search

basepom / dependency-versions-check-maven-plugin

Maven plugin to find dependency version conflicts
https://basepom.github.io/
Apache License 2.0
4 stars 3 forks source link

optional scope can't be ignored #4

Open mikebell90 opened 1 year ago

mikebell90 commented 1 year ago

Opensearch-java has one of those open ended dependencies

<dependency>
      <groupId>software.amazon.awssdk</groupId>
      <artifactId>sdk-core</artifactId>
      <version>[2.15,3.0)</version>
      <scope>compile</scope>
      <optional>true</optional>
    </dependency>
    <dependency>
      <groupId>software.amazon.awssdk</groupId>
      <artifactId>auth</artifactId>
      <version>[2.15,3.0)</version>
      <scope>compile</scope>
      <optional>true</optional>
    </dependency>

This triggers loading ALL the versions. Even an exclusion in dependencyManagement like

<dependency>
              <groupId>org.opensearch.client</groupId>
              <artifactId>opensearch-java</artifactId>
              <version>2.4.0</version>
              <!-- because the aws guys use an open range, you need to exclude this and optionally redeclare -->
              <exclusions>
                  <exclusion>
                      <groupId>software.amazon.awssdk</groupId>
                      <artifactId>sdk-core</artifactId>
                  </exclusion>
                  <exclusion>
                      <groupId>software.amazon.awssdk</groupId>
                      <artifactId>auth</artifactId>
                  </exclusion>
              </exclusions>
            </dependency>

doesn't work