You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Robert Scholte (JIRA)" <ji...@codehaus.org> on 2013/06/09 18:43:03 UTC
[jira] (MENFORCER-146) requireUpperBoundDeps inneffective when
DependencyManagement is used
[ https://jira.codehaus.org/browse/MENFORCER-146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=326423#comment-326423 ]
Robert Scholte commented on MENFORCER-146:
------------------------------------------
After re-reading this issue I think you misunderstood the usage {{dependencyManagement}}.
When using {{dependencyManagement}} you don't have to specify the version for a {{dependency}}, but if you do the version of the {{dependencyManagement}} will be overruled.
So your second block should look like this:
{noformat}
A
+- B
| \-X *(1.1) (explicit set to 1.1, was 2.1 through dependencyManagement)*
+- C
\-X (2.1)
{noformat}
So I'm not sure if the adjustment of the rule is still required.
> requireUpperBoundDeps inneffective when DependencyManagement is used
> --------------------------------------------------------------------
>
> Key: MENFORCER-146
> URL: https://jira.codehaus.org/browse/MENFORCER-146
> Project: Maven 2.x Enforcer Plugin
> Issue Type: Bug
> Reporter: Ben Noland
> Attachments: RequireUpperBoundDepsVisitor.diff
>
>
> Consider the following dependency tree:
> {noformat}
> A
> +- B
> | \-X (1.1)
> +- C
> \-X (2.1)
> {noformat}
> I can use the requireUpperBoundDeps to find these types of issues (I want to use D 2.1 rather than 1.1).
> To fix the issue I use dependencyManagement to set the version of X to 2.1.
> As I understand it, using dependencyManagement effectively changes the tree to look like this:
> {noformat}
> A
> +- B
> | \-X (2.1) (really 1.1, but managed to 2.1)
> +- C
> \-X (2.1)
> {noformat}
> Now, if B is upgraded to depend on X 2.5, I will never know:
> {noformat}
> A
> +- B
> | \-X (2.1) (really 2.5, but managed to 2.1, I want to know about this!!)
> +- C
> \-X (2.1)
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira