maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Jensen <jeffjen...@upstairstechnology.com>
Subject Re: Locking down dependency versions...
Date Thu, 12 Nov 2015 22:20:18 GMT
I suggest reviewing the enforcer plugin [0] to see if any of its rules can
help you.  Specifically, I wonder about [1] and [2].

I like to use many of these rules to help keep a resilient build.  The main
hassle is some dependencies "bleed", but usually just need to exclude their
transitives or work with the source product to help them cleanup their pom
(and sometimes it's because "your" pom didn't declare a version for a
previously unknown transitive :-).


[0] http://maven.apache.org/enforcer/maven-enforcer-plugin/
[1]
http://maven.apache.org/enforcer/enforcer-rules/dependencyConvergence.html
[2]
http://maven.apache.org/enforcer/enforcer-rules/banTransitiveDependencies.html


On Thu, Nov 12, 2015 at 4:00 PM, Kevin Burton <burton@spinn3r.com> wrote:

> Just regular dependency versions.
>
> So if we're using 1.0.1 of library A I don't want adding adding library B
> to transitively change our dependency on library A...
>
> This has happened to us before and caused problems.
>
> On Thu, Nov 12, 2015 at 1:40 PM, Karl Heinz Marbaise <khmarbaise@gmx.de>
> wrote:
>
> > Hi Kevin,
> >
> > On 11/12/15 10:22 PM, Kevin Burton wrote:
> >
> >> Is there a maven module that can lock down dependency versions?
> >>
> >
> > Are you talking about SNAPSHOT's or something different?
> >
> >
> >> I have a custom / in house script we wrote that writes a .dependencies
> >> file
> >> with the jar dependencies.
> >>
> >> If we commit without updating it, CI will fail with an error because you
> >> didn't manually approve the change by regenerating the .dependencies
> file.
> >>
> >> This way we don't have to worry about a radical dependency change due
> to a
> >> new dependency breaking our tree.
> >>
> >> The problem is I'm starting to break off our code into sub-projects and
> >> I'd
> >> like to use this everywhere.
> >>
> >> Kevin
> >>
> >>
> >
> > Kind regards
> > Karl Heinz Marbaise
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> > For additional commands, e-mail: users-help@maven.apache.org
> >
> >
>
>
> --
>
> We’re hiring if you know of any awesome Java Devops or Linux Operations
> Engineers!
>
> Founder/CEO Spinn3r.com
> Location: *San Francisco, CA*
> blog: http://burtonator.wordpress.com
> … or check out my Google+ profile
> <https://plus.google.com/102718274791889610666/posts>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message