Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Not A Bug
-
1.4.1
-
None
Description
DependencyConvergence doesn't catch dependencyManagement section of dependency correctly.
Specific example:
We have module that depends on async-http-client:
<dependency> <groupId>org.asynchttpclient</groupId> <artifactId>async-http-client</artifactId> <version>2.0.3</version> </dependency>
From dependencyConvergence rule we get
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message:
Failed while enforcing releasability the error(s) are [
Dependency convergence error for io.netty:netty-handler:4.0.36.Final paths to dependency are:
+-our_artifact
+-org.asynchttpclient:async-http-client:2.0.3
+-io.netty:netty-codec-http:4.0.36.Final
+-io.netty:netty-handler:4.0.36.Final
and
+-our_artifact
+-org.asynchttpclient:async-http-client:2.0.3
+-com.typesafe.netty:netty-reactive-streams:1.0.4
+-io.netty:netty-handler:4.0.34.Final
While, actually, dependencyManagement section of async-http-client specifies and enforce netty-handler:4.0.36.Final and it's dependency tree doesn't contain netty-handler:4.0.34.Final
So... if it's not a bug, it should be a way to ignore such cases of explicitly resolved conflicts in external artifact maybe.
Current fix for this is
<dependency> <groupId>org.asynchttpclient</groupId> <artifactId>async-http-client</artifactId> <exclusions> <exclusion> <groupId>io.netty</groupId> <artifactId>netty-handler</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>io.netty</groupId> <artifactId>netty-handler</artifactId> <version>4.0.36.Final</version> </dependency>
But it's stupid, because netty-handler already contains only netty-handler:4.0.36.Final
Attachments
Issue Links
- is blocked by
-
MENFORCER-277 Upgrade maven-dependency-tree to 3.x
-
- Closed
-