Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
3.4.1
-
None
Description
banDynamicVersions won't ban a dependency with a dynamic version if it exists multiple times in the dependency tree, as long as the final dependency tree has no dynamic version.
As an example consider the following dependency tree where D appears multiple times.
A +- B | \- D version 1.0 \- C \- D version [1.0,2.0)
Before the rule banDynmicVersions is applied the final dependency tree is computed which means we end up with the following.
A +- B | \- D version 1.0 \- C
This computed dependency tree is fine by itself and has no dynamic versions but if the original dependency tree changes for whatever reason (such as D no longer being a dependency of B) the rule will now detect the dynamic version of D that C is trying to use.
A +- B \- C \- D version [1.0,2.0)
The above example is actually something that happens to me. For various reasons I have a Maven project A with the dependencies B and C being developed independently from each other. In order to have a reproducible build I've applied the banDynamicVersions rule to the entire project. As B or C might introduce or remove dependencies at will I could actually end up with B removing the dependency on D and suddenly my project won't build any longer. At that moment I do not have the possibility of making C use a fixed version of D, and I do not want to introduce a dependency on D in my project A just to resolve that (my dependency tree is much larger than this and it will be unreasonable to keep fixing things up).
In order to solve that I want to ban dynamic versions in the entire dependency tree before the final dependency tree is computed. This currently isn't supported by the plugin.
Attachments
Issue Links
- links to