Hi Chris,
I also see the need for such a feature and would like to support you as
friendly tester.
Some people in this thread pointed out, that there is already the
relocation feature. I think it addresses a different use case. BTW, I
have not been aware of it until today.
Furthermore I think it is needed to define what you mean by
"deprecated". For some people it means, that there is a newer version
out there. For me it could mean that you should not use this version or
artifact anymore.
I can imaging situations where you simply would like to deprecate the
latest version of an artifact for some reason, for example for security
reasons, without having a plan to release any newer version.
Oliver
Am 28.07.21 um 12:10 schrieb Chris Kilding:
Hello,
I would like to propose a new Maven feature: dependency deprecation indicators.
In a nutshell, the idea is to let maintainers set a 'deprecated' metadata
indicator on a Maven artifact in a repository. This will indicate to users that
the artifact should no longer be used.
The Maven CLI tools could then react to deprecation indicators in the
appropriate ways:
- `mvn` itself: Print a warning when deprecated dependencies are seen.
- Maven Enforcer Plugin: Add a <banDeprecatedDependencies> rule which throws an
error when deprecated dependencies are seen.
- Maven Dependency Tree: Print a [deprecated] notice next to any deprecated
dependency in the tree.
- ...and so on
We can also envisage automated agents like Dependabot using these indicators to
alert developers about deprecated dependencies in their stacks, and assisting
developers to remove them.
Some of the major build tools outside the JVM already have deprecation
indicators:
- NPM: https://docs.npmjs.com/cli/v7/commands/npm-deprecate
- Nuget: https://docs.microsoft.com/en-us/nuget/nuget-org/deprecate-packages
- Composer / Packagist:
https://tomasvotruba.com/blog/2017/07/03/how-to-deprecate-php-package-without-leaving-anyone-behind/
So the feature has precedent, and I believe it would be useful to have in
Maven. If there is demand for it, I am willing to work on it.
There are definitely several good questions to be answered about what exactly
the feature would look like, so questions and comments are welcome :)
Regards,
Chris Kilding
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org
