Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Excluding a couple of libraries which should be picked up from Jenkins core (in older versions) #105

Merged
merged 2 commits into from
Jan 5, 2018
Merged

Excluding a couple of libraries which should be picked up from Jenkins core (in older versions) #105

merged 2 commits into from
Jan 5, 2018

Conversation

jglick
Copy link
Member

@jglick jglick commented Nov 2, 2017

Seems like #102 was not complete?

@reviewbybees

@ghost
Copy link

ghost commented Nov 2, 2017

This pull request originates from a CloudBees employee. At CloudBees, we require that all pull requests be reviewed by other CloudBees employees before we seek to have the change accepted. If you want to learn more about our process please see this explanation.

@oleg-nenashev
Copy link
Member

I need to review it. commons-io needs to be excluded I'd guess, not sure about Ant. ETA is Nov 10 for now

@oleg-nenashev
Copy link
Member

@jglick Even when I build with 2.73.3, the dependency tree is fine. I see the dependency in https://github.com/jenkinsci/jenkins/blob/397b4fae8e7388e3c1c30957dfe9703a5e64185e/core/pom.xml#L249 , but it does not appear in the dependency tree at all.

I'd guess it's because of the provided scope in Plugin POM. So the requireUpperBounds check maybe does not discover all deps somehow.

Jenkins plugin POM, latest:

    <dependency>
      <groupId>org.jenkins-ci.main</groupId>
      <artifactId>jenkins-core</artifactId>
      <scope>provided</scope>
    </dependency>

Dependency tree...

