[jira] [Commented] (MENFORCER-255) dependencyConvergence gets confused with jaxen pre-1.1.4 due to cyclical optional dependencies

Fri, 05 Jan 2018 01:05:53 -0800 

    [ 
https://issues.apache.org/jira/browse/MENFORCER-255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16312743#comment-16312743
 ] 

Gunnar Tjarks commented on MENFORCER-255:
-----------------------------------------

You must exclusion the jaxen itself dependency, like this:
{code:xml}
    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>jaxen</groupId>
                <artifactId>jaxen</artifactId>
                <version>1.1.1</version>
                <exclusions>
                    <exclusion>
                        <groupId>jaxen</groupId>
                        <artifactId>jaxen</artifactId>
                    </exclusion>
                </exclusions>
            </dependency>
        </dependencies>
    </dependencyManagement>
{code}

> dependencyConvergence gets confused with jaxen pre-1.1.4 due to cyclical 
> optional dependencies
> ----------------------------------------------------------------------------------------------
>
>                 Key: MENFORCER-255
>                 URL: https://issues.apache.org/jira/browse/MENFORCER-255
>             Project: Maven Enforcer Plugin
>          Issue Type: Bug
>    Affects Versions: 1.3.1, 1.4.1
>            Reporter: Robby Morgan
>
> Since its inception, jaxen:jaxen has dependencies on jdom:jdom and 
> dom4j:dom4j, which in turn have dependencies on jaxen:1.1-beta-6 and 
> jaxen:1.0-FCS respectively.  In jaxen:1.1.4, the dependencies on jdom and 
> dom4j were marked as optional, whereas before they weren't.
> We've run into a situation with the <dependencyConvergence> rule where, if 
> the jaxen dependency is managed to a pre-1.1.4 version, but the project has 
> any dependency compiled against 1.1.4 or greater, then we get output like:
> {noformat}
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-versions) @ 
> importing-dependency ---
> [WARNING] 
> Dependency convergence error for jaxen:jaxen:1.1.1 paths to dependency are:
> +-com.bazaarvoice:importing-dependency:1.0-SNAPSHOT
>   +-com.bazaarvoice:dependency-using-jaxen:1.0-SNAPSHOT
>     +-jaxen:jaxen:1.1.1
> and
> +-com.bazaarvoice:importing-dependency:1.0-SNAPSHOT
>   +-com.bazaarvoice:dependency-using-jaxen:1.0-SNAPSHOT
>     +-jaxen:jaxen:1.1.1
>       +-jaxen:jaxen:1.1-beta-6
> and
> +-com.bazaarvoice:importing-dependency:1.0-SNAPSHOT
>   +-com.bazaarvoice:dependency-using-jaxen:1.0-SNAPSHOT
>     +-jaxen:jaxen:1.1.1
>       +-jaxen:jaxen:1.0-FCS
> {noformat}
> While this particular issue can be resolved by managing jaxen to 1.1.6 (in 
> the importing project), the behavior exhibited has several problems that 
> might crop up in other scenarios:
>  # It confusingly indicates that jaxen has a direct dependency on *a 
> different version of itself*.
>  # The transitive dependencies are not respecting the explicit version chosen 
> for jaxen in the POM.
>  # If the problematic dependency is a transitive dependency outside of local 
> control, then resolving this issue is at the mercy of the some version in the 
> dependency chain restructuring in a way that "miraculously" solves the 
> problem.
> This behavior can be reproduced with the following two POM files:
> {code:xml}
> <?xml version="1.0" encoding="UTF-8"?>
> <project xmlns="http://maven.apache.org/POM/4.0.0";
>          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
> http://maven.apache.org/xsd/maven-4.0.0.xsd";>
>     <modelVersion>4.0.0</modelVersion>
>     <groupId>com.bazaarvoice</groupId>
>     <artifactId>dependency-using-jaxen</artifactId>
>     <version>1.0-SNAPSHOT</version>
>     <dependencies>
>         <dependency>
>             <groupId>jaxen</groupId>
>             <artifactId>jaxen</artifactId>
>             <version>1.1.6</version>
>         </dependency>
>     </dependencies>
> </project>
> {code}
> {code:xml}
> <?xml version="1.0" encoding="UTF-8"?>
> <project xmlns="http://maven.apache.org/POM/4.0.0";
>          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
> http://maven.apache.org/xsd/maven-4.0.0.xsd";>
>     <modelVersion>4.0.0</modelVersion>
>     <groupId>com.bazaarvoice</groupId>
>     <artifactId>importing-dependency</artifactId>
>     <version>1.0-SNAPSHOT</version>
>     <dependencies>
>         <dependency>
>             <groupId>com.bazaarvoice</groupId>
>             <artifactId>dependency-using-jaxen</artifactId>
>             <version>1.0-SNAPSHOT</version>
>         </dependency>
>     </dependencies>
>     <dependencyManagement>
>         <dependencies>
>             <dependency>
>                 <groupId>jaxen</groupId>
>                 <artifactId>jaxen</artifactId>
>                 <version>1.1.1</version>
>             </dependency>
>         </dependencies>
>     </dependencyManagement>
>     <build>
>         <plugins>
>             <plugin>
>                 <groupId>org.apache.maven.plugins</groupId>
>                 <artifactId>maven-enforcer-plugin</artifactId>
>                 <version>1.4.1</version>
>                 <executions>
>                     <execution>
>                         <id>enforce-versions</id>
>                         <phase>initialize</phase>
>                         <goals>
>                             <goal>enforce</goal>
>                         </goals>
>                         <configuration>
>                             <rules>
>                                 <dependencyConvergence/>
>                             </rules>
>                         </configuration>
>                     </execution>
>                 </executions>
>             </plugin>
>         </plugins>
>     </build>
> </project>
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to