[
https://issues.apache.org/jira/browse/MENFORCER-394?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17468819#comment-17468819
]
Daniel Norberg commented on MENFORCER-394:
------------------------------------------
It seems to me that the currently committed fix changes the behavior of
DependencyConvergence such that it ignores direct test scope dependencies. Is
that desirable?
Might the proposed fix for https://issues.apache.org/jira/browse/MENFORCER-402
and https://issues.apache.org/jira/browse/MSHARED-1016 be preferrable? In my
testing it allows keeping the original behavior wrt test scope dependencies,
i.e.
[https://github.com/apache/maven-enforcer/tree/master/maven-enforcer-plugin/src/it/projects/dependencies_not_converging_test_scope]
failing.
To reproduce my proposed fix using
[https://github.com/apache/maven-dependency-tree/pull/9|https://github.com/apache/maven-dependency-tree/pull/9:]
see
[https://github.com/apache/maven-enforcer/compare/master...danielnorberg:fix-dependency-convergence?expand=1]
> DependencyConvergence in 3.0.0 fails on provided scoped dependencies
> --------------------------------------------------------------------
>
> Key: MENFORCER-394
> URL: https://issues.apache.org/jira/browse/MENFORCER-394
> Project: Maven Enforcer Plugin
> Issue Type: Bug
> Components: Standard Rules
> Affects Versions: 3.0.0
> Reporter: Joe Barnett
> Assignee: Sylwester Lachiewicz
> Priority: Major
> Fix For: 3.0.1
>
>
> In our project, using version 3.0.0-M3 of the maven-enforcer-plugin's
> DependencyConvergence rule passes. Using version 3.0.0 starts to show
> convergence errors where provided scope dependencies have different versions
> than compile scope dependencies, for example:
> {code:java}
> [WARNING]
> Dependency convergence error for
> org.javassist:javassist:jar:3.28.0-GA:compile paths to dependency are:
> +-com.trib3:testing:jar:1.25-dependabot-maven-org.apache.maven.plugins-maven-enforcer-plugin-3.0.0-SNAPSHOT
> +-io.dropwizard:dropwizard-auth:jar:2.0.23:compile
> +-io.dropwizard:dropwizard-jersey:jar:2.0.23:compile
> +-org.javassist:javassist:jar:3.28.0-GA:compile
> and
> +-com.trib3:testing:jar:1.25-dependabot-maven-org.apache.maven.plugins-maven-enforcer-plugin-3.0.0-SNAPSHOT
> +-io.dropwizard:dropwizard-testing:jar:2.0.23:compile
> +-org.hibernate:hibernate-core:jar:5.5.2.Final:provided
> +-org.javassist:javassist:jar:3.27.0-GA:provided
> {code}
> Is this an intended breaking change? I don't see anything in the release
> announcement that points obviously to a change here. Seems like the provided
> version shouldn't matter as it doesn't get shipped with the artifact?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
