[jira] [Commented] (MENFORCER-360) requireUpperBoundDeps should have option to check for same major version

Wed, 28 Oct 2020 21:13:02 -0700 


    [ 
https://issues.apache.org/jira/browse/MENFORCER-360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17222698#comment-17222698
 ] 

Zhenlei Huang commented on MENFORCER-360:
-----------------------------------------

More precisely, for a project that follows semantic versioning having 
dependency on groupId:artifactId, the conflict matrix should be as following,
||R \ T||1.0.0||1.0.1||1.1.0||2.0.0||
|1.0.0|{color:#008000}OK{color}|{color:#008000}OK{color}|{color:#008000}OK{color}|{color:#FF0000}Breaking{color}|
|1.0.1|{color:#008000}OK{color}|{color:#008000}OK{color}|{color:#FF0000}Breaking{color}|{color:#FF0000}Breaking{color}|
|1.1.0|{color:#FF0000}Breaking{color}|{color:#FF0000}Breaking{color}|{color:#008000}OK{color}|{color:#FF0000}Breaking{color}|
|2.0.0|{color:#FF0000}Breaking{color}|{color:#FF0000}Breaking{color}|{color:#FF0000}Breaking{color}|{color:#008000}OK{color}|

R is short for resolved version, and T for transitive dependency version.

Current implementation 
https://github.com/apache/maven-enforcer/blob/2babf83f8cb03b8565fa48fe429dbdd8f9fccee4/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/RequireUpperBoundDeps.java#L342
 compares version only and does not consider major version incompatible, say 
resolved version is 1.0.0 and transitive dependency version is 2.0.0 .

[~guyv] If the above is exactly what you desired, then I would suggest 
introducing some boolean flag like *enforceSemVer*  :)



> requireUpperBoundDeps should have option to check for same major version
> ------------------------------------------------------------------------
>
>                 Key: MENFORCER-360
>                 URL: https://issues.apache.org/jira/browse/MENFORCER-360
>             Project: Maven Enforcer Plugin
>          Issue Type: New Feature
>          Components: Standard Rules
>    Affects Versions: 3.0.0-M3
>            Reporter: Guy Veraghtert
>            Priority: Major
>
> In our project we use semantic versioning for our dependencies 
> ([https://semver.org/|https://semver.org/).])
> The requireUpperBoundDeps rule already checks for compatible versions, but we 
> would like to have the option to specify that no major (i.e. breaking) 
> versions are mixed.
> So a (transitive) dependency on groupId:artifactId:1.0.0 and on 
> groupId:artifactId:2.0.0 means that we have a conflict.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to