:android-all:jar:12-robolectric-7732740:runtime
and
+-company:module:jar:0.85-SNAPSHOT
+-io.fabric8:kubernetes-client:jar:5.12.2:runtime
+-com.squareup.okhttp3:okhttp:jar:3.14.9:runtime
+-org.robolectric:android-all:jar:10-robolectric-5803371:runtime
{noformat}
[https://search.maven.org/artifact/dnsjava/dnsjava/3.5.1/bundle]
{code:xml}
<dependency>
<groupId>org.robolectric</groupId>
<artifactId>android-all</artifactId>
<version>12-robolectric-7732740</version>
<scope>provided</scope>
</dependency>
{code}
[https://search.maven.org/artifact/io.fabric8/kubernetes-client/5.12.2/jar]
default scope of compile
{code:xml}
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>${okhttp.version}</version>
</dependency>
{code}
[https://search.maven.org/artifact/com.squareup.okhttp3/okhttp/3.14.9/jar]
{code:xml}
<dependency>
<groupId>org.robolectric</groupId>
<artifactId>android-all</artifactId>
<scope>provided</scope>
</dependency>
{code}
> DependencyConvergence in 3.0.0 fails on provided scoped dependencies
> --------------------------------------------------------------------
>
> Key: MENFORCER-394
> URL: https://issues.apache.org/jira/browse/MENFORCER-394
> Project: Maven Enforcer Plugin
> Issue Type: Bug
> Components: Standard Rules
> Affects Versions: 3.0.0
> Reporter: Joe Barnett
> Assignee: Sylwester Lachiewicz
> Priority: Major
> Fix For: 3.0.1
>
>
> In our project, using version 3.0.0-M3 of the maven-enforcer-plugin's
> DependencyConvergence rule passes. Using version 3.0.0 starts to show
> convergence errors where provided scope dependencies have different versions
> than compile scope dependencies, for example:
> {code:java}
> [WARNING]
> Dependency convergence error for
> org.javassist:javassist:jar:3.28.0-GA:compile paths to dependency are:
> +-com.trib3:testing:jar:1.25-dependabot-maven-org.apache.maven.plugins-maven-enforcer-plugin-3.0.0-SNAPSHOT
> +-io.dropwizard:dropwizard-auth:jar:2.0.23:compile
> +-io.dropwizard:dropwizard-jersey:jar:2.0.23:compile
> +-org.javassist:javassist:jar:3.28.0-GA:compile
> and
> +-com.trib3:testing:jar:1.25-dependabot-maven-org.apache.maven.plugins-maven-enforcer-plugin-3.0.0-SNAPSHOT
> +-io.dropwizard:dropwizard-testing:jar:2.0.23:compile
> +-org.hibernate:hibernate-core:jar:5.5.2.Final:provided
> +-org.javassist:javassist:jar:3.27.0-GA:provided
> {code}
> Is this an intended breaking change? I don't see anything in the release
> announcement that points obviously to a change here. Seems like the provided
> version shouldn't matter as it doesn't get shipped with the artifact?
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
