You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Karl Heinz Marbaise (Jira)" <ji...@apache.org> on 2021/09/19 13:43:00 UTC
[jira] [Comment Edited] (MNG-7238) Dependency deprecation
indicators
[ https://issues.apache.org/jira/browse/MNG-7238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17417334#comment-17417334 ]
Karl Heinz Marbaise edited comment on MNG-7238 at 9/19/21, 1:42 PM:
--------------------------------------------------------------------
First based on your question:
{quote}On the other hand should there be a limitation for doing a deprecation or not?{quote}
Should it be allowed {quote}
If you have a maintainer of a lib should it be allowed for that person to define "deprecated" or should it also be possible for other people to define "deprecation" for cases like a maintainer does not answers requests(for whatever reason) So how could that being handled?
So finally it boils down to the point who can define a component as "deprecated" apart from the whole technical aspects and possible breaking parts...
Furthermore If suggest to make changes/enhancements in Neus/Artifactory you should contact them...you call it a bit of cooperation... which means they have to implement that in their products...
Ah just forgot it what about all other tools which consuming central repo (just to mention IDE's) needed to be changed as well ? Not to mention a large number of other tools/plugins etc...
was (Author: khmarbaise):
First based on your question:
{quote}On the other hand should there be a limitation for doing a deprecation or not?{quote}
Should it be allowed {quote}
If you have a maintainer of a lib should it be allowed for that person to define "deprecated" or should it also be possible for other people to define "deprecation" for cases like a maintainer does not answers requests(for whatever reason) So how could that being handled?
So finally it boils down to the point who can define a component as "deprecated" apart from the whole technical aspects and possible breaking parts...
Furthermore If suggest to make changes/enhancements in Neus/Artifactory you should contact them...you call it a bit of cooperation... which means they have to implement that in their products...
> Dependency deprecation indicators
> ---------------------------------
>
> Key: MNG-7238
> URL: https://issues.apache.org/jira/browse/MNG-7238
> Project: Maven
> Issue Type: New Feature
> Reporter: Chris Kilding
> Priority: Major
>
> I would like to propose a new Maven feature: dependency deprecation indicators.
> In a nutshell, the idea is to let maintainers set a 'deprecated' metadata indicator on a Maven artifact in a repository. This will indicate to users that the artifact should no longer be used.
> The Maven CLI tools could then react to deprecation indicators in the appropriate ways:
> * {{mvn}} itself: Print a warning when deprecated dependencies are seen.
> * Maven Enforcer Plugin: Add a {{<banDeprecatedDependencies>}} rule which throws an error when deprecated dependencies are seen. (Also have a 'skip' property which allows the rule to be temporarily bypassed if needed.)
> * Maven Dependency Tree: Print a {{[deprecated]}} notice next to any deprecated dependency in the tree.
> We can also envisage automated agents like Dependabot or Snyk using these indicators to alert developers about deprecated dependencies in their stacks, and even assisting developers to remove them.
> Some of the major build tools outside the JVM already have deprecation indicators:
> * NPM: [https://docs.npmjs.com/cli/v7/commands/npm-deprecate]
> * Nuget: [https://docs.microsoft.com/en-us/nuget/nuget-org/deprecate-packages]
> * Composer: [https://tomasvotruba.com/blog/2017/07/03/how-to-deprecate-php-package-without-leaving-anyone-behind/]
> * Cocoapods: [https://guides.cocoapods.org/syntax/podspec.html#deprecated]
> So the feature has precedent, and I believe it would be useful to have in Maven.
> This Jira ticket follows up from the conversation "Feature proposal: Dependency deprecation indicators" on the maven-dev mailing list.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)