Maven Enforcer 插件中的 dependencyConvergence 规则的白名单依赖项
我在树中有以下 Maven 依赖项:
...
[INFO] | | | \- io.netty:netty-tcnative-boringssl-static:jar:2.0.50.Final:compile
[INFO] | | | +- io.netty:netty-tcnative-classes:jar:2.0.48.Final:compile
[INFO] | | | +- io.netty:netty-tcnative-boringssl-static:jar:linux-x86_64:2.0.48.Final:compile
[INFO] | | | +- io.netty:netty-tcnative-boringssl-static:jar:linux-aarch_64:2.0.48.Final:compile
[INFO] | | | +- io.netty:netty-tcnative-boringssl-static:jar:osx-x86_64:2.0.48.Final:compile
[INFO] | | | +- io.netty:netty-tcnative-boringssl-static:jar:osx-aarch_64:2.0.48.Final:compile
[INFO] | | | \- io.netty:netty-tcnative-boringssl-static:jar:windows-x86_64:2.0.48.Final:compile
...
这是由 Maven Enforcer 插件的 dependencyConvergence 规则标记的,如下所示:
[WARNING]
Dependency convergence error for io.netty:netty-tcnative-boringssl-static:2.0.50.Final paths to dependency are:
+-com.twitter:finagle-http_2.12:22.2.0
+-io.netty:netty-tcnative-boringssl-static:2.0.50.Final
and
+-com.twitter:finagle-http_2.12:22.2.0
+-io.netty:netty-tcnative-boringssl-static:2.0.50.Final
+-io.netty:netty-tcnative-boringssl-static:2.0.48.Final
这是插件配置:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>${enforce-plugin.version}</version>
<executions>
<execution>
<id>enforce-banned-dependencies</id>
<goals>
<goal>enforce</goal>
</goals>
</execution>
</executions>
<configuration>
<rules>
<dependencyConvergence>
<uniqueVersions>true</uniqueVersions>
</dependencyConvergence>
</rules>
<fail>true</fail>
</configuration>
</plugin>
这不能通过排除冲突的依赖项来修复,所以有没有办法配置插件忽略这种依赖性?
编辑:
将maven-enforcer-plugin更新到最新版本后,问题仍然存在,但错误消息发生了一些变化:
Dependency convergence error for io.netty:netty-tcnative-boringssl-static:jar:2.0.50.Final:compile paths to dependency are:
+-com.ing.wbs.toolkit:wbs-toolkit-tpa-httpclient:jar:5.5.0
+-com.ing.apisdk:toolkit-connectivity-transport-http_2.12:jar:20.1.0:compile
+-com.twitter:finagle-http_2.12:jar:22.2.0:compile
+-io.netty:netty-tcnative-boringssl-static:jar:2.0.50.Final:compile
and
+-com.ing.wbs.toolkit:wbs-toolkit-tpa-httpclient:jar:5.5.0
+-com.ing.apisdk:toolkit-connectivity-transport-http_2.12:jar:20.1.0:compile
+-com.twitter:finagle-http_2.12:jar:22.2.0:compile
+-io.netty:netty-tcnative-boringssl-static:jar:2.0.50.Final:compile
+-io.netty:netty-tcnative-boringssl-static:jar:linux-x86_64:2.0.48.Final:compile
所以看来netty-tcnative-boringssl-static 库依赖于其自身特定于体系结构的版本的旧版本;尽管如此,maven-enforcer 认为这只是其自身的旧版本,并将其标记为一个问题。
I have the following Maven dependency in the tree:
...
[INFO] | | | \- io.netty:netty-tcnative-boringssl-static:jar:2.0.50.Final:compile
[INFO] | | | +- io.netty:netty-tcnative-classes:jar:2.0.48.Final:compile
[INFO] | | | +- io.netty:netty-tcnative-boringssl-static:jar:linux-x86_64:2.0.48.Final:compile
[INFO] | | | +- io.netty:netty-tcnative-boringssl-static:jar:linux-aarch_64:2.0.48.Final:compile
[INFO] | | | +- io.netty:netty-tcnative-boringssl-static:jar:osx-x86_64:2.0.48.Final:compile
[INFO] | | | +- io.netty:netty-tcnative-boringssl-static:jar:osx-aarch_64:2.0.48.Final:compile
[INFO] | | | \- io.netty:netty-tcnative-boringssl-static:jar:windows-x86_64:2.0.48.Final:compile
...
This is flagged by the dependencyConvergence rule of Maven Enforcer plugin like below:
[WARNING]
Dependency convergence error for io.netty:netty-tcnative-boringssl-static:2.0.50.Final paths to dependency are:
+-com.twitter:finagle-http_2.12:22.2.0
+-io.netty:netty-tcnative-boringssl-static:2.0.50.Final
and
+-com.twitter:finagle-http_2.12:22.2.0
+-io.netty:netty-tcnative-boringssl-static:2.0.50.Final
+-io.netty:netty-tcnative-boringssl-static:2.0.48.Final
And here is the plugin configuration:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>${enforce-plugin.version}</version>
<executions>
<execution>
<id>enforce-banned-dependencies</id>
<goals>
<goal>enforce</goal>
</goals>
</execution>
</executions>
<configuration>
<rules>
<dependencyConvergence>
<uniqueVersions>true</uniqueVersions>
</dependencyConvergence>
</rules>
<fail>true</fail>
</configuration>
</plugin>
This cannot be fixed by excluding the conflicting dependency, so is there a way to configure the plugin to just ignore this dependency?
EDIT:
After updating the maven-enforcer-plugin to latest version, the issue is still there, but the error message changed a bit:
Dependency convergence error for io.netty:netty-tcnative-boringssl-static:jar:2.0.50.Final:compile paths to dependency are:
+-com.ing.wbs.toolkit:wbs-toolkit-tpa-httpclient:jar:5.5.0
+-com.ing.apisdk:toolkit-connectivity-transport-http_2.12:jar:20.1.0:compile
+-com.twitter:finagle-http_2.12:jar:22.2.0:compile
+-io.netty:netty-tcnative-boringssl-static:jar:2.0.50.Final:compile
and
+-com.ing.wbs.toolkit:wbs-toolkit-tpa-httpclient:jar:5.5.0
+-com.ing.apisdk:toolkit-connectivity-transport-http_2.12:jar:20.1.0:compile
+-com.twitter:finagle-http_2.12:jar:22.2.0:compile
+-io.netty:netty-tcnative-boringssl-static:jar:2.0.50.Final:compile
+-io.netty:netty-tcnative-boringssl-static:jar:linux-x86_64:2.0.48.Final:compile
So it seems that the netty-tcnative-boringssl-static library has a dependency to an older version of an architecture-specific version of itself; still, maven-enforcer thinks it's just an older version of itself and flags it as an issue.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论