[
https://issues.apache.org/jira/browse/MENFORCER-335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17380679#comment-17380679
]
Robert Scholte commented on MENFORCER-335:
------------------------------------------
The example is for more reasons misleading: it should not use 2 SLF4J
dependencies, but 2 unrelated dependencies both using some shared dependency,
e.g. slf4j-api.
My advice would be: If one dependency chain ends in $coordinate1 and another
ends in $coordinate2, apply dependencyManagement for version $version.
A PR can be created by using the edit-button in the navigation-bar, which is
available for almost any page within the maven project, or go to
https://github.com/apache/maven-enforcer/blob/enforcer-3.0.0-M3/enforcer-rules/src/site/apt/dependencyConvergence.apt.vm
> Documentation suggests unreliable practice for dependency convergence
> ---------------------------------------------------------------------
>
> Key: MENFORCER-335
> URL: https://issues.apache.org/jira/browse/MENFORCER-335
> Project: Maven Enforcer Plugin
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 3.0.0-M2
> Reporter: Roland Illig
> Priority: Major
>
> The [documentation for Dependency
> Convergence|https://maven.apache.org/enforcer/enforcer-rules/dependencyConvergence.html]
> describes how to suppress an error reported by the check. This description
> leads to unreliable project configurations. It may or may not be intentional
> that the documentation merely states "And this will succeed" without
> explicitly saying that doing this is good or bad practice.
> In the example from the documentation, using an exclusion element works for
> the very moment, but as soon as the dependency slf4j-jdk14 is no longer
> needed, the project will break since slf4j-api is still required by
> slf4j-nop, but not included anymore.
> A more reliable and sustainable solution would be to have declarations like
> the following:
> * If one dependency chain ends in org.slf4j:slf4j-api:1.6.1 and another ends
> in org.slf4j:slf4j-api:1.6.0, use version 1.6.1.
> The general pattern is:
> * If one dependency chain ends in $coordinate1 and another ends in
> $coordinate2, use version $version.
> Using this pattern instead of globally saying "don't use version 1.6.0" would
> not break the above scenario where slf4j-jdk14 is no longer needed. Even
> better, since during dependency resolution this particular conflict does not
> occur anymore, this rule can be flagged as being no longer necessary.
> It should be possible to specify not only the last coordinate of a dependency
> chain but any elements, as in the following example:
> * If one dependency chain ends in org.slf4j:slf4j-jdk14:1.6.1,
> org.slf4j:slf4j-api:1.6.1 and another ends in org.slf4j:slf4j-nop:1.6.0,
> org.slf4j:slf4j-api:1.6.0, use version 1.6.1.
> As it is now, the dependency convergence test encourages Maven users to
> specify overly general and therefore wrong exclusion rules. This should be
> avoided.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