[INFO] --- maven-dependency-plugin:3.0.0:tree (default-cli) @ maven-plugin ---
[INFO] org.jenkins-ci.main:maven-plugin:hpi:3.0-SNAPSHOT
[INFO] +- org.jenkins-ci.plugins:javadoc:jar:1.0:compile
[INFO] +- org.jenkins-ci.plugins:mailer:jar:1.7:compile
[INFO] +- org.jenkins-ci.plugins:junit:jar:1.6:compile
[INFO] +- org.jenkins-ci.main.maven:maven-agent:jar:1.12-alpha-1:compile
[INFO] |  \- org.apache.ant:ant:jar:1.9.2:compile
[INFO] |     \- org.apache.ant:ant-launcher:jar:1.9.2:compile
[INFO] +- org.jenkins-ci.main.maven:maven-interceptor:jar:1.12-alpha-1:compile
[INFO] +- org.jvnet.hudson:maven2.1-interceptor:jar:1.2:compile
[INFO] +- org.jenkins-ci.main.maven:maven3-agent:jar:1.12-alpha-1:compile
[INFO] +- org.jenkins-ci.main.maven:maven31-agent:jar:1.12-alpha-1:compile
[INFO] +- org.jenkins-ci.main.maven:maven32-agent:jar:1.12-alpha-1:compile
[INFO] +- org.jenkins-ci.main.maven:maven33-agent:jar:1.12-alpha-1:compile
[INFO] +- org.jenkins-ci.main.maven:maven35-agent:jar:1.12-alpha-1:compile
[INFO] |  \- org.apache.maven:maven-repository-metadata:jar:3.5.0:compile
[INFO] +- org.jenkins-ci.main.maven:maven3-interceptor:jar:1.12-alpha-1:compile
[INFO] +- org.jenkins-ci.main.maven:maven31-interceptor:jar:1.12-alpha-1:compile
[INFO] +- org.jenkins-ci.main.maven:maven32-interceptor:jar:1.12-alpha-1:compile
[INFO] +- org.jenkins-ci.main.maven:maven33-interceptor:jar:1.12-alpha-1:compile
[INFO] +- org.jenkins-ci.main.maven:maven35-interceptor:jar:1.12-alpha-1:compile
[INFO] +- org.jenkins-ci.main.maven:maven3-interceptor-commons:jar:1.12-alpha-1:compile
[INFO] +- org.apache.maven:maven-core:jar:3.1.0:compile
[INFO] |  +- org.apache.maven:maven-model:jar:3.1.0:compile
[INFO] |  +- org.apache.maven:maven-settings:jar:3.1.0:compile
[INFO] |  +- org.apache.maven:maven-settings-builder:jar:3.1.0:compile
[INFO] |  +- org.apache.maven:maven-artifact:jar:3.1.0:compile
[INFO] |  +- org.apache.maven:maven-plugin-api:jar:3.1.0:compile
[INFO] |  +- org.apache.maven:maven-model-builder:jar:3.1.0:compile
[INFO] |  +- org.codehaus.plexus:plexus-interpolation:jar:1.16:compile
[INFO] |  \- org.sonatype.plexus:plexus-sec-dispatcher:jar:1.3:compile
[INFO] +- org.apache.maven:maven-compat:jar:3.1.0:compile
[INFO] +- org.apache.maven:maven-aether-provider:jar:3.1.0:compile
[INFO] +- org.apache.maven:maven-embedder:jar:3.1.0:compile
[INFO] |  +- org.sonatype.plexus:plexus-cipher:jar:1.7:compile
[INFO] |  \- commons-cli:commons-cli:jar:1.2:compile
[INFO] +- org.eclipse.aether:aether-api:jar:1.1.0:compile
[INFO] +- org.eclipse.aether:aether-impl:jar:1.1.0:compile
[INFO] +- org.eclipse.aether:aether-spi:jar:1.1.0:compile
[INFO] +- org.eclipse.aether:aether-util:jar:1.1.0:compile
[INFO] +- org.eclipse.aether:aether-transport-wagon:jar:1.1.0:compile
[INFO] +- org.eclipse.aether:aether-connector-basic:jar:1.1.0:compile
[INFO] +- org.eclipse.sisu:org.eclipse.sisu.plexus:jar:0.3.3:compile
[INFO] |  +- javax.enterprise:cdi-api:jar:1.0:compile
[INFO] |  |  +- javax.annotation:jsr250-api:jar:1.0:compile
[INFO] |  |  \- javax.inject:javax.inject:jar:1:compile
[INFO] |  \- org.eclipse.sisu:org.eclipse.sisu.inject:jar:0.3.3:compile
[INFO] +- org.apache.maven.wagon:wagon-http:jar:3.0.0:compile
[INFO] |  \- org.apache.maven.wagon:wagon-http-shared:jar:3.0.0:compile
[INFO] |     \- org.jsoup:jsoup:jar:1.7.2:compile
