You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Robert Scholte (JIRA)" <ji...@codehaus.org> on 2013/05/02 23:17:53 UTC
[jira] (MDEP-317) dependency:analyze* goals could check for invalid
excludes
[ https://jira.codehaus.org/browse/MDEP-317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Scholte updated MDEP-317:
--------------------------------
Description:
Say you depend on the foo jar and would like to exclude the servlet-api. For example:
{code:xml}
<dependency>
<groupId>com.foo</groupId>
<artifactId>foo</artifactId>
<version>1</version>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>
{code}
Later the foo jar switches to using the geronimo version of the servlet spec. You upgrade to using the new foo jar and your exclusion of the {{javax.servlet:servlet-api}} is no longer valid. It would be nice if the dependency:analyze* goals could list all the exclusions that are not valid.
This type of thing happens for various reasons like:
* dependency switched to the "same" dependency but with a different groupId - technically these are different deps according to maven
* dependency changed minimum java language version where some apis are now included in the java runtime
* dependency switched to a new implementation of the same library
* dependency no longer uses a dependency
Without this kind of reporting it is very easy for an unwanted dependency slip in unnoticed.
was:
Say you depend on the foo jar and would like to exclude the servlet-api. For example:
<dependency>
<groupId>com.foo</groupId>
<artifactId>foo</artifactId>
<version>1</version>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>
Later the foo jar switches to using the geronimo version of the servlet spec. You upgrade to using the new foo jar and your exclusion of the javax.servlet:servlet-api is no longer valid. It would be nice if the dependency:analyze* goals could list all the exclusions that are not valid.
This type of thing happens for various reasons like:
* dependency switched to the "same" dependency but with a different groupId - technically these are different deps according to maven
* dependency changed minimum java language version where some apis are now included in the java runtime
* dependency switched to a new implementation of the same library
* dependency no longer uses a dependency
Without this kind of reporting it is very easy for an unwanted dependency slip in unnoticed.
> dependency:analyze* goals could check for invalid excludes
> ----------------------------------------------------------
>
> Key: MDEP-317
> URL: https://jira.codehaus.org/browse/MDEP-317
> Project: Maven 2.x Dependency Plugin
> Issue Type: Improvement
> Components: analyze
> Affects Versions: 2.2
> Reporter: Travis
>
> Say you depend on the foo jar and would like to exclude the servlet-api. For example:
> {code:xml}
> <dependency>
> <groupId>com.foo</groupId>
> <artifactId>foo</artifactId>
> <version>1</version>
> <exclusions>
> <exclusion>
> <groupId>javax.servlet</groupId>
> <artifactId>servlet-api</artifactId>
> </exclusion>
> </exclusions>
> </dependency>
> {code}
> Later the foo jar switches to using the geronimo version of the servlet spec. You upgrade to using the new foo jar and your exclusion of the {{javax.servlet:servlet-api}} is no longer valid. It would be nice if the dependency:analyze* goals could list all the exclusions that are not valid.
> This type of thing happens for various reasons like:
> * dependency switched to the "same" dependency but with a different groupId - technically these are different deps according to maven
> * dependency changed minimum java language version where some apis are now included in the java runtime
> * dependency switched to a new implementation of the same library
> * dependency no longer uses a dependency
> Without this kind of reporting it is very easy for an unwanted dependency slip in unnoticed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira