I am using the Maven enforcer plugin to check for dependency convergence. Given this (contrived) example:
project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>warren</groupId>
<artifactId>warren</artifactId>
<packaging>war</packaging>
<version>1.0-SNAPSHOT</version>
<name>warren Maven Webapp</name>
<url>http://maven.apache.org</url>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>net.sf.jtidy</groupId>
<artifactId>jtidy</artifactId>
<version>r938</version>
</dependency>
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-tools-api</artifactId>
<version>2.5.1</version>
</dependency>
</dependencies>
<build>
<finalName>warren</finalName>
<!-- The Maven Enforcer -->
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.4</version>
<dependencies>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>extra-enforcer-rules</artifactId>
<version>1.0-beta-2</version>
</dependency>
</dependencies>
<executions>
<!-- ******************************************************* -->
<!-- Ensure that certain really important things are checked -->
<!-- and fail the build if any of these are violated -->
<!-- ****************************************************** -->
<execution>
<id>enforce-important-stuff</id>
<goals>
<goal>enforce</goal>
</goals>
<phase>validate</phase>
<configuration>
<rules>
<requireMavenVersion>
<version>3.2.1</version>
</requireMavenVersion>
<requireJavaVersion>
<version>1.7</version>
</requireJavaVersion>
<DependencyConvergence />
<bannedDependencies>
<searchTransitive>true</searchTransitive>
<excludes>
<!-- Should be javax.servlet:javax.servlet-api:3.0.1 -->
<exclude>javax.servlet:servlet-api:2.*</exclude>
<!-- Should be org.springframework:3.2.* . Note this is
for the core spring framework. Others such as
WS etc may be different, but the convergence to the underlying
core Spring framework should be the same -->
<exclude>org.springframework:2.*</exclude>
<exclude>org.springframework:3.0.*</exclude>
<exclude>org.springframework:3.1.*</exclude>>
<!-- Should be slf4j 1.7.5 with logback and
bridges to JCL, JUL and log4j (this means these
individual libraries should not be included as the
"bridges" implement the API and redirect to the
underlying SLF4j impl -->
<exclude>log4j:log4j</exclude>
<exclude>commons-logging</exclude>
<exclude>org.slf4j:1.5*</exclude>
<exclude>org.slf4j:1.6*</exclude>
</excludes>
</bannedDependencies>
</rules>
<failFast>true</failFast>
</configuration>
</execution>
<execution>
<id>warn-about-stuff-which-may-cause-problems</id>
<goals>
<goal>enforce</goal>
</goals>
<phase>validate</phase>
<configuration>
<rules>
<banDuplicateClasses>
<ignoreClasses>
</ignoreClasses>
<findAllDuplicates>true</findAllDuplicates>
</banDuplicateClasses>
</rules>
<fail>false</fail>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
I get this output:
[ERROR] +-warren:warren:1.0-SNAPSHOT
[ERROR] +-org.apache.maven.plugin-tools:maven-plugin-tools-api:2.5.1
[ERROR] +-org.codehaus.plexus:plexus-utils:1.5.6
[ERROR] and
[ERROR] +-warren:warren:1.0-SNAPSHOT
[ERROR] +-org.apache.maven.plugin-tools:maven-plugin-tools-api:2.5.1
[ERROR] +-org.codehaus.plexus:plexus-container-default:1.0-alpha-9-stable-1
[ERROR] +-org.codehaus.plexus:plexus-utils:1.0.4
So, I naively thought I could change my pom to use wildcard exclusions to avoid this issue ie:
<dependency>
<groupId>net.sf.jtidy</groupId>
<artifactId>jtidy</artifactId>
<version>r938</version>
</dependency>
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-tools-api</artifactId>
<version>2.5.1</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
but Maven ignores the wildcards and I get the same error. The only way to fix the error is to explicitly put in the group & artifact ids.
<exclusions>
<exclusion>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
</exclusion>
</exclusions>
Is it possible to use wildcard exclusions in this situation? Note I have tried using maven 3.0.5, 3.2.1 and 3.3.3 but no luck!
Many thanks
There is an open issue for dependencyConvergence when using wildcard exclusions: https://issues.apache.org/jira/browse/MENFORCER-195.
There is no indication of when we can expect a fix, or any recent activity on this issue (or on the issue https://issues.apache.org/jira/browse/MSHARED-339). I hit it with maven-enforcer-plugin 1.4.1.