[INFO] +- org.jenkins-ci.plugins:apache-httpcomponents-client-4-api:jar:4.5.3-1.0:compile
[INFO] |  \- org.apache.httpcomponents:httpclient:jar:4.5.3:compile
[INFO] |     +- org.apache.httpcomponents:httpcore:jar:4.4.6:compile
[INFO] |     \- commons-logging:commons-logging:jar:1.2:provided
[INFO] +- org.jenkins-ci.plugins:jsch:jar:0.1.54.1:compile
[INFO] |  +- com.jcraft:jsch:jar:0.1.54:compile
[INFO] |  \- org.jenkins-ci.plugins:ssh-credentials:jar:1.12:compile
[INFO] |     \- org.jenkins-ci.plugins:credentials:jar:1.21:compile
[INFO] +- org.apache.maven.wagon:wagon-file:jar:3.0.0:compile
[INFO] +- org.apache.maven.wagon:wagon-ftp:jar:3.0.0:compile
[INFO] |  +- commons-net:commons-net:jar:3.5:compile
[INFO] |  \- commons-io:commons-io:jar:2.5:compile
[INFO] +- org.apache.maven.wagon:wagon-ssh:jar:3.0.0:compile
[INFO] |  +- com.jcraft:jsch.agentproxy.connector-factory:jar:0.0.9:compile
[INFO] |  |  +- com.jcraft:jsch.agentproxy.core:jar:0.0.9:compile
[INFO] |  |  +- com.jcraft:jsch.agentproxy.usocket-jna:jar:0.0.9:compile
[INFO] |  |  |  \- net.java.dev.jna:jna-platform:jar:4.1.0:compile
[INFO] |  |  +- com.jcraft:jsch.agentproxy.usocket-nc:jar:0.0.9:compile
[INFO] |  |  +- com.jcraft:jsch.agentproxy.sshagent:jar:0.0.9:compile
[INFO] |  |  \- com.jcraft:jsch.agentproxy.pageant:jar:0.0.9:compile
[INFO] |  +- com.jcraft:jsch.agentproxy.jsch:jar:0.0.9:compile
[INFO] |  +- org.codehaus.plexus:plexus-interactivity-api:jar:1.0-alpha-6:compile
[INFO] |  \- org.apache.maven.wagon:wagon-ssh-common:jar:3.0.0:compile
[INFO] +- org.apache.maven.wagon:wagon-ssh-external:jar:3.0.0:compile
[INFO] +- org.apache.maven.wagon:wagon-provider-api:jar:3.0.0:compile
[INFO] +- org.apache.maven.reporting:maven-reporting-api:jar:3.0:compile
[INFO] |  \- org.apache.maven.doxia:doxia-sink-api:jar:1.0:compile
[INFO] +- org.codehaus.plexus:plexus-classworlds:jar:2.5.2:compile
[INFO] +- org.codehaus.plexus:plexus-utils:jar:3.0.24:compile
[INFO] +- org.codehaus.plexus:plexus-component-annotations:jar:1.7.1:compile
[INFO] +- org.jenkins-ci.lib:lib-jenkins-maven-artifact-manager:jar:1.2:compile
[INFO] +- org.jenkins-ci.lib:lib-jenkins-maven-embedder:jar:3.12:compile
[INFO] +- org.apache.maven.wagon:wagon-webdav-jackrabbit:jar:3.0.0:compile
[INFO] |  \- org.apache.jackrabbit:jackrabbit-webdav:jar:2.14.1:compile
[INFO] +- org.jenkins-ci.plugins:token-macro:jar:1.1:compile (optional) 
[INFO] +- org.jenkins-ci.main:jenkins-test-harness-tools:jar:2.0:test
[INFO] |  \- org.jenkins-ci.plugins:ant:jar:1.2:test
[INFO] +- org.mockito:mockito-core:jar:1.10.19:test
[INFO] |  \- org.objenesis:objenesis:jar:2.1:test
[INFO] +- org.powermock:powermock-module-junit4:jar:1.6.4:test
[INFO] |  \- org.powermock:powermock-module-junit4-common:jar:1.6.4:test
[INFO] |     +- org.powermock:powermock-core:jar:1.6.4:test
[INFO] |     |  \- org.javassist:javassist:jar:3.20.0-GA:test
[INFO] |     \- org.powermock:powermock-reflect:jar:1.6.4:test
[INFO] +- org.powermock:powermock-api-mockito:jar:1.6.4:test
[INFO] |  +- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] |  \- org.powermock:powermock-api-support:jar:1.6.4:test
[INFO] +- org.jvnet.mock-javamail:mock-javamail:jar:1.9:test
[INFO] +- org.slf4j:slf4j-jdk14:jar:1.7.7:test
[INFO] +- org.jenkins-ci.test:sample-plexus-component:jar:1.0:test
[INFO] +- org.jenkins-ci.plugins:promoted-builds:jar:2.23:test
