Version 2.0.7 includes conflicting dependency versions

[mabrcosta]

Hello,

First of all thank you for your hard work and providing the library, it has been quite useful.

Version 2.0.7 includes some dependency updates, which introduced conflicting versions of it's dependencies

07:33:01  [ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.4.1:enforce (enforce) on project project-name: 
07:33:01  [ERROR] Rule 0: org.apache.maven.enforcer.rules.dependency.DependencyConvergence failed with message:
07:33:01  [ERROR] Failed while enforcing releasability.
07:33:01  [ERROR] 
07:33:01  [ERROR] Dependency convergence error for commons-io:commons-io:jar:2.15.1 paths to dependency are:
07:33:01  [ERROR] +-project-name:jar:1.0-SNAPSHOT
07:33:01  [ERROR]   +-io.zonky.test:embedded-postgres:jar:2.0.7:compile
07:33:01  [ERROR]     +-org.apache.commons:commons-compress:jar:1.26.0:compile
07:33:01  [ERROR]       +-commons-io:commons-io:jar:2.15.1:compile
07:33:01  [ERROR] and
07:33:01  [ERROR] +-project-name:jar:1.0-SNAPSHOT
07:33:01  [ERROR]   +-io.zonky.test:embedded-postgres:jar:2.0.7:compile
07:33:01  [ERROR]     +-commons-io:commons-io:jar:2.11.0:compile
07:33:01  [ERROR] 
07:33:01  [ERROR] 
07:33:01  [ERROR] Dependency convergence error for org.apache.commons:commons-lang3:jar:3.12.0 paths to dependency are:
07:33:01  [ERROR] +-project-name:jar:1.0-SNAPSHOT
07:33:01  [ERROR]   +-io.zonky.test:embedded-postgres:jar:2.0.7:compile
07:33:01  [ERROR]     +-org.apache.commons:commons-lang3:jar:3.12.0:compile
07:33:01  [ERROR] and
07:33:01  [ERROR] +-project-name:jar:1.0-SNAPSHOT
07:33:01  [ERROR]   +-io.zonky.test:embedded-postgres:jar:2.0.7:compile
07:33:01  [ERROR]     +-org.apache.commons:commons-compress:jar:1.26.0:compile
07:33:01  [ERROR]       +-org.apache.commons:commons-lang3:jar:3.14.0:compile
07:33:01  [ERROR] 

This can obviously be worked around on the project's level but would be desirable for the library to have convergence within its dependencies.

To avoid such cases going undetected in the future I would also suggest introducing maven-enforcer-plugin into the project.

[tomix26]

Hi @mabrcosta, thanks for the report and for the suggestion to use the maven-enforcer-plugin plugin. I will definitely consider it.

Just to be sure, the error above is showing up because you have some extra rules set up to check dependency versions during the build in your project, right?

[mabrcosta]

Hi @tomix26 . Sorry for the late reply.

Yes, the presented logs are the build output of a project, configured with maven-enforcer-plugin using the rule dependencyConvergence, while using the library.

[Crystark]

Hi,

Adding up on this, I'm having issues with the commons-io and commons-compress dependencies since version 2.0.7.
I have a 3rd dependency, fastexcel-reader, that depends on commons-compress 1.26.1 which itself depends on commons-io 2.15.1

In version 2.0.6

embedded-postgres 2.0.6 forces commons-compress 1.21 which works fine with commons-io 2.11 and is accepted by fastexcel-reader so everything was OK even though the versions were downgraded.

In version 2.0.7

I get the following error when trying to work with fastexcel-reader:

java.lang.NoClassDefFoundError: org/apache/commons/io/build/AbstractStreamBuilder
	at org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:858)

That's because embedded-postgres 2.0.7 pulls commons-compress 1.26.0 which in turns requires commons-io 2.15.1. However, embedded-postgres 2.0.7 also forces commons-io 2.11 and this leads to the above exception as AbstractStreamBuilder is in 2.15, not 2.11. The image bellow shows the issue.

[reneleonhardt]

@mabrcosta Can you please recheck after a new release has been made with all the latest updates?

[lapsus63]

Adding an exclusion fixed the issue for me ; I'm using 2.0.7.
The conflict was between the commons-io:commons-io:jar:2.11.0:compile from zonky and commons-io:commons-io:jar:2.16.1:compile from another dependency.

<exclusions> <exclusion> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> </exclusion> </exclusions>