[jira] (MENFORCER-146) requireUpperBoundDeps inneffective when DependencyManagement is used

[Ben Noland (JIRA)]

    [ 
https://jira.codehaus.org/browse/MENFORCER-146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317443#comment-317443
 ] 

Ben Noland edited comment on MENFORCER-146 at 1/16/13 3:22 PM:
---------------------------------------------------------------

I don't know that the relationship between B and C matters. X could be guava, B 
could be an internal project, C could be an external library.

If A calls a method of B that uses a method that's new in X version 2.5, you're 
going to get an error. 

I do agree that the useManagedVersions param seems like a good solution.
                
      was (Author: bennoland):
    I don't know that the relationship between B and C matters. X could be 
guava, B could be an internal project, C could be an external library.

If A calls a method of B that uses a method that's new in X version 2.5, you're 
going to get an error. 

I do agree that the useManagedVersions param seems like a good solution, I just 
don't know that false is the best default, other than to ease people into the 
new behavior.
                  
> requireUpperBoundDeps inneffective when DependencyManagement is used
> --------------------------------------------------------------------
>
>                 Key: MENFORCER-146
>                 URL: https://jira.codehaus.org/browse/MENFORCER-146
>             Project: Maven 2.x Enforcer Plugin
>          Issue Type: Bug
>            Reporter: Ben Noland
>         Attachments: RequireUpperBoundDepsVisitor.diff
>
>
> Consider the following dependency tree:
> {noformat}
> A
> +- B
> |  \-X (1.1)
> +- C
>    \-X (2.1)
> {noformat}
> I can use the requireUpperBoundDeps to find these types of issues (I want to 
> use D 2.1 rather than 1.1).
> To fix the issue I use dependencyManagement to set the version of X to 2.1.
> As I understand it, using dependencyManagement effectively changes the tree 
> to look like this:
> {noformat}
> A
> +- B
> |  \-X (2.1) (really 1.1, but managed to 2.1)
> +- C
>    \-X (2.1)
> {noformat}
> Now, if B is upgraded to depend on X 2.5, I will never know:
> {noformat}
> A
> +- B
> |  \-X (2.1) (really 2.5, but managed to 2.1, I want to know about this!!)
> +- C
>    \-X (2.1)
> {noformat}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira