[#8541] - Dependency problems in net.sf.jasperreports:jasperreports:6.3.0

Category:
Bug report
Priority:
Normal
Status:
Resolved
Project: Severity:
Minor
Resolution:
Won't Fix
Component: Reproducibility:
Always
Assigned to:
0

Hi,
there are a couple of problems with the dependencies in the net.sf.jasperreports:jasperreports:6.3.0 pom.xml:

[WARNING]
Dependency convergence error for commons-beanutils:commons-beanutils:1.9.0 paths to dependency are:
+-XXXX
+-net.sf.jasperreports:jasperreports:6.3.0
+-commons-beanutils:commons-beanutils:1.9.0
and
+-XXXX
+-net.sf.jasperreports:jasperreports:6.3.0
+-commons-digester:commons-digester:2.1
+-commons-beanutils:commons-beanutils:1.8.3

[WARNING]
Dependency convergence error for commons-collections:commons-collections:3.2.1 paths to dependency are:
+-XXXX
+-net.sf.jasperreports:jasperreports:6.3.0
+-commons-beanutils:commons-beanutils:1.9.0
+-commons-collections:commons-collections:3.2.1
and
+-XXXX
+-net.sf.jasperreports:jasperreports:6.3.0
+-commons-collections:commons-collections:3.2.2
and
+-XXXX
+-net.sf.jasperreports:jasperreports:6.3.0
+-org.codehaus.castor:castor-xml:1.3.3
+-commons-collections:commons-collections:3.2.1

Steps to reproduce:

1. Include dependency

<dependency>
<groupId>net.sf.jasperreports</groupId>
<artifactId>jasperreports</artifactId>
<version>6.3.0</version>
</dependency>

2. Include Maven Enforcer plugin in build:

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.4</version>
<executions>
<execution>
<id>enforce-versions</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<dependencyConvergence/>
</rules>
<fail>true</fail>
</configuration>
</execution>
</executions>
</plugin>

Best regards

PS: Your bug tracker is funny, I can create closed tickets. :)

v6.3.0
n.fechner's picture
Joined: Sep 22 2016 - 4:55am
Last seen: 2 weeks 3 days ago

8 Comments:

#1

Why on earth does your bugtracker kill line formatting?

#2

try 6.3.1

#3

Same result.

#4
  • Status:New» Feedback Requested
  • Assigned:nobody» teodord

Hi,

What do you think would be an appropriate solution for this problem? I never used this Maven plugin and I'm not sure what it does and why its warnings matter.

Thanks,
Teodor

#5

Hi,
in theory, the plugin is used to prevent your project from referencing different versions of the same artifact (even transitively), so that you don't end up with Java's version of DLL-hell. In case of Jasper, the plugin throws warnings for it on it's own, as different parts of the library depend on different versions of the same libs (see messages above).
The best solution would be to unify those versions to a common standard. Usually, that is managed by defining a dependencyManagement block in the root or parent pom.xml. (In this case for commons-collections and commons-beanutils.)

Best regards,
Nicholas

#6

Hi,

I probably don't get this right. Is there an actual problem with the dependencies that our pom.xml brings, even transiently?
I read about the dependencyManagement block in the Maven documentation and it seems to be related to projects having parent artifacts and sharing dependencies. Not sure if it is the case with JasperReports library at the moment.

Thanks,
Teodor

#7

Sorry,
I haven't used JP in a long time. This ticket is more than three years old...

If you don't have a common parent pom, it at least explains the broken dependencies. In general: This doesn't have to break anything unless the wrong library version is picked by Maven.

It's still bad practice, though.

Nicholas

#8
  • Resolution:Open» Won't Fix
  • Status:Feedback Requested» Resolved

Hi,

If solving this means adding to our pom.xml the exact version for every possible transient dependency we might get, even if marked as optional, then I'm afraid we are just not going to do it. I prefer to keep the pom.xml minimal, especially since we are not facing an actual error here, as far as I can tell.

Thank you,
Teodor

Feedback
randomness