You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Niklas Matthies (JIRA)" <ji...@apache.org> on 2018/12/03 19:31:00 UTC
[jira] [Comment Edited] (MENFORCER-276) Allow ignoring dependency
scopes in RequireUpperBoundDeps
[ https://issues.apache.org/jira/browse/MENFORCER-276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16707684#comment-16707684 ]
Niklas Matthies edited comment on MENFORCER-276 at 12/3/18 7:30 PM:
--------------------------------------------------------------------
[~jglick@netbeans.org], consider a dependency tree like the following:
{{ A}}
{{ |– B (compile)}}
| \– E
{{ | \– G:1.0}}
{{ |– C (compile)}}
{{ | \– F}}
{{ | \– H}}
{{ | \– G:1.1}}
{{ \– D (test)}}
{{ \– G:1.2 (test)}}
When building A, G:1.2 will be selected by Maven because it is closest to A. However a downstream project depending on A will get G.1.0 because it doesn't consider A's test dependencies. In that sense, the test dependency D hides the RequireUpperBoundDeps violation via B and C in compile scope.
While downstream modules can also use RequireUpperBoundDeps to detect such cases, and can work around them via DependencyManagement, it would be nice to be able to already detect this when building A.
was (Author: matthies):
[~jglick@netbeans.org], consider a dependency tree like the following:
{{ A}}
{{ |– B (compile)}}
{{ | \– E
{{ | \– G:1.0}}{{
}}{{ |– C (compile)}}
{{}}{{ | \– F}}
{{}}{{}}{{ | \– H}}
{{}}{{}}{{}}{{ | \– G:1.1}}
{{ \– D (test)}}
{{ \– G:1.2 (test)}}}}
When building A, G:1.2 will be selected by Maven because it is closest to A. However a downstream project depending on A will get G.1.0 because it doesn't consider A's test dependencies. In that sense, the test dependency D hides the RequireUpperBoundDeps violation via B and C in compile scope.
While downstream modules can also use RequireUpperBoundDeps to detect such cases, and can work around them via DependencyManagement, it would be nice to be able to already detect this when building A.
> Allow ignoring dependency scopes in RequireUpperBoundDeps
> ---------------------------------------------------------
>
> Key: MENFORCER-276
> URL: https://issues.apache.org/jira/browse/MENFORCER-276
> Project: Maven Enforcer Plugin
> Issue Type: New Feature
> Reporter: Oleg Nenashev
> Priority: Major
>
> We have recently adopted RequireUpperBoundDeps in the Jenkins project (https://github.com/jenkinsci/plugin-pom/pull/67). In order to implement it, [~jglick@netbeans.org] added a support of ignoring particular dependencies in MENFORCER-273.
> Sometimes we declare dependencies between plugins for testing purposes (scope=test), and in such case RequireUpperBoundDeps fails the build if there is a test dependency conflicting with the main code. Although it may cause instability of tests (including false positive results), it does not really impact the distributable package in our case.
> I propose to add another option for filtering of dependency scopes.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)