Menu
I am using the Maven enforcer plugin to check for dependency convergence. Given this (contrived) example:
project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>warren</groupId>
<artifactId>warren</artifactId>
<packaging>war</packaging>
<version>1.0-SNAPSHOT</version>
<name>warren Maven Webapp</name>
<url>http://maven.apache.org</url>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>net.sf.jtidy</groupId>
<artifactId>jtidy</artifactId>
<version>r938</version>
</dependency>
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-tools-api</artifactId>
<version>2.5.1</version>
</dependency>
</dependencies>
<build>
<finalName>warren</finalName>
<!-- The Maven Enforcer -->
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.4</version>
<dependencies>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>extra-enforcer-rules</artifactId>
<version>1.0-beta-2</version>
</dependency>
</dependencies>
<executions>
<!-- ******************************************************* -->
<!-- Ensure that certain really important things are checked -->
<!-- and fail the build if any of these are violated -->
<!-- ****************************************************** -->
<execution>
<id>enforce-important-stuff</id>
<goals>
<goal>enforce</goal>
</goals>
<phase>validate</phase>
<configuration>
<rules>
<requireMavenVersion>
<version>3.2.1</version>
</requireMavenVersion>
<requireJavaVersion>
<version>1.7</version>
</requireJavaVersion>
<DependencyConvergence />
<bannedDependencies>
<searchTransitive>true</searchTransitive>
<excludes>
<!-- Should be javax.servlet:javax.servlet-api:3.0.1 -->
<exclude>javax.servlet:servlet-api:2.*</exclude>
<!-- Should be org.springframework:3.2.* . Note this is
for the core spring framework. Others such as
WS etc may be different, but the convergence to the underlying
core Spring framework should be the same -->
<exclude>org.springframework:2.*</exclude>
<exclude>org.springframework:3.0.*</exclude>
<exclude>org.springframework:3.1.*</exclude>>
<!-- Should be slf4j 1.7.5 with logback and
bridges to JCL, JUL and log4j (this means these
individual libraries should not be included as the
"bridges" implement the API and redirect to the
underlying SLF4j impl -->
<exclude>log4j:log4j</exclude>
<exclude>commons-logging</exclude>
<exclude>org.slf4j:1.5*</exclude>
<exclude>org.slf4j:1.6*</exclude>
</excludes>
</bannedDependencies>
</rules>
<failFast>true</failFast>
</configuration>
</execution>
<execution>
<id>warn-about-stuff-which-may-cause-problems</id>
<goals>
<goal>enforce</goal>
</goals>
<phase>validate</phase>
<configuration>
<rules>
<banDuplicateClasses>
<ignoreClasses>
</ignoreClasses>
<findAllDuplicates>true</findAllDuplicates>
</banDuplicateClasses>
</rules>
<fail>false</fail>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
I get this output:
[ERROR] +-warren:warren:1.0-SNAPSHOT
[ERROR] +-org.apache.maven.plugin-tools:maven-plugin-tools-api:2.5.1
[ERROR] +-org.codehaus.plexus:plexus-utils:1.5.6
[ERROR] and
[ERROR] +-warren:warren:1.0-SNAPSHOT
[ERROR] +-org.apache.maven.plugin-tools:maven-plugin-tools-api:2.5.1
[ERROR] +-org.codehaus.plexus:plexus-container-default:1.0-alpha-9-stable-1
[ERROR] +-org.codehaus.plexus:plexus-utils:1.0.4
So, I naively thought I could change my pom to use wildcard exclusions to avoid this issue ie:
<dependency>
<groupId>net.sf.jtidy</groupId>
<artifactId>jtidy</artifactId>
<version>r938</version>
</dependency>
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-tools-api</artifactId>
<version>2.5.1</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
but Maven ignores the wildcards and I get the same error. The only way to fix the error is to explicitly put in the group & artifact ids.
<exclusions>
<exclusion>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
</exclusion>
</exclusions>
Is it possible to use wildcard exclusions in this situation? Note I have tried using maven 3.0.5, 3.2.1 and 3.3.3 but no luck!
Many thanks
294
Exclude a dependency You can use a diagram to exclude a dependency from the project's POM. Select a dependency in the diagram window. From the context menu, choose Exclude. From the list, select the module (if any) where the exclusion definition will be added.
Since Maven resolves dependencies transitively, it is possible for unwanted dependencies to be included in your project's classpath. For example, a certain older jar may have security issues or be incompatible with the Java version you're using. To address this, Maven allows you to exclude specific dependencies.
How to fix require upper bound dependencies error. If that artifact is already declared in pom. xml, update the version in the pom. xml to the newest version listed in the output from maven-enforcer-plugin.
The Enforcer plugin provides goals to control certain environmental constraints such as Maven version, JDK version and OS family along with many more built-in rules and user created rules.
There is an open issue for dependencyConvergence when using wildcard exclusions: https://issues.apache.org/jira/browse/MENFORCER-195.
There is no indication of when we can expect a fix, or any recent activity on this issue (or on the issue https://issues.apache.org/jira/browse/MSHARED-339). I hit it with maven-enforcer-plugin 1.4.1.
53
The best ways to fix this as of now is to add both wildcard exclusion and exclusion for every dependency that caused the enforcer to fail:
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-tools-api</artifactId>
<version>2.5.1</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
<exclusion>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
</exclusion>
</exclusions>
</exclusions>
</dependency>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
