[MENFORCER-435] Get rid of maven-dependency-tree dependency - ASF JIRA

XML

Word

Printable

JSON

As the m-enforcer-p depends on Maven 3.2.5 (since ~~MENFORCER-419~~) all dependency resolutions should be done with Aether API directly instead of leveraging https://maven.apache.org/shared/maven-dependency-tree/. At the same time the error message should print the full path to the affected dependency instead of forcing users to use a dedicated call of mvn dependency:tree to locate the dependency (https://github.com/apache/maven-enforcer/blob/a06b47ba079b342d69a49d3cbad0fb546000f734/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/AbstractBanDependencies.java#L111)

is depended upon by

MRESOLVER-277 --no-snapshot-update option does not prevent metadata.xml download

relates to

MENFORCER-407 Enforcer 3.0.0 breaks with Maven 3.8.4

MENFORCER-434 Version 3.1.0 is not enforcing bannedDependencies rules

MENFORCER-437 DependencyConvergence treats provided dependencies are runtime dependencies

MENFORCER-400 DependencyConvergence - poor error message

MENFORCER-419 Upgrade Maven to 3.2.5

links to

GitHub Pull Request #198

(1 relates to, 3 links to)