Maven執行者和wilcard依賴排除

Question

我正在使用Maven執行者插件來檢查依賴性收斂。鑑於此（做作）例如：

project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> 
    <modelVersion>4.0.0</modelVersion> 
    <groupId>warren</groupId> 
    <artifactId>warren</artifactId> 
    <packaging>war</packaging> 
    <version>1.0-SNAPSHOT</version> 
    <name>warren Maven Webapp</name> 
    <url>http://maven.apache.org</url> 
    <dependencies> 
    <dependency> 
     <groupId>junit</groupId> 
     <artifactId>junit</artifactId> 
     <version>3.8.1</version> 
     <scope>test</scope> 
    </dependency> 
    <dependency> 
     <groupId>net.sf.jtidy</groupId> 
     <artifactId>jtidy</artifactId> 
     <version>r938</version> 
    </dependency> 
    <dependency> 
     <groupId>org.apache.maven.plugin-tools</groupId> 
     <artifactId>maven-plugin-tools-api</artifactId> 
     <version>2.5.1</version> 
    </dependency> 
    </dependencies> 
    <build> 
    <finalName>warren</finalName> 

    <!-- The Maven Enforcer --> 
    <plugins> 
    <plugin> 
     <groupId>org.apache.maven.plugins</groupId> 
     <artifactId>maven-enforcer-plugin</artifactId> 
     <version>1.4</version> 
     <dependencies> 
     <dependency> 
      <groupId>org.codehaus.mojo</groupId> 
      <artifactId>extra-enforcer-rules</artifactId> 
      <version>1.0-beta-2</version> 
     </dependency> 
     </dependencies> 
     <executions> 
     <!-- ******************************************************* --> 
     <!-- Ensure that certain really important things are checked --> 
     <!-- and fail the build if any of these are violated   --> 
     <!-- ****************************************************** --> 
     <execution> 
      <id>enforce-important-stuff</id> 
      <goals> 
      <goal>enforce</goal> 
      </goals> 
      <phase>validate</phase> 
      <configuration> 
      <rules> 
       <requireMavenVersion> 
       <version>3.2.1</version> 
       </requireMavenVersion> 
       <requireJavaVersion> 
       <version>1.7</version> 
       </requireJavaVersion> 
       <DependencyConvergence /> 
       <bannedDependencies> 
       <searchTransitive>true</searchTransitive> 
       <excludes> 
        <!-- Should be javax.servlet:javax.servlet-api:3.0.1 --> 
        <exclude>javax.servlet:servlet-api:2.*</exclude> 
        <!-- Should be org.springframework:3.2.* . Note this is 
         for the core spring framework. Others such as 
         WS etc may be different, but the convergence to the underlying 
         core Spring framework should be the same --> 
        <exclude>org.springframework:2.*</exclude> 
        <exclude>org.springframework:3.0.*</exclude> 
        <exclude>org.springframework:3.1.*</exclude>&gt; 
        <!-- Should be slf4j 1.7.5 with logback and 
         bridges to JCL, JUL and log4j (this means these 
         individual libraries should not be included as the 
         "bridges" implement the API and redirect to the 
         underlying SLF4j impl --> 
        <exclude>log4j:log4j</exclude> 
        <exclude>commons-logging</exclude> 
        <exclude>org.slf4j:1.5*</exclude> 
        <exclude>org.slf4j:1.6*</exclude> 
       </excludes> 
       </bannedDependencies> 
      </rules> 
      <failFast>true</failFast> 
      </configuration> 
     </execution> 
     <execution> 
      <id>warn-about-stuff-which-may-cause-problems</id> 
      <goals> 
      <goal>enforce</goal> 
      </goals> 
      <phase>validate</phase> 
      <configuration> 
      <rules> 
       <banDuplicateClasses> 
       <ignoreClasses> 

       </ignoreClasses> 
       <findAllDuplicates>true</findAllDuplicates> 
       </banDuplicateClasses> 
      </rules> 
      <fail>false</fail> 
      </configuration> 
     </execution> 
     </executions> 
    </plugin> 
    </plugins> 
    </build> 
</project> 

我得到這樣的輸出：

[ERROR] +-warren:warren:1.0-SNAPSHOT 
[ERROR] +-org.apache.maven.plugin-tools:maven-plugin-tools-api:2.5.1 
[ERROR] +-org.codehaus.plexus:plexus-utils:1.5.6 
[ERROR] and 
[ERROR] +-warren:warren:1.0-SNAPSHOT 
[ERROR] +-org.apache.maven.plugin-tools:maven-plugin-tools-api:2.5.1 
[ERROR] +-org.codehaus.plexus:plexus-container-default:1.0-alpha-9-stable-1 
[ERROR] +-org.codehaus.plexus:plexus-utils:1.0.4 

所以，我天真地以爲我可以改變我的聚甲醛使用通配符排除以避免此問題，即：

<dependency> 
    <groupId>net.sf.jtidy</groupId> 
    <artifactId>jtidy</artifactId> 
    <version>r938</version> 
</dependency> 
<dependency> 
    <groupId>org.apache.maven.plugin-tools</groupId> 
    <artifactId>maven-plugin-tools-api</artifactId> 
    <version>2.5.1</version> 
    <exclusions> 
    <exclusion> 
     <groupId>*</groupId> 
     <artifactId>*</artifactId> 
    </exclusion> 
    </exclusions> 
</dependency> 

但Maven忽略通配符，我得到相同的錯誤。修正錯誤的唯一方法是明確地將工件ID放在組&中。

<exclusions> 
    <exclusion> 
     <groupId>org.codehaus.plexus</groupId> 
     <artifactId>plexus-utils</artifactId> 
    </exclusion> 
    </exclusions> 

在這種情況下可以使用通配符排除嗎？注意我已經嘗試使用maven 3.0.5,3.2.1和3.3.3，但沒有運氣！

非常感謝

Answer 1

使用通配符排除時，有一個懸而未決的問題進行dependencyConvergence：https://issues.apache.org/jira/browse/MENFORCER-195。

沒有跡象表明我們什麼時候能夠獲得修復或最近的任何活動（或在問題https://issues.apache.org/jira/browse/MSHARED-339上）。我用maven-enforcer-plugin 1.4.1打了它。