[
https://issues.apache.org/jira/browse/MENFORCER-243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Elliotte Rusty Harold closed MENFORCER-243.
-------------------------------------------
> Create rule to check versions of dependencies
> ---------------------------------------------
>
> Key: MENFORCER-243
> URL: https://issues.apache.org/jira/browse/MENFORCER-243
> Project: Maven Enforcer Plugin
> Issue Type: Improvement
> Reporter: Karl Heinz Marbaise
> Assignee: Elliotte Rusty Harold
> Priority: Minor
>
> Create an enforcer rule which checks if dependencies have been given using
> versions or not.
> Best practice is to define all dependencies via dependencyManagement block
> and only use those dependencies but don't override the versions. This should
> be checked by this enforcer rule.
> {code:xml}
> <dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>org.testng</groupId>
> <artifactId>testng</artifactId>
> <version>6.8.1</version>
> </dependency>
> ..
> </dependencies>
> {code}
> Now we can use the above dependency:
> The following should not be disallowed by the enforcer rule, cause the parent
> can't control the version of the dependency.
> {code:xml}
> <dependencies>
> <dependency>
> <groupId>org.testng</groupId>
> <artifactId>testng</artifactId>
> <version>6.8.1</version>
> </dependency>
> ..
> </dependencies>
> {code}
> The following is allowed:
> {code:xml}
> <dependencies>
> <dependency>
> <groupId>org.testng</groupId>
> <artifactId>testng</artifactId>
> <scope>test</scope>
> </dependency>
> ..
> </dependencies>
> {code}
> Furthermore we could make a supplemental enhancement here to force usage of
> the {{scope}} only at the usage are not in dependencyManagement.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
