You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Zhenlei Huang (Jira)" <ji...@apache.org> on 2020/10/29 04:19:00 UTC
[jira] [Comment Edited] (MENFORCER-360) requireUpperBoundDeps
should have option to check for same major version
[ https://issues.apache.org/jira/browse/MENFORCER-360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17222698#comment-17222698 ]
Zhenlei Huang edited comment on MENFORCER-360 at 10/29/20, 4:18 AM:
--------------------------------------------------------------------
More precisely, for a project that follows semantic versioning having dependency on groupId:artifactId, the conflict matrix should be as following,
||R \ T||1.0.0||1.0.1||1.1.0||2.0.0||
|1.0.0|{color:green}OK{color}|{color:green}OK{color}|{color:red}Breaking{color}|{color:red}Breaking{color}|
|1.0.1|{color:green}OK{color}|{color:green}OK{color}|{color:red}Breaking{color}|{color:red}Breaking{color}|
|1.1.0|{color:red}Breaking{color}|{color:red}Breaking{color}|{color:green}OK{color}|{color:red}Breaking{color}|
|2.0.0|{color:red}Breaking{color}|{color:red}Breaking{color}|{color:red}Breaking{color}|{color:green}OK{color}|
R is short for resolved version, and T for transitive dependency version.
Current implementation https://github.com/apache/maven-enforcer/blob/2babf83f8cb03b8565fa48fe429dbdd8f9fccee4/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/RequireUpperBoundDeps.java#L342 compares version only and does not consider major version incompatible, say resolved version is 1.0.0 and transitive dependency version is 2.0.0 .
[~guyv] If the above is exactly what you desired, then I would suggest introducing some boolean flag like *enforceSemVer* :)
was (Author: gmshake):
More precisely, for a project that follows semantic versioning having dependency on groupId:artifactId, the conflict matrix should be as following,
||R \ T||1.0.0||1.0.1||1.1.0||2.0.0||
|1.0.0|{color:#008000}OK{color}|{color:#008000}OK{color}|{color:#008000}OK{color}|{color:#FF0000}Breaking{color}|
|1.0.1|{color:#008000}OK{color}|{color:#008000}OK{color}|{color:#FF0000}Breaking{color}|{color:#FF0000}Breaking{color}|
|1.1.0|{color:#FF0000}Breaking{color}|{color:#FF0000}Breaking{color}|{color:#008000}OK{color}|{color:#FF0000}Breaking{color}|
|2.0.0|{color:#FF0000}Breaking{color}|{color:#FF0000}Breaking{color}|{color:#FF0000}Breaking{color}|{color:#008000}OK{color}|
R is short for resolved version, and T for transitive dependency version.
Current implementation https://github.com/apache/maven-enforcer/blob/2babf83f8cb03b8565fa48fe429dbdd8f9fccee4/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/RequireUpperBoundDeps.java#L342 compares version only and does not consider major version incompatible, say resolved version is 1.0.0 and transitive dependency version is 2.0.0 .
[~guyv] If the above is exactly what you desired, then I would suggest introducing some boolean flag like *enforceSemVer* :)
> requireUpperBoundDeps should have option to check for same major version
> ------------------------------------------------------------------------
>
> Key: MENFORCER-360
> URL: https://issues.apache.org/jira/browse/MENFORCER-360
> Project: Maven Enforcer Plugin
> Issue Type: New Feature
> Components: Standard Rules
> Affects Versions: 3.0.0-M3
> Reporter: Guy Veraghtert
> Priority: Major
>
> In our project we use semantic versioning for our dependencies ([https://semver.org/|https://semver.org/).])
> The requireUpperBoundDeps rule already checks for compatible versions, but we would like to have the option to specify that no major (i.e. breaking) versions are mixed.
> So a (transitive) dependency on groupId:artifactId:1.0.0 and on groupId:artifactId:2.0.0 means that we have a conflict.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)