[
https://issues.apache.org/jira/browse/MENFORCER-411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17479730#comment-17479730
]
Forrest Feaser commented on MENFORCER-411:
------------------------------------------
[~MattNelson] Sorry this is long...
I don't think reordering the dependencies would result in any unexpected
behavior (with respect to what can reasonably be expected). The dependency
conflicts are computed in the same manner as before, the errors are just
filtered afterwards according to which dependencies are included/excluded by
the user.
Yes, the dependency that maven chooses might change depending on the order of
dependencies in the POM, but it won't affect which convergence conflicts exist.
The build failing from the rule would only depend on what dependencies the user
chooses to include/exclude, and whether or not conflicts exist between them.
If the POM gets reordered and maven chooses a dependency that does cause issues
(because it is incompatible with the previously chosen version), and the user
excluded that dependency from convergence checking, there might be a failure
later in the build. However, that would be the responsibility of the user, not
that of the plugin, because the user chose not to enforce convergence for that
dependency. You would get the same errors from reordering if you were to not
use the DependencyConvergence rule at all.
It's not a false sense of correctness because there can be no expectation that
it will be completely correct if any dependencies are excluded. I don't see any
reason why DependencyConvergence has to be all or nothing. My changes simply
add more granularity if you want to ensure convergence for specific
dependencies.
Please correct me if I'm still misunderstanding.
> DependencyConvergence should support including/excluding certain dependencies
> -----------------------------------------------------------------------------
>
> Key: MENFORCER-411
> URL: https://issues.apache.org/jira/browse/MENFORCER-411
> Project: Maven Enforcer Plugin
> Issue Type: Improvement
> Components: Standard Rules
> Affects Versions: 3.0.1
> Reporter: Forrest Feaser
> Priority: Major
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> It would be nice if the DependencyConvergence rule could specify certain
> dependencies that should/should not fail the build. This might be useful if
> your project has a lot of dependency conflicts, but you know there are just a
> few troublesome ones that cause issues, and you don't want to resolve the
> conflicts for your entire project.
> Here is my PR: https://github.com/apache/maven-enforcer/pull/136
> Do I need to sign the Contributor License Agreement for this?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)