ppkarwasz commented on issue #1908: URL: https://github.com/apache/logging-log4j2/issues/1908#issuecomment-1779746761
Hi @Edhilion, As already explained in #1494, I believe that dependency convergence is a myth. The only way to achieve it would be for a tool like [Dependabot](https://github.com/dependabot) to consider dependency convergence when suggesting upgrades. The version of `org.hamcrest:hamcrest` in our artifacts is **not** divergent: the parent POM of all Log4j artifacts ([`org.apache.logging.log4j:log4j`](https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j/2.21.0)) manages 300+ artifact versions and `org.hamcrest:hamcrest` is amongst them. From our perspective the `<dependencyConvergence>` rule passes. However, when you consume `log4j-core-test` in your own application, you **don't** consume its dependency management section. That is why the versions of `org.hamcrest:hamcrest` do not converge in your project. In order to achieve convergence you would need to import `org.apache.logging.log4j:log4j` into your dependency management (I would advise against that) or simply add `org.hamcrest:hamcrest` to the dependency management. **TL;DR**: there is nothing we can do on our part to prevent `org.hamcrest:hamcrest` versions to diverge in your project. > Please can you fix it on your side, or better, get rid of _awaitility_, which hasn't been updated since 2022 ? If a project does not make a release each year, it doesn't mean it is dead. Hamcrest for example had its latest release in 2019. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
