[
https://issues.apache.org/jira/browse/MENFORCER-494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17849529#comment-17849529
]
ASF GitHub Bot commented on MENFORCER-494:
------------------------------------------
slawekjaranowski commented on PR #294:
URL: https://github.com/apache/maven-enforcer/pull/294#issuecomment-2132189941
@JimmyAx thanks
> Allow banning dynamic versions before computing the final dependency tree
> -------------------------------------------------------------------------
>
> Key: MENFORCER-494
> URL: https://issues.apache.org/jira/browse/MENFORCER-494
> Project: Maven Enforcer Plugin
> Issue Type: Improvement
> Components: banDynamicVersions
> Affects Versions: 3.4.1
> Reporter: Jimmy Axenhus
> Assignee: Slawomir Jaranowski
> Priority: Major
>
> {{banDynamicVersions}} won't ban a dependency with a dynamic version if it
> exists multiple times in the dependency tree, as long as the final dependency
> tree has no dynamic version.
> As an example consider the following dependency tree where D appears multiple
> times.
> {noformat}
> A
> +- B
> | \- D version 1.0
> \- C
> \- D version [1.0,2.0){noformat}
> Before the rule {{banDynmicVersions}} is applied the final dependency tree is
> computed which means we end up with the following.
> {noformat}
> A
> +- B
> | \- D version 1.0
> \- C{noformat}
> This computed dependency tree is fine by itself and has no dynamic versions
> but if the original dependency tree changes for whatever reason (such as D no
> longer being a dependency of B) the rule will now detect the dynamic version
> of D that C is trying to use.
> {noformat}
> A
> +- B
> \- C
> \- D version [1.0,2.0){noformat}
> The above example is actually something that happens to me. For various
> reasons I have a Maven project A with the dependencies B and C being
> developed independently from each other. In order to have a reproducible
> build I've applied the {{banDynamicVersions}} rule to the entire project. As
> B or C might introduce or remove dependencies at will I could actually end up
> with B removing the dependency on D and suddenly my project won't build any
> longer. At that moment I do not have the possibility of making C use a fixed
> version of D, and I do not want to introduce a dependency on D in my project
> A just to resolve that (my dependency tree is much larger than this and it
> will be unreasonable to keep fixing things up).
> In order to solve that I want to ban dynamic versions in the entire
> dependency tree before the final dependency tree is computed. This currently
> isn't supported by the plugin.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