[INFO] +- com.google.code.findbugs:annotations:jar:3.0.0:provided (optional) 
[INFO] +- net.jcip:jcip-annotations:jar:1.0:provided (optional) 
[INFO] +- org.codehaus.mojo:animal-sniffer-annotations:jar:1.14:provided (optional) 
[INFO] +- javax.servlet:javax.servlet-api:jar:3.1.0:test
[INFO] +- javax.servlet:servlet-api:jar:2.4:provided
[INFO] +- org.jenkins-ci.main:jenkins-core:jar:2.73.3:provided
[INFO] |  +- org.jenkins-ci.plugins.icon-shim:icon-set:jar:1.0.5:provided
[INFO] |  +- org.jenkins-ci.main:remoting:jar:3.10.2:provided
[INFO] |  |  \- org.jenkins-ci:constant-pool-scanner:jar:1.2:provided
[INFO] |  +- org.jenkins-ci.main:cli:jar:2.73.3:provided
[INFO] |  +- org.jenkins-ci:version-number:jar:1.4:provided
[INFO] |  +- org.jenkins-ci:crypto-util:jar:1.1:provided
[INFO] |  +- org.jvnet.hudson:jtidy:jar:4aug2000r7-dev-hudson-1:provided
[INFO] |  +- com.google.inject:guice:jar:4.0:provided
[INFO] |  |  \- aopalliance:aopalliance:jar:1.0:provided
[INFO] |  +- org.jruby.ext.posix:jna-posix:jar:1.0.3-jenkins-1:provided
[INFO] |  +- com.github.jnr:jnr-posix:jar:3.0.41:provided
[INFO] |  |  +- com.github.jnr:jnr-ffi:jar:2.1.4:provided
[INFO] |  |  |  +- com.github.jnr:jffi:jar:1.2.15:provided
[INFO] |  |  |  +- com.github.jnr:jffi:jar:native:1.2.15:provided
[INFO] |  |  |  +- org.ow2.asm:asm:jar:5.0.3:provided
[INFO] |  |  |  +- org.ow2.asm:asm-commons:jar:5.0.3:provided
[INFO] |  |  |  +- org.ow2.asm:asm-analysis:jar:5.0.3:provided
[INFO] |  |  |  +- org.ow2.asm:asm-tree:jar:5.0.3:provided
[INFO] |  |  |  +- org.ow2.asm:asm-util:jar:5.0.3:provided
[INFO] |  |  |  \- com.github.jnr:jnr-x86asm:jar:1.0.2:provided
[INFO] |  |  \- com.github.jnr:jnr-constants:jar:0.9.8:provided
[INFO] |  +- org.kohsuke:trilead-putty-extension:jar:1.2:provided
[INFO] |  +- org.jenkins-ci:trilead-ssh2:jar:build-217-jenkins-11:provided
[INFO] |  |  +- net.i2p.crypto:eddsa:jar:0.2.0:provided
[INFO] |  |  \- org.connectbot.jbcrypt:jbcrypt:jar:1.0.0:provided
[INFO] |  +- org.kohsuke.stapler:stapler-groovy:jar:1.250:provided
[INFO] |  |  \- org.kohsuke.stapler:stapler-jelly:jar:1.250:provided
[INFO] |  |     +- org.jenkins-ci:commons-jelly:jar:1.1-jenkins-20120928:provided
[INFO] |  |     \- org.jenkins-ci.dom4j:dom4j:jar:1.6.1-jenkins-4:provided
[INFO] |  +- org.kohsuke.stapler:stapler-jrebel:jar:1.250:provided
[INFO] |  |  \- org.kohsuke.stapler:stapler:jar:1.250:provided
[INFO] |  |     +- javax.annotation:javax.annotation-api:jar:1.2:provided
[INFO] |  |     +- commons-discovery:commons-discovery:jar:0.4:provided
[INFO] |  |     \- org.jvnet:tiger-types:jar:2.2:provided
[INFO] |  +- org.kohsuke:windows-package-checker:jar:1.2:provided
[INFO] |  +- org.kohsuke.stapler:stapler-adjunct-zeroclipboard:jar:1.3.5-1:provided
[INFO] |  +- org.kohsuke.stapler:stapler-adjunct-timeline:jar:1.5:provided
[INFO] |  +- org.kohsuke.stapler:stapler-adjunct-codemirror:jar:1.3:provided
[INFO] |  +- com.infradna.tool:bridge-method-annotation:jar:1.13:provided
[INFO] |  +- org.kohsuke.stapler:json-lib:jar:2.4-jenkins-2:provided
[INFO] |  |  \- net.sf.ezmorph:ezmorph:jar:1.0.6:provided
[INFO] |  +- commons-httpclient:commons-httpclient:jar:3.1-jenkins-1:provided
[INFO] |  +- args4j:args4j:jar:2.0.31:provided
[INFO] |  +- org.jenkins-ci:annotation-indexer:jar:1.12:provided
[INFO] |  +- org.jenkins-ci:bytecode-compatibility-transformer:jar:1.8:provided
