[ 
https://issues.apache.org/jira/browse/MENFORCER-407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17498095#comment-17498095
 ] 

Joep Weijers commented on MENFORCER-407:
----------------------------------------

Regarding the dependency convergence now checking provided dependencies:

I'm also seeing this behavior (enforcer 3.0.0 and maven 3.8.4) in a project 
that the provided dependencies are now checked in the dependencyConvergence 
rule. The output clearly states where the dependencies come from. But apart 
from that provided dependencies are very hard to track down since they don't 
show up in the dependency:tree or dependency hierarchy view in M2E (Eclipse), 
nor are they listed on e.g. mvnrepository.com. I had to look into the effective 
pom of the transitive dependency to see the declaration.

Downgrading to enforcer 3.0.0-M3 removes the convergence errors. With 3.0.0 I'm 
able to enforce convergence by managing the dependency in a 
<dependencyManagement> block. Also excluding the dependency from where it 
transitively comes, solves the convergence warning.

> Enforcer 3.0.0 breaks with Maven 3.8.4
> --------------------------------------
>
>                 Key: MENFORCER-407
>                 URL: https://issues.apache.org/jira/browse/MENFORCER-407
>             Project: Maven Enforcer Plugin
>          Issue Type: Bug
>          Components: Plugin
>    Affects Versions: 3.0.0
>            Reporter: David Pilato
>            Priority: Major
>             Fix For: waiting-for-feedback
>
>         Attachments: enforcer-3.0.0.log, enforcer.3.0.0-M3.log
>
>
> Here is the situation. I'm trying to [upgrade enforcer from 3.0.0-M3 to 
> 3.0.0|https://github.com/dadoonet/fscrawler/pull/1214]. 
>  
> Everything worked well on my laptop with Maven 3.5.3. So I looked at the 
> version used by Github actions and saw that it's using Maven 3.8.4.
> As soon as I upgraded my local version of Maven to 3.8.4, I started to hit 
> the same exact issue. It seems to try to pull 
> net.sf.ehcache:sizeof-agent:1.0.1. 
> If I revert Enforcer to 3.0.0-M3 with Maven 3.8.4, I can run without any 
> issue mvn enforcer:enforce.
> So I suspect that the combination of both upgrades is triggering something. 
> I noted also that 3.0.0 now tries to enforce as well dependencies marked as 
> provided. Might be the reason of this.
> I attached the full logs when running with 3.0.0 and 3.0.0-M3.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to