Dependency Convergence
This rule requires that dependency version numbers converge. If a project has two dependencies, A and B, both depending on the same artifact, C, this rule will fail the build if A depends on a different version of C than the version of C depended on by B.
Here is a concrete example.
This will cause a build to fail.
<dependencies>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-jdk14</artifactId>
<version>1.6.1</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-nop</artifactId>
<version>1.6.0</version>
</dependency>
</dependencies> With this being logged during compilation
Dependency convergence error for org.slf4j:slf4j-api1.6.1 paths to dependency are:
[ERROR]
Dependency convergence error for org.slf4j:slf4j-api:1.6.1 paths to dependency are:
+-org.myorg:my-project:1.0.0-SNAPSHOT
+-org.slf4j:slf4j-jdk14:1.6.1
+-org.slf4j:slf4j-api:1.6.1
and
+-org.myorg:my-project:1.0.0-SNAPSHOT
+-org.slf4j:slf4j-nop:1.6.0
+-org.slf4j:slf4j-api:1.6.0And this will succeed.
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-jdk14</artifactId>
<version>1.6.1</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-nop</artifactId>
<version>1.6.0</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>Here is how a project should be setup to use this rule
<project>
...
<build>
<plugins>
...
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.5.0</version>
<executions>
<execution>
<id>enforce</id>
<configuration>
<rules>
<dependencyConvergence/>
</rules>
</configuration>
<goals>
<goal>enforce</goal>
</goals>
</execution>
</executions>
</plugin>
...
</plugins>
</build>
...
</project>Timestamped Version
By default the non-unique versions are matched, which means the X.Y-SNAPSHOT instead of the timestamped versions. If you want to use the unique versions of the dependencies, you can set its property to true.
<dependencyConvergence>
<uniqueVersions>true</uniqueVersions>
</dependencyConvergence>Filtering Dependency Errors
By default, all dependency convergence errors are reported, and any single error will fail the build. If you want to tune which dependency errors are reported and fail the build, you can add the following optional parameters:
- includes - A list of artifacts for which dependency convergence should be enforced. Not specifying any includes is interpreted the same as including all artifacts.
- excludes - A list of artifacts for which dependency convergence should not be enforced. These are exceptions to the includes.
- excludedScopes - A list of scopes of artifacts for which dependency convergence should not be enforced. Not specifying any scopes is interpreted as having the following scopes excluded:
provided,test.
The format for artifacts is groupId[:artifactId][:version][:type][:scope][:classifier] where artifactId, version, type, scope and classifier are optional. Wildcards may be used to replace an entire section or just parts of a section. This rule uses the Enforcer version range syntax to define allowed versions.
<dependencyConvergence>
<excludedScopes>
<scope>compile</scope>
<scope>runtime</scope>
</excludedScopes>
<includes>
<include>org.slf4j</include>
<include>org.apache.commons</include>
</includes>
<excludes>
<exclude>org.slf4j:slf4j-jdk14</exclude>
<exclude>org.apache.commons:*:[3.4]</exclude>
</excludes>
</dependencyConvergence>