[ https://issues.apache.org/jira/browse/MENFORCER-243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16996884#comment-16996884 ]
elharo commented on MENFORCER-243: ---------------------------------- so I can remind myself of the issues I think should be closed. If someone actually wants to work on this, feel free to take it. > Create rule to check versions of dependencies > --------------------------------------------- > > Key: MENFORCER-243 > URL: https://issues.apache.org/jira/browse/MENFORCER-243 > Project: Maven Enforcer Plugin > Issue Type: Improvement > Reporter: Karl Heinz Marbaise > Assignee: Elliotte Rusty Harold > Priority: Minor > > Create an enforcer rule which checks if dependencies have been given using > versions or not. > Best practice is to define all dependencies via dependencyManagement block > and only use those dependencies but don't override the versions. This should > be checked by this enforcer rule. > {code:xml} > <dependencyManagement> > <dependencies> > <dependency> > <groupId>org.testng</groupId> > <artifactId>testng</artifactId> > <version>6.8.1</version> > </dependency> > .. > </dependencies> > {code} > Now we can use the above dependency: > The following should not be disallowed by the enforcer rule, cause the parent > can't control the version of the dependency. > {code:xml} > <dependencies> > <dependency> > <groupId>org.testng</groupId> > <artifactId>testng</artifactId> > <version>6.8.1</version> > </dependency> > .. > </dependencies> > {code} > The following is allowed: > {code:xml} > <dependencies> > <dependency> > <groupId>org.testng</groupId> > <artifactId>testng</artifactId> > <scope>test</scope> > </dependency> > .. > </dependencies> > {code} > Furthermore we could make a supplemental enhancement here to force usage of > the {{scope}} only at the usage are not in dependencyManagement. -- This message was sent by Atlassian Jira (v8.3.4#803005)