[ https://issues.apache.org/jira/browse/MENFORCER-437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17652960#comment-17652960 ]
Petr Široký commented on MENFORCER-437: --------------------------------------- It seems this specific issue is fixed – I tried to build Apache Flink from this commit [https://github.com/apache/flink/commit/00a25808dfac69ba8319b9c4dc365e13fd5b87d2] (which is the one before the workarounds applied - as described in the linked FLINK-29868), using the current {{3.2.0-SNAPSHOT}} version of the plugin and the error is gone. That being said, the Flink build still fails during the {{DependencyConvergence}} check and I am not sure whether this is a bug in the enforcer rule or actual violation being reported correctly: {code:java} [INFO] --- maven-enforcer-plugin:3.2.0-SNAPSHOT:enforce (dependency-convergence) @ flink-sql-parser --- [INFO] Executing rule: org.apache.maven.plugins.enforcer.DependencyConvergence [WARNING] Dependency convergence error for org.checkerframework:checker-qual:jar:2.11.1 paths to dependency are: +-org.apache.flink:flink-sql-parser:jar:1.17-SNAPSHOT +-org.apache.calcite:calcite-core:jar:1.27.0:compile +-com.google.guava:guava:jar:29.0-jre:compile +-org.checkerframework:checker-qual:jar:2.11.1:compile and +-org.apache.flink:flink-sql-parser:jar:1.17-SNAPSHOT +-org.apache.calcite:calcite-core:jar:1.27.0:compile +-org.checkerframework:checker-qual:jar:3.10.0:compile [ERROR] Rule 0: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message: Failed while enforcing releasability. See above detailed error message. {code} The pom.xml ([https://github.com/apache/flink/blob/00a25808dfac69ba8319b9c4dc365e13fd5b87d2/flink-table/flink-sql-parser/pom.xml#L50)] contains {code:java} ... <dependency> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> <version>${guava.version}</version> <scope>provided</scope> <exclusions> <exclusion> <groupId>org.checkerframework</groupId> <artifactId>checker-qual</artifactId> </exclusion> </exclusions> </dependency> ...{code} Should the enforcer rule take into consideration the {{provided}} scope and the exclusion here? (this seems to be what {{3.1.0}} is doing, but I am not sure whether that's correct). > DependencyConvergence treats provided dependencies are runtime dependencies > --------------------------------------------------------------------------- > > Key: MENFORCER-437 > URL: https://issues.apache.org/jira/browse/MENFORCER-437 > Project: Maven Enforcer Plugin > Issue Type: Bug > Components: Standard Rules > Affects Versions: 3.1.0 > Reporter: Chesnay Schepler > Priority: Major > Fix For: 3.2.0 > > > After upgrading from 3.0.0-M1 to 3.1.0 we started getting a dependency > convergence error for a transitive {{provided}} dependencies on > {{org.osgi.core}}. > {code} > ... > +-org.xerial.snappy:snappy-java:jar:1.1.8.3:runtime > +-org.osgi:org.osgi.core:jar:4.3.0:runtime > ... > +-org.apache.commons:commons-compress:jar:1.21:runtime > +-org.osgi:org.osgi.core:jar:6.0.0:runtime > {code} > It's strange that is is shown here as a runtime dependency, when both > snappy-java and commons-compress declare it as a provided dependency. > In fact osgi doesn't show up in the dependency tree at all. > Being a transitive provided dependency osgi will never be put on the > classpath unless we manually put it there, so having to deal with such errors > isn't ideal. -- This message was sent by Atlassian Jira (v8.20.10#820010)