[INFO] |  |  \- org.kohsuke:asm5:jar:5.0.1:provided
[INFO] |  +- org.jenkins-ci:task-reactor:jar:1.4:provided
[INFO] |  +- org.jvnet.localizer:localizer:jar:1.24:provided
[INFO] |  +- antlr:antlr:jar:2.7.6:provided
[INFO] |  +- org.jvnet.hudson:xstream:jar:1.4.7-jenkins-1:provided
[INFO] |  +- jfree:jfreechart:jar:1.0.9:provided
[INFO] |  |  \- jfree:jcommon:jar:1.0.12:provided
[INFO] |  +- commons-lang:commons-lang:jar:2.6:provided
[INFO] |  +- commons-digester:commons-digester:jar:2.1:provided
[INFO] |  +- commons-beanutils:commons-beanutils:jar:1.8.3:provided
[INFO] |  +- org.apache.commons:commons-compress:jar:1.10:provided
[INFO] |  +- javax.mail:mail:jar:1.4.4:provided
[INFO] |  +- org.jvnet.hudson:activation:jar:1.1.1-hudson-1:provided
[INFO] |  +- jaxen:jaxen:jar:1.1-beta-11:provided
[INFO] |  +- commons-jelly:commons-jelly-tags-fmt:jar:1.0:provided
[INFO] |  +- commons-jelly:commons-jelly-tags-xml:jar:1.1:provided
[INFO] |  +- org.jvnet.hudson:commons-jelly-tags-define:jar:1.0.1-hudson-20071021:provided
[INFO] |  +- org.jenkins-ci:commons-jexl:jar:1.1-jenkins-20111212:provided
[INFO] |  +- org.acegisecurity:acegi-security:jar:1.0.7:provided
[INFO] |  |  +- org.springframework:spring-jdbc:jar:1.2.9:provided
[INFO] |  |  |  \- org.springframework:spring-dao:jar:1.2.9:provided
[INFO] |  |  +- oro:oro:jar:2.0.8:provided
[INFO] |  |  \- log4j:log4j:jar:1.2.17:provided
[INFO] |  +- org.codehaus.groovy:groovy-all:jar:2.4.11:provided
[INFO] |  +- jline:jline:jar:2.12:provided
[INFO] |  +- org.fusesource.jansi:jansi:jar:1.11:provided
[INFO] |  +- org.springframework:spring-webmvc:jar:2.5.6.SEC03:provided
[INFO] |  |  +- org.springframework:spring-beans:jar:2.5.6.SEC03:provided
[INFO] |  |  +- org.springframework:spring-context:jar:2.5.6.SEC03:provided
[INFO] |  |  +- org.springframework:spring-context-support:jar:2.5.6.SEC03:provided
[INFO] |  |  \- org.springframework:spring-web:jar:2.5.6.SEC03:provided
[INFO] |  +- org.springframework:spring-core:jar:2.5.6.SEC03:provided
[INFO] |  +- org.springframework:spring-aop:jar:2.5.6.SEC03:provided
[INFO] |  +- xpp3:xpp3:jar:1.1.4c:provided
[INFO] |  +- javax.servlet:jstl:jar:1.1.0:provided
[INFO] |  +- com.sun.xml.txw2:txw2:jar:20110809:provided
[INFO] |  |  +- javax.xml.stream:stax-api:jar:1.0-2:provided
[INFO] |  |  \- relaxngDatatype:relaxngDatatype:jar:20020414:provided
[INFO] |  +- commons-collections:commons-collections:jar:3.2.2:provided
[INFO] |  +- org.jvnet.winp:winp:jar:1.25:provided
[INFO] |  +- org.jenkins-ci:memory-monitor:jar:1.9:provided
[INFO] |  +- org.codehaus.woodstox:wstx-asl:jar:3.2.9:provided
[INFO] |  |  \- stax:stax-api:jar:1.0.1:provided
[INFO] |  +- org.jenkins-ci:jmdns:jar:3.4.0-jenkins-3:provided
[INFO] |  +- net.java.dev.jna:jna:jar:4.2.1:compile
[INFO] |  +- org.kohsuke:akuma:jar:1.10:provided
[INFO] |  +- org.kohsuke:libpam4j:jar:1.8:provided
[INFO] |  +- org.kohsuke:libzfs:jar:0.8:provided
[INFO] |  +- com.sun.solaris:embedded_su4j:jar:1.1:provided
[INFO] |  +- net.java.sezpoz:sezpoz:jar:1.12:provided
[INFO] |  +- org.kohsuke.jinterop:j-interop:jar:2.0.6-kohsuke-1:provided
[INFO] |  |  \- org.kohsuke.jinterop:j-interopdeps:jar:2.0.6-kohsuke-1:provided
[INFO] |  |     \- org.samba.jcifs:jcifs:jar:1.2.19:provided
[INFO] |  +- org.jvnet.robust-http-client:robust-http-client:jar:1.2:provided
[INFO] |  +- org.jenkins-ci:symbol-annotation:jar:1.1:provided
