zalando/logbook

Dependency convergence error: org.apiguardian:apiguardian-api

Opened this issue · 0 comments

commonquail commented

Logbook 3.9.0 suffers a dependency convergence error with org.apiguardian:apiguardian-api 1.1.1 and 1.1.2, causing difficulties with usage in Maven projects that enable that Enforcer rule.

Description

Since #1082, every Logbook artifact pulls in org.apiguardian:apiguardian-api:1.1.2. They also pull in org.zalando:faux-pas:0.9.0, which uses org.apiguardian:apiguardian-api:1.1.1, all of them in compile scope. Any Maven project that enables the Enforcer plugin's <dependencyConvergence/> rule will be prevented from building until org.apiguardian:apiguardian-api is transitively excluded and defined locally.

Possible Fix

  • Bump org.apiguardian:apiguardian-api in faux-pas, then bump faux-pas.
  • Revert #1082.
  • Exclude org.apiguardian:apiguardian-api from the faux-pas dependency declaration.
  • Mark org.apiguardian:apiguardian-api optional.
    • This is not addressed by the upstream project, but this really looks like the type of dependency that has no business being pulled into transitive compile scope by default. It contributes nothing to a downstream consumer at compile time.
    • I have not verified that this particular suggestion suffices.