spring-cloud-sleuth icon indicating copy to clipboard operation
spring-cloud-sleuth copied to clipboard

Published 20 hours ago verified publisher icon spring-cloud

Dependency convergence when using maven-enforcer

Open nylend95 opened this issue 2 years ago • 0 comments

Hi, when upgrading to spring-cloud 2020.0.4 from Hoxton I encountered dependency convergence issues. We use the maven plugin: maven-enforcer-plugin with a rule to fail on Dependency Convergence. Below is a small example which fails due to this. I know these transitive dependencies, but I find it weird that the same dependency includes the two different versions of the same transitive dependency.

I get the error message when trying to build the project:

Dependency convergence error for org.osgi:org.osgi.core:jar:4.3.1:provided paths to dependency are:
+-org.example:spring-cloud-sleuth-example:jar:1.0.0-SNAPSHOT
  +-org.springframework.cloud:spring-cloud-starter-sleuth:jar:3.0.4:provided
    +-org.springframework.cloud:spring-cloud-starter:jar:3.0.4:provided
      +-org.springframework.boot:spring-boot-starter:jar:2.4.12:provided
        +-org.springframework.boot:spring-boot-starter-logging:jar:2.4.12:provided
          +-org.apache.logging.log4j:log4j-to-slf4j:jar:2.13.3:provided
            +-org.apache.logging.log4j:log4j-api:jar:2.13.3:provided
              +-org.osgi:org.osgi.core:jar:4.3.1:provided
and
+-org.example:spring-cloud-sleuth-example:jar:1.0.0-SNAPSHOT
  +-org.springframework.cloud:spring-cloud-starter-sleuth:jar:3.0.4:provided
    +-org.springframework.cloud:spring-cloud-sleuth-brave:jar:3.0.4:provided
      +-io.zipkin.brave:brave-instrumentation-kafka-clients:jar:5.13.2:provided
        +-org.apache.kafka:kafka-clients:jar:2.6.2:provided
          +-org.xerial.snappy:snappy-java:jar:1.1.7.3:provided
            +-org.osgi:org.osgi.core:jar:4.3.0:provided

[WARNING] Rule 0: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message:
Failed while enforcing releasability. See above detailed error message.
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  4.685 s
[INFO] Finished at: 2021-11-03T09:31:49Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0:enforce (enforce) on project spring-cloud-sleuth-example: Some Enforcer rules have failed. Look above for specific messages explaining why the rule failed. -> [Help 1]

Workaround

I can workaround the issue by setting dependencyManagement for the dependencies that cause an issue, but that is not the cleanest solution. We use the dependencyConvergence rule in all our projects, and that would end up with a lot of extra code.

Reproduce the issue

  1. Copy the following content into a pom.xml
  2. Run mvn compile
  3. Outcome is the error (shown above)
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.4.12</version>
  </parent>

  <groupId>org.example</groupId>
  <artifactId>spring-cloud-sleuth-example</artifactId>
  <version>1.0.0-SNAPSHOT</version>
  <packaging>jar</packaging>

  <name>spring-cloud-sleuth-example</name>

  <properties>
    <java.version>11</java.version>
    <maven.compiler.source>${java.version}</maven.compiler.source>
    <maven.compiler.target>${java.version}</maven.compiler.target>

    <spring-cloud.version>2020.0.4</spring-cloud.version>
  </properties>

  <dependencyManagement>
    <dependencies>
      <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-dependencies</artifactId>
        <version>${spring-cloud.version}</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>
    </dependencies>
  </dependencyManagement>

  <dependencies>
    <dependency>
      <groupId>org.springframework.cloud</groupId>
      <artifactId>spring-cloud-starter-sleuth</artifactId>
      <scope>provided</scope>
    </dependency>
  </dependencies>

  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <executions>
          <execution>
            <id>enforce</id>
            <configuration>
              <rules>
                <DependencyConvergence/>
                <banDuplicatePomDependencyVersions/>
              </rules>
            </configuration>
            <goals>
              <goal>enforce</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
</project>

nylend95 avatar Nov 03 '21 09:11 nylend95