[
https://jira.codehaus.org/browse/MENFORCER-146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=326542#comment-326542
]
Ben Noland commented on MENFORCER-146:
--------------------------------------
In the second block, A has dependencyManagement for X (2.1), B has it
explicitly set (1.1). A's dependencyManagement wins since we're building A (A
doesn't depend directly on X).
I ended up making a few more changes to the rule (I'll attach another patch).
We've been using this for a couple of months and it's working pretty well.
> requireUpperBoundDeps inneffective when DependencyManagement is used
> --------------------------------------------------------------------
>
> Key: MENFORCER-146
> URL: https://jira.codehaus.org/browse/MENFORCER-146
> Project: Maven 2.x Enforcer Plugin
> Issue Type: Bug
> Reporter: Ben Noland
> Attachments: patch2.patch, RequireUpperBoundDepsVisitor.diff
>
>
> Consider the following dependency tree:
> {noformat}
> A
> +- B
> | \-X (1.1)
> +- C
> \-X (2.1)
> {noformat}
> I can use the requireUpperBoundDeps to find these types of issues (I want to
> use D 2.1 rather than 1.1).
> To fix the issue I use dependencyManagement to set the version of X to 2.1.
> As I understand it, using dependencyManagement effectively changes the tree
> to look like this:
> {noformat}
> A
> +- B
> | \-X (2.1) (really 1.1, but managed to 2.1)
> +- C
> \-X (2.1)
> {noformat}
> Now, if B is upgraded to depend on X 2.5, I will never know:
> {noformat}
> A
> +- B
> | \-X (2.1) (really 2.5, but managed to 2.1, I want to know about this!!)
> +- C
> \-X (2.1)
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