[INFO] |  +- commons-codec:commons-codec:jar:1.8:compile
[INFO] |  +- org.kohsuke:access-modifier-annotation:jar:1.11:provided
[INFO] |  +- commons-fileupload:commons-fileupload:jar:1.3.1-jenkins-2:provided
[INFO] |  +- com.google.guava:guava:jar:11.0.1:provided
[INFO] |  |  \- com.google.code.findbugs:jsr305:jar:1.3.9:compile
[INFO] |  \- com.jcraft:jzlib:jar:1.1.3-kohsuke-1:provided
[INFO] +- org.jenkins-ci.main:jenkins-war:executable-war:2.73.3:test
[INFO] |  +- org.jenkins-ci.modules:instance-identity:jar:2.1:test
[INFO] |  |  \- io.github.stephenc.crypto:self-signed-cert-generator:jar:1.0.0:test
[INFO] |  +- org.jenkins-ci.modules:ssh-cli-auth:jar:1.4:test
[INFO] |  +- org.jenkins-ci.modules:slave-installer:jar:1.5:test
[INFO] |  +- org.jenkins-ci.modules:windows-slave-installer:jar:1.9.1:test
[INFO] |  +- org.jenkins-ci.modules:launchd-slave-installer:jar:1.2:test
[INFO] |  +- org.jenkins-ci.modules:upstart-slave-installer:jar:1.1:test
[INFO] |  +- org.jenkins-ci.modules:systemd-slave-installer:jar:1.1:test
[INFO] |  +- org.jenkins-ci.modules:sshd:jar:2.0:test
[INFO] |  |  \- org.apache.sshd:sshd-core:jar:1.6.0:test
[INFO] |  +- org.jenkins-ci.ui:jquery-detached:jar:core-assets:1.2.1:test
[INFO] |  +- org.jenkins-ci.ui:bootstrap:jar:core-assets:1.3.2:test
[INFO] |  |  \- org.jenkins-ci.ui:jquery-detached:jar:1.2:test
[INFO] |  \- org.jenkins-ci.ui:handlebars:jar:core-assets:1.1.1:test
[INFO] +- org.jenkins-ci.main:jenkins-test-harness:jar:2.27:test
[INFO] |  +- org.eclipse.jetty:jetty-webapp:jar:9.4.5.v20170502:test
[INFO] |  |  +- org.eclipse.jetty:jetty-xml:jar:9.4.5.v20170502:test
[INFO] |  |  |  \- org.eclipse.jetty:jetty-util:jar:9.4.5.v20170502:test
[INFO] |  |  \- org.eclipse.jetty:jetty-servlet:jar:9.4.5.v20170502:test
[INFO] |  +- org.eclipse.jetty:jetty-security:jar:9.4.5.v20170502:test
[INFO] |  |  \- org.eclipse.jetty:jetty-server:jar:9.4.5.v20170502:test
[INFO] |  |     +- org.eclipse.jetty:jetty-http:jar:9.4.5.v20170502:test
[INFO] |  |     \- org.eclipse.jetty:jetty-io:jar:9.4.5.v20170502:test
[INFO] |  +- org.hamcrest:hamcrest-library:jar:1.3:test
[INFO] |  +- org.jenkins-ci.main:jenkins-test-harness-htmlunit:jar:2.18-1:test
[INFO] |  |  +- xalan:xalan:jar:2.7.2:test
[INFO] |  |  +- xalan:serializer:jar:2.7.2:test
[INFO] |  |  +- org.apache.commons:commons-lang3:jar:3.4:test
[INFO] |  |  +- xerces:xercesImpl:jar:2.11.0:test
[INFO] |  |  +- xml-apis:xml-apis:jar:1.4.01:test
[INFO] |  |  +- net.sourceforge.nekohtml:nekohtml:jar:1.9.22:test
[INFO] |  |  +- net.sourceforge.cssparser:cssparser:jar:0.9.16:test
[INFO] |  |  +- org.w3c.css:sac:jar:1.3:test
[INFO] |  |  +- org.eclipse.jetty.websocket:websocket-client:jar:9.2.12.v20150709:test
[INFO] |  |  +- org.eclipse.jetty.websocket:websocket-common:jar:9.2.12.v20150709:test
[INFO] |  |  \- org.eclipse.jetty.websocket:websocket-api:jar:9.2.12.v20150709:test
[INFO] |  +- org.jvnet.hudson:embedded-rhino-debugger:jar:1.2:test
[INFO] |  +- org.netbeans.modules:org-netbeans-insane:jar:RELEASE72:test
[INFO] |  \- com.github.stephenc.findbugs:findbugs-annotations:jar:1.3.9-1:compile
[INFO] +- org.jenkins-ci:test-annotations:jar:1.2:test
[INFO] +- junit:junit:jar:4.12:test
[INFO] +- org.slf4j:slf4j-api:jar:1.7.25:compile (optional) 
[INFO] +- org.slf4j:log4j-over-slf4j:jar:1.7.25:test
[INFO] \- org.slf4j:jcl-over-slf4j:jar:1.7.25:test

