[jira] [Commented] (MENFORCER-243) Create rule to check versions of dependencies

Sun, 15 Dec 2019 11:52:27 -0800 


    [ 
https://issues.apache.org/jira/browse/MENFORCER-243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16996858#comment-16996858
 ] 

Karl Heinz Marbaise commented on MENFORCER-243:
-----------------------------------------------

In particular if you are in a multi module build otherwise you have different 
versions in different modules which can cause hard to find issues. It should be 
part of the dist cause it's best practice which we should enforce...by offering 
appropriate rules...

> Create rule to check versions of dependencies
> ---------------------------------------------
>
>                 Key: MENFORCER-243
>                 URL: https://issues.apache.org/jira/browse/MENFORCER-243
>             Project: Maven Enforcer Plugin
>          Issue Type: Improvement
>            Reporter: Karl Heinz Marbaise
>            Assignee: Elliotte Rusty Harold
>            Priority: Minor
>
> Create an enforcer rule which checks if dependencies have been given using 
> versions or not.
> Best practice is to define all dependencies via dependencyManagement block 
> and only use those dependencies but don't override the versions. This should 
> be checked by this enforcer rule.
> {code:xml}
> <dependencyManagement>
>   <dependencies>
>     <dependency>
>       <groupId>org.testng</groupId>
>       <artifactId>testng</artifactId>
>       <version>6.8.1</version>
>     </dependency>
>     ..
>   </dependencies>
> {code}
> Now we can use the above dependency:
> The following should not be disallowed by the enforcer rule, cause the parent 
> can't control the version of the dependency.
> {code:xml}
>   <dependencies>
>     <dependency>
>       <groupId>org.testng</groupId>
>       <artifactId>testng</artifactId>
>       <version>6.8.1</version>
>     </dependency>
>     ..
>   </dependencies>
> {code}
> The following is allowed:
> {code:xml}
>   <dependencies>
>     <dependency>
>       <groupId>org.testng</groupId>
>       <artifactId>testng</artifactId>
>       <scope>test</scope>
>     </dependency>
>     ..
>   </dependencies>
> {code}
> Furthermore we could make a supplemental enhancement here to force usage of 
> the {{scope}} only at the usage are not in dependencyManagement.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to