Joe Barnett created MENFORCER-394:
-------------------------------------
Summary: DependencyConvergence in 3.0.0 fails on provided scoped
dependencies
Key: MENFORCER-394
URL: https://issues.apache.org/jira/browse/MENFORCER-394
Project: Maven Enforcer Plugin
Issue Type: Bug
Components: Standard Rules
Affects Versions: 3.0.0
Reporter: Joe Barnett
In our project, using version 3.0.0-M3 of the maven-enforcer-plugin's
DependencyConvergence rule passes. Using version 3.0.0 starts to show
convergence errors where provided scope dependencies have different versions
than compile scope dependencies, for example:
{code:java}
[WARNING]
Dependency convergence error for org.javassist:javassist:jar:3.28.0-GA:compile
paths to dependency are:
+-com.trib3:testing:jar:1.25-dependabot-maven-org.apache.maven.plugins-maven-enforcer-plugin-3.0.0-SNAPSHOT
+-io.dropwizard:dropwizard-auth:jar:2.0.23:compile
+-io.dropwizard:dropwizard-jersey:jar:2.0.23:compile
+-org.javassist:javassist:jar:3.28.0-GA:compile
and
+-com.trib3:testing:jar:1.25-dependabot-maven-org.apache.maven.plugins-maven-enforcer-plugin-3.0.0-SNAPSHOT
+-io.dropwizard:dropwizard-testing:jar:2.0.23:compile
+-org.hibernate:hibernate-core:jar:5.5.2.Final:provided
+-org.javassist:javassist:jar:3.27.0-GA:provided
{code}
Is this an intended breaking change? I don't see anything in the release
announcement that points obviously to a change here. Seems like the provided
version shouldn't matter as it doesn't get shipped with the artifact?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
