Marcono1234 created MENFORCER-432:
-------------------------------------
Summary: requireUpperBoundDeps support for checking
dependencyManagement
Key: MENFORCER-432
URL: https://issues.apache.org/jira/browse/MENFORCER-432
Project: Maven Enforcer Plugin
Issue Type: Improvement
Components: Standard Rules
Affects Versions: 3.1.0
Reporter: Marcono1234
For projects which are either used as parent by other projects, or which are
used as Bill of Materials (BOM) and which declare dependencies in the
{{dependencyManagement}} it would be useful if {{requireUpperBoundDeps}} was
able to check the dependencies in the {{dependencyManagement}}. This would
allow verifying that the versions of these managed dependencies are correct and
would not cause any issues for consuming projects.
Currently {{requireUpperBoundDeps}} seems to only check regular dependencies;
this prevents it from being used directly on the parent / BOM project, but
requires applying it on all consuming projects.
It would be quite useful to already detect conflicting dependency versions
directly in the parent / BOM project.
Maybe a separate option for this (e.g. {{checkDependencyManagement}}) would be
useful to allow enabling / disabling this check.
It appears maven-dependency-tree already determines those managed dependencies
in {{DefaultDependencyCollectorBuilder}} respectively
{{Maven31DependencyCollectorBuilder}} (in older versions), but does not expose
this information.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
