You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Karl Heinz Marbaise (JIRA)" <ji...@apache.org> on 2015/12/16 10:39:46 UTC
[jira] [Updated] (MENFORCER-243) Create rule to check versions of
dependencies
[ https://issues.apache.org/jira/browse/MENFORCER-243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Karl Heinz Marbaise updated MENFORCER-243:
------------------------------------------
Description:
Create an enforcer rule which checks if dependencies have been given using versions or not.
Best practice is to define all dependencies via dependencyManagement block and only use those dependencies but don't override the versions. This should be checked by this enforcer rule.
{code:xml}
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
<version>6.8.1</version>
</dependency>
..
</dependencies>
{code}
Now we can use the above dependency:
The following should not be disallowed by the enforcer rule, cause the parent can't control the version of the dependency.
{code:xml}
<dependencies>
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
<version>6.8.1</version>
</dependency>
..
</dependencies>
{code}
The following is allowed:
{code:xml}
<dependencies>
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
<scope>test</scope>
</dependency>
..
</dependencies>
{code}
Furthermore we could make a supplemental enhancement here to force usage of the {{scope}} only at the usage are not in dependencyManagement.
was:
Create an enforcer rule which checks if dependencies have been given using versions or not.
Best practice to define all dependencies via dependencyManagement block and only use those dependencies but don't override the versions. This should be checked by this enforcer rule.
> Create rule to check versions of dependencies
> ---------------------------------------------
>
> Key: MENFORCER-243
> URL: https://issues.apache.org/jira/browse/MENFORCER-243
> Project: Maven Enforcer Plugin
> Issue Type: Improvement
> Reporter: Karl Heinz Marbaise
> Priority: Minor
>
> Create an enforcer rule which checks if dependencies have been given using versions or not.
> Best practice is to define all dependencies via dependencyManagement block and only use those dependencies but don't override the versions. This should be checked by this enforcer rule.
> {code:xml}
> <dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>org.testng</groupId>
> <artifactId>testng</artifactId>
> <version>6.8.1</version>
> </dependency>
> ..
> </dependencies>
> {code}
> Now we can use the above dependency:
> The following should not be disallowed by the enforcer rule, cause the parent can't control the version of the dependency.
> {code:xml}
> <dependencies>
> <dependency>
> <groupId>org.testng</groupId>
> <artifactId>testng</artifactId>
> <version>6.8.1</version>
> </dependency>
> ..
> </dependencies>
> {code}
> The following is allowed:
> {code:xml}
> <dependencies>
> <dependency>
> <groupId>org.testng</groupId>
> <artifactId>testng</artifactId>
> <scope>test</scope>
> </dependency>
> ..
> </dependencies>
> {code}
> Furthermore we could make a supplemental enhancement here to force usage of the {{scope}} only at the usage are not in dependencyManagement.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)