Converge transitive dependencies to consuming app

[renholm]

Maven enforcer plugin goes 🍌 on dependencies from Jest. Looks to be the dependency management that does not translate down to end component.

I am contemplating if this is how it should be or if dependencies should be excluded in Jest instead of dependency managed. Opinions?

Here is what I get:

[WARNING] 
Dependency convergence error for org.apache.httpcomponents:httpcore:4.3.1 paths to dependency are:
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpcore:4.3.1
and
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpcore-nio:4.3.1
      +-org.apache.httpcomponents:httpcore:4.3.1
and
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpclient:4.3.2
      +-org.apache.httpcomponents:httpcore:4.3.1
and
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpasyncclient:4.0
      +-org.apache.httpcomponents:httpcore:4.3

[WARNING] 
Dependency convergence error for org.apache.httpcomponents:httpcore-nio:4.3.1 paths to dependency are:
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpcore-nio:4.3.1
and
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpasyncclient:4.0
      +-org.apache.httpcomponents:httpcore-nio:4.3

[WARNING] 
Dependency convergence error for org.apache.httpcomponents:httpclient:4.3.2 paths to dependency are:
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpclient:4.3.2
and
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpasyncclient:4.0
      +-org.apache.httpcomponents:httpclient:4.3.1

[WARNING] Rule 0: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message:
Failed while enforcing releasability the error(s) are [
Dependency convergence error for org.apache.httpcomponents:httpcore:4.3.1 paths to dependency are:
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpcore:4.3.1
and
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpcore-nio:4.3.1
      +-org.apache.httpcomponents:httpcore:4.3.1
and
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpclient:4.3.2
      +-org.apache.httpcomponents:httpcore:4.3.1
and
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpasyncclient:4.0
      +-org.apache.httpcomponents:httpcore:4.3
, 
Dependency convergence error for org.apache.httpcomponents:httpcore-nio:4.3.1 paths to dependency are:
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpcore-nio:4.3.1
and
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpasyncclient:4.0
      +-org.apache.httpcomponents:httpcore-nio:4.3
, 
Dependency convergence error for org.apache.httpcomponents:httpclient:4.3.2 paths to dependency are:
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpclient:4.3.2
and
+-plan3:bundler:1
  +-io.searchbox:jest:0.0.6
    +-org.apache.httpcomponents:httpasyncclient:4.0
      +-org.apache.httpcomponents:httpclient:4.3.1

[kramer]

Care to elaborate on the problem because I didn't really get it?

[renholm]

Sure! The challenge is that we use the maven-enforcer-plugin to be aware and explicitly handle dependencies of different versions. This is visible in the above example where both version 4.3.1 and 4.3.2 is included of the dependency org.apache.httpcomponents:httpclient. We use it as a good practice to keep dependencies in check.

What I'm requesting is to try to make Jest not require two versions of the same dependency, but en force one version.

[kramer]

I believe the commit d59e26e fixes the issue, can you confirm?

Also I tried to add the enforcer plugin to the Jest itself with the below configuration (the sample config taken from plugin's page), but the enforcer:enforce goal did not produce any output (with maven 3.1.1). Any ideas?

<project>
  ...
  <build>
    <plugins>
      ...
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>1.3.1</version>
        <configuration>
          <rules>
            <DependencyConvergence/>
          </rules>
        </configuration>
        <executions>
          <execution>
            <id>enforce</id>
            <configuration>
              <rules>
                <DependencyConvergence/>
              </rules>
            </configuration>
            <goals>
              <goal>enforce</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
      ...
    </plugins>
  </build>
  ...
</project>

[renholm]

I tried that myself and had the same problem. I suspect that <dependencyManagement> forces dependencies in line for Jest itself. Thus making en enforcer plugin happy. But has no effect on components using Jest. One idea is to remove all dependency management and use explicitly declare one version of an artifact as a normal <dependency> and then use <exclusions> to remove other versions.

[renholm]

I'll try the commit btw!

[renholm]

@kramer works like a charm! great work!

[kramer]

Thanks for the heads up & confirmation 👍

IMO <dependencyManagement> section's advantages outweight enforcer-plugin's features so let's keep the current structure for now. Though if you happen to get the plugin to work with Jest somehow in the future we'll be more than happy to merge that pull request.