+1 for enforcing the latest version.
thanks Yoann and Fabio
On Fri, 21 Feb 2020 at 11:24, Yoann Rodiere <yoann(a)hibernate.org> wrote:
Just to warn you there are bugs in Maven 3.6.1 and below impacting the
resolution of transitive dependencies when your direct dependencies rely on
exclusions or dependency management.
In practice, I don't think it's very dangerous, as Maven has algorithms
that resolve conflicting dependencies whenever they arise. Not great to
rely on these, but they work most of the time.
However, it's bound to cause some headaches, as I recently discovered
thanks to Fabio: the maven-enforcer-plugin was (wrongly) detecting a
dependency convergence issue with Maven 3.6.1 and below, just because the
dependency management of one of our dependencies was being ignored.
So there is no rush, but for your own good, I recommend that you upgrade
your machine and CI jobs to Maven 3.6.3, and maybe even set the minimum
required version of Maven to 3.6.2 (the first version that fixes the bug)
in your POM.
The CI already uses Maven 3.6.3 by default for all jobs configured with
Maven 3.6. Jobs configured with Maven 3.5 or below will be affected by the
hibernate-dev mailing list