[
https://issues.apache.org/jira/browse/MDEP-490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14601702#comment-14601702
]
Jonathan Haber commented on MDEP-490:
-------------------------------------
We have thousands of maven modules that each share a common parent POM. We
define all of our 3rd party dependencies (including exclusions) in the
dependency management section of this parent POM. So for our maven modules that
depend on junit, you are right that their test scoped dependency would override
the compile scoped transitive dependency. But not all of our maven modules use
junit. For the ones that don't, they would end up with a transitive dependency
on junit at compile scope.
I will update the PR to allow ignored exclusions to be specified instead of a
flag
> Add flag to analyze-dep-mgt goal to ignore exclusion errors
> -----------------------------------------------------------
>
> Key: MDEP-490
> URL: https://issues.apache.org/jira/browse/MDEP-490
> Project: Maven Dependency Plugin
> Issue Type: Improvement
> Reporter: Jonathan Haber
>
> I would like to run the analyze-dep-mgt goal with failBuild=true, but it
> doesn't work because of exclusion errors. One common example is libraries
> that accidentally depend on junit at compile scope instead of test scope.
> When I encounter a library like this, I add an exclusion on junit. But I have
> junit in my dependency tree at test scope, so my build fails with a message
> like:
> {quote}
> [INFO] junit:junit:jar was excluded in DepMgt, but version 4.11 has been
> found in the dependency tree.
> {quote}
> I think the simplest fix is to add a flag to the analyze-dep-mgt goal to
> ignore exclusion errors. I just want to use the goal to check for version
> mismatches, if I want to enforce banned dependencies the
> maven-enforcer-plugin has more robust support for this. I implemented this
> change in [this|https://github.com/apache/maven-plugins/pull/54] pull
> request.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