I do not disagree with the proposed PR, but it's rather a symptom than the root cause. Something is wrong with the dependency graph, and IMHO we need to resolve it before the next release of Maven Plugin. If there is a conflict between versions, require upper bounds check must fail.

@oleg-nenashev
Copy link
Member

@stephenc @aheritier ^^^ Do you know why it happens?

@jglick
Copy link
Member Author

jglick commented Nov 14, 2017

Well from master:

$ mvn dependency:tree | egrep 'org.apache.ant:ant|commons-io:commons-io'
[INFO] |  \- org.apache.ant:ant:jar:1.9.2:compile
[INFO] |     \- org.apache.ant:ant-launcher:jar:1.9.2:compile
[INFO] |  \- commons-io:commons-io:jar:2.5:compile

(with the deps coming from org.jenkins-ci.main.maven:maven-agent & org.apache.maven.wagon:wagon-ftp, resp.); and from this PR:

$ mvn dependency:tree | egrep 'org.apache.ant:ant|commons-io:commons-io'
[INFO] |  +- org.apache.ant:ant:jar:1.8.4:provided
[INFO] |  |  \- org.apache.ant:ant-launcher:jar:1.8.4:provided
[INFO] |  +- commons-io:commons-io:jar:2.4:provided

(with both deps coming from org.jenkins-ci.main:jenkins-core, a provided dependency).

