[
https://jira.codehaus.org/browse/MENFORCER-146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317435#comment-317435
]
Robert Scholte commented on MENFORCER-146:
------------------------------------------
IMO as long as B and C aren't related, it shouldn't be an issue. But I can
imagine the situation. So {{useManagedVersions}} should be a {{boolean}},
default to {{false}}. A test to prevent regression would be welcome as well.
> requireUpperBoundDeps inneffective when DependencyManagement is used
> --------------------------------------------------------------------
>
> Key: MENFORCER-146
> URL: https://jira.codehaus.org/browse/MENFORCER-146
> Project: Maven 2.x Enforcer Plugin
> Issue Type: Bug
> Reporter: Ben Noland
> Attachments: RequireUpperBoundDepsVisitor.diff
>
>
> Consider the following dependency tree:
> {noformat}
> A
> +- B
> | \-X (1.1)
> +- C
> \-X (2.1)
> {noformat}
> I can use the requireUpperBoundDeps to find these types of issues (I want to
> use D 2.1 rather than 1.1).
> To fix the issue I use dependencyManagement to set the version of X to 2.1.
> As I understand it, using dependencyManagement effectively changes the tree
> to look like this:
> {noformat}
> A
> +- B
> | \-X (2.1) (really 1.1, but managed to 2.1)
> +- C
> \-X (2.1)
> {noformat}
> Now, if B is upgraded to depend on X 2.5, I will never know:
> {noformat}
> A
> +- B
> | \-X (2.1) (really 2.5, but managed to 2.1, I want to know about this!!)
> +- C
> \-X (2.1)
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
