Am 08/24/16 um 09:22 schrieb Stephen Connolly: > I think we probably need to rethink version ranges. What I'd like is to let > the consumer Pom treat version ranges more as guidance rather than hard > requirements. It's a pain if you depend transitiveky on Foo:[1.0] but need > Foo:[1.0.1,1.1) for the critical security fix... Having to run around > applying excludes is not a good plan... Yes the build should initially fail > if I depend on [1.0] and [1.0.1,1.1) in my graph, but I should be able to > resolve the conflict for all my consumers (unless they pull in the conflict > again themselves)
This could be solved using dependency management. See the following links. This is yet another change in semantics of the consumer pom, not the syntax. This cannot be solved using XSLT. We need to apply some kind of versioning like the model version for the consumer pom as well. [0] <https://issues.apache.org/jira/browse/MNG-5761> [1] <https://git-wip-us.apache.org/repos/asf?p=maven.git;a=commit;h=d69dd31389b62264686e339e6c60dc5d7c26d4b1> Regards, -- Christian --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
