Details
-
New Feature
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
2.2
Description
Say you depend on the foo jar and would like to exclude the servlet-api. For example:
<dependency> <groupId>com.foo</groupId> <artifactId>foo</artifactId> <version>1</version> <exclusions> <exclusion> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> </exclusion> </exclusions> </dependency>
Later the foo jar switches to using the geronimo version of the servlet spec. You upgrade to using the new foo jar and your exclusion of the javax.servlet:servlet-api is no longer valid. It would be nice if the dependency:analyze* goals could list all the exclusions that are not valid.
This type of thing happens for various reasons like:
- dependency switched to the "same" dependency but with a different groupId - technically these are different deps according to maven
- dependency changed minimum java language version where some apis are now included in the java runtime
- dependency switched to a new implementation of the same library
- dependency no longer uses a dependency
Without this kind of reporting it is very easy for an unwanted dependency slip in unnoticed.
Attachments
Issue Links
- is related to
-
MDEP-917 dependency:analyze-exclusions - use Resolver API instead of ProjectBuilder
- Closed
- relates to
-
MDEP-922 dependency:analyze-exclusions - should report issue only in current project
- Closed
-
MENFORCER-119 new rule to check for invalid dependency excludes
- Closed
- links to