[ https://issues.apache.org/jira/browse/MENFORCER-255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16312743#comment-16312743 ]
Gunnar Tjarks commented on MENFORCER-255: ----------------------------------------- You must exclusion the jaxen itself dependency, like this: {code:xml} <dependencyManagement> <dependencies> <dependency> <groupId>jaxen</groupId> <artifactId>jaxen</artifactId> <version>1.1.1</version> <exclusions> <exclusion> <groupId>jaxen</groupId> <artifactId>jaxen</artifactId> </exclusion> </exclusions> </dependency> </dependencies> </dependencyManagement> {code} > dependencyConvergence gets confused with jaxen pre-1.1.4 due to cyclical > optional dependencies > ---------------------------------------------------------------------------------------------- > > Key: MENFORCER-255 > URL: https://issues.apache.org/jira/browse/MENFORCER-255 > Project: Maven Enforcer Plugin > Issue Type: Bug > Affects Versions: 1.3.1, 1.4.1 > Reporter: Robby Morgan > > Since its inception, jaxen:jaxen has dependencies on jdom:jdom and > dom4j:dom4j, which in turn have dependencies on jaxen:1.1-beta-6 and > jaxen:1.0-FCS respectively. In jaxen:1.1.4, the dependencies on jdom and > dom4j were marked as optional, whereas before they weren't. > We've run into a situation with the <dependencyConvergence> rule where, if > the jaxen dependency is managed to a pre-1.1.4 version, but the project has > any dependency compiled against 1.1.4 or greater, then we get output like: > {noformat} > [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-versions) @ > importing-dependency --- > [WARNING] > Dependency convergence error for jaxen:jaxen:1.1.1 paths to dependency are: > +-com.bazaarvoice:importing-dependency:1.0-SNAPSHOT > +-com.bazaarvoice:dependency-using-jaxen:1.0-SNAPSHOT > +-jaxen:jaxen:1.1.1 > and > +-com.bazaarvoice:importing-dependency:1.0-SNAPSHOT > +-com.bazaarvoice:dependency-using-jaxen:1.0-SNAPSHOT > +-jaxen:jaxen:1.1.1 > +-jaxen:jaxen:1.1-beta-6 > and > +-com.bazaarvoice:importing-dependency:1.0-SNAPSHOT > +-com.bazaarvoice:dependency-using-jaxen:1.0-SNAPSHOT > +-jaxen:jaxen:1.1.1 > +-jaxen:jaxen:1.0-FCS > {noformat} > While this particular issue can be resolved by managing jaxen to 1.1.6 (in > the importing project), the behavior exhibited has several problems that > might crop up in other scenarios: > # It confusingly indicates that jaxen has a direct dependency on *a > different version of itself*. > # The transitive dependencies are not respecting the explicit version chosen > for jaxen in the POM. > # If the problematic dependency is a transitive dependency outside of local > control, then resolving this issue is at the mercy of the some version in the > dependency chain restructuring in a way that "miraculously" solves the > problem. > This behavior can be reproduced with the following two POM files: > {code:xml} > <?xml version="1.0" encoding="UTF-8"?> > <project xmlns="http://maven.apache.org/POM/4.0.0" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > http://maven.apache.org/xsd/maven-4.0.0.xsd"> > <modelVersion>4.0.0</modelVersion> > <groupId>com.bazaarvoice</groupId> > <artifactId>dependency-using-jaxen</artifactId> > <version>1.0-SNAPSHOT</version> > <dependencies> > <dependency> > <groupId>jaxen</groupId> > <artifactId>jaxen</artifactId> > <version>1.1.6</version> > </dependency> > </dependencies> > </project> > {code} > {code:xml} > <?xml version="1.0" encoding="UTF-8"?> > <project xmlns="http://maven.apache.org/POM/4.0.0" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > http://maven.apache.org/xsd/maven-4.0.0.xsd"> > <modelVersion>4.0.0</modelVersion> > <groupId>com.bazaarvoice</groupId> > <artifactId>importing-dependency</artifactId> > <version>1.0-SNAPSHOT</version> > <dependencies> > <dependency> > <groupId>com.bazaarvoice</groupId> > <artifactId>dependency-using-jaxen</artifactId> > <version>1.0-SNAPSHOT</version> > </dependency> > </dependencies> > <dependencyManagement> > <dependencies> > <dependency> > <groupId>jaxen</groupId> > <artifactId>jaxen</artifactId> > <version>1.1.1</version> > </dependency> > </dependencies> > </dependencyManagement> > <build> > <plugins> > <plugin> > <groupId>org.apache.maven.plugins</groupId> > <artifactId>maven-enforcer-plugin</artifactId> > <version>1.4.1</version> > <executions> > <execution> > <id>enforce-versions</id> > <phase>initialize</phase> > <goals> > <goal>enforce</goal> > </goals> > <configuration> > <rules> > <dependencyConvergence/> > </rules> > </configuration> > </execution> > </executions> > </plugin> > </plugins> > </build> > </project> > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)