Description
Describe the proposal
I propose to add the Maven Enforcer Plugin to the project build, and more specifically, to enforce the "Dependency Convergence" rule.
This rule ensures that for each dependency, it is possible to resolve to one and only one version.
Quoting an example from the documentation:
This rule requires that dependency version numbers converge. If a project has two dependencies, A and B, both depending on the same artifact, C, this rule will fail the build if A depends on a different version of C than the version of C depended on by B.
Currently, dependency version numbers do not converge. I have attached a sample project which depends only on Dapr, that illustrates this. If you run mvn validate on the project, you see:
Dependency convergence error for org.jetbrains.kotlin:kotlin-stdlib:1.4.0 paths to dependency are:
+-it.mulders.dapr:dapr-dependency-convergence:1.0-SNAPSHOT
+-io.dapr:dapr-sdk:1.1.0
+-com.squareup.okhttp3:okhttp:4.9.0
+-com.squareup.okio:okio:2.8.0
+-org.jetbrains.kotlin:kotlin-stdlib:1.4.0
and
+-it.mulders.dapr:dapr-dependency-convergence:1.0-SNAPSHOT
+-io.dapr:dapr-sdk:1.1.0
+-com.squareup.okhttp3:okhttp:4.9.0
+-org.jetbrains.kotlin:kotlin-stdlib:1.4.10
So, my proposal is two-fold:
- Add the plugin + rule to prevent this kind of situation in the future
- Solve the current convergence error
PS. I'm not sure if this should be a proposal or rather a bug report. Feel free to change to bug report if you think that's more appropriate.