There is nothing wrong with the dependency graph; this is just how Maven works. As noted in documentation:

provided
This is much like compile, but indicates you expect the JDK or a container to provide the dependency at runtime. For example, when building a web application for the Java Enterprise Edition, you would set the dependency on the Servlet API and related Java EE APIs to scope provided because the web container provides those classes. This scope is only available on the compilation and test classpath, and is not transitive. [emphasis mine]

Now could plugin-pom include jenkins-core as a compile-scoped dependency instead? That would allow requireUpperBoundDeps to do its job better. Whether it would have any ill effects in maven-hpi-plugin, I am unsure.

@jglick
commons-codec also should be excluded; core asks for 1.8 but org.jenk…
589351d 
…ins-ci.plugins:apache-httpcomponents-client-4-api:4.5.3-1.0 incorrectly requests 1.9.
@stephenc
Copy link
Member

If provided scope is in force, then that will not be transitive... except for version range constraints (and since nobody actually uses version ranges the version range constraints is probably not even tested by maven integration tests so may not actually work)

@jglick
Copy link
Member Author

jglick commented Nov 14, 2017

Anyway, my summary would be:

  • This PR fixes a problem in maven-plugin’s dependency tree.
  • A change to plugin-pom might make this class of problem more apparent in the future (by producing requireUpperBoundDeps failures in the faulty plugin itself, not just downstream plugins), at some risk of unexpected behavioral changes.

oleg-nenashev
oleg-nenashev approved these changes Nov 16, 2017
View reviewed changes
Copy link
Member

@oleg-nenashev oleg-nenashev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🐝

@oleg-nenashev
Copy link
Member

@reviewbybees done

@jglick
Copy link
Member Author

jglick commented Nov 27, 2017

A change to plugin-pom might make this class of problem more apparent in the future (by producing requireUpperBoundDeps failures in the faulty plugin itself, not just downstream plugins)

I tried prototyping this, using a (direct) dep on commons-io:commons-io as an example. Unfortunately it did not work:

  • For 2.5, regardless of whether jenkins-core was provided or compile scope, requireUpperBoundDeps was happy. The problem that led me to this was a plugin depending on maven-plugin:3.0, whereby the commons-io dep was picked up from jenkins-core, hence the error.
  • For 2.3, again regardless of scope, requireUpperBoundDeps complains—so changing the scope is unnecessary.

What we want in this case is a way to enforce that a plugin’s dep on commons-io should go through jenkins-core in its trail, but this seems like it would require a new rule. (A plugin using pluginFirstClassLoader and intending to use its own copy would need to either suppress the rule, or exclude the commons-io dep coming from core.)

@oleg-nenashev oleg-nenashev merged commit 3817c48 into jenkinsci:master Jan 5, 2018
@jglick jglick mentioned this pull request Jan 5, 2018
Merged
@jglick jglick deleted the exclusions branch January 5, 2018 17:54
oleg-nenashev added a commit to oleg-nenashev/maven-plugin that referenced this pull request Jan 23, 2018
@oleg-nenashev
Update to Apache HttpComponents Client API 4.5.3-2.1
a4792ed 
It is a follow-up to jenkinsci#105
@oleg-nenashev oleg-nenashev mentioned this pull request Jan 23, 2018
Merged
@jglick jglick mentioned this pull request Jan 23, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oleg-nenashev oleg-nenashev oleg-nenashev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jglick @oleg-nenashev @stephenc