Re: Locking down dependency versions...

I suggest reviewing the enforcer plugin [0] to see if any of its rules can help you. Specifically, I wonder about [1] and [2]. I like to use many of these rules to help keep a resilient build. The main hassle is some dependencies "bleed", but usually just need to exclude their transitives or

Locking down dependency versions...

Is there a maven module that can lock down dependency versions? I have a custom / in house script we wrote that writes a .dependencies file with the jar dependencies. If we commit without updating it, CI will fail with an error because you didn't manually approve the change by regenerating the

Re: Locking down dependency versions...

Hi Kevin, On 11/12/15 10:22 PM, Kevin Burton wrote: Is there a maven module that can lock down dependency versions? Are you talking about SNAPSHOT's or something different? I have a custom / in house script we wrote that writes a .dependencies file with the jar dependencies. If we commit

Re: Locking down dependency versions...

Hi Kevin, On 11/12/15 11:00 PM, Kevin Burton wrote: Just regular dependency versions. So if we're using 1.0.1 of library A I don't want adding adding library B to transitively change our dependency on library A... If you have a direct dependency to library A in version 1.0.1 than adding an

Re: Locking down dependency versions...

Just regular dependency versions. So if we're using 1.0.1 of library A I don't want adding adding library B to transitively change our dependency on library A... This has happened to us before and caused problems. On Thu, Nov 12, 2015 at 1:40 PM, Karl Heinz Marbaise wrote:

Re: Locking down dependency versions...

Kevin Burton wrote: > Just regular dependency versions. > > So if we're using 1.0.1 of library A I don't want adding adding library B > to transitively change our dependency on library A... > > This has happened to us before and caused problems. Use a shared parent where you define all