Jérôme Joslet created MENFORCER-469: ---------------------------------------
Summary: banTransitiveDependencies: failing if a transitive dependencies has another version than the resolved one Key: MENFORCER-469 URL: https://issues.apache.org/jira/browse/MENFORCER-469 Project: Maven Enforcer Plugin Issue Type: Bug Components: Standard Rules Affects Versions: 3.2.1 Reporter: Jérôme Joslet Attachments: pom.xml See the attached [^pom.xml] that reproduces the problem. The verbose dependency tree ({{{}mvn dependency:tree -Dverbose{}}}) of the project is: {code:java} com.example.jjo:enforcer-plugin-test:pom:1.0.0-SNAPSHOT +- commons-beanutils:commons-beanutils:jar:1.8.3:compile | \- (commons-logging:commons-logging:jar:1.1.1:compile - omitted for conflict with 1.2) \- commons-logging:commons-logging:jar:1.2:compile {code} As you can see, I use a higher version of the {{commons-logging:commons-logging}} artifact in the project. Maven resolves the 1.2 version as expected and 1.1.1 is omitted. The version 3.2.1 of the enforcer rule fails with the following message: {code:java} [ERROR] Rule 0: org.apache.maven.enforcer.rules.dependency.BanTransitiveDependencies failed with message: [ERROR] com.example.jjo:enforcer-plugin-test:pom:1.0.0-SNAPSHOT [ERROR] commons-beanutils:commons-beanutils:jar:1.8.3 has transitive dependencies: [ERROR] commons-logging:commons-logging:jar:1.1.1 has transitive dependencies:{code} It shouldn't consider the {{commons-logging:commons-logging:jar:1.1.1}} artifact as a transitive dependencies since the version 1.2 is resolved instead. The version 3.1.0 of the enforcer rule works as expected with this project. -- This message was sent by Atlassian Jira (v8.20.10#820010)