ASF GitHub Bot commented on MENFORCER-494:

slawekjaranowski commented on PR #294:
URL: https://github.com/apache/maven-enforcer/pull/294#issuecomment-2132189941

   @JimmyAx thanks

> Allow banning dynamic versions before computing the final dependency tree
> -------------------------------------------------------------------------
>                 Key: MENFORCER-494
>                 URL: https://issues.apache.org/jira/browse/MENFORCER-494
>             Project: Maven Enforcer Plugin
>          Issue Type: Improvement
>          Components: banDynamicVersions
>    Affects Versions: 3.4.1
>            Reporter: Jimmy Axenhus
>            Assignee: Slawomir Jaranowski
>            Priority: Major
> {{banDynamicVersions}} won't ban a dependency with a dynamic version if it 
> exists multiple times in the dependency tree, as long as the final dependency 
> tree has no dynamic version.
> As an example consider the following dependency tree where D appears multiple 
> times.
> {noformat}
> A
> +- B
> |  \- D version 1.0
> \- C
>    \- D version [1.0,2.0){noformat}
> Before the rule {{banDynmicVersions}} is applied the final dependency tree is 
> computed which means we end up with the following.
> {noformat}
> A
> +- B
> |  \- D version 1.0
> \- C{noformat}
> This computed dependency tree is fine by itself and has no dynamic versions 
> but if the original dependency tree changes for whatever reason (such as D no 
> longer being a dependency of B) the rule will now detect the dynamic version 
> of D that C is trying to use.
> {noformat}
> A
> +- B
> \- C
>    \- D version [1.0,2.0){noformat}
> The above example is actually something that happens to me. For various 
> reasons I have a Maven project A with the dependencies B and C being 
> developed independently from each other. In order to have a reproducible 
> build I've applied the {{banDynamicVersions}} rule to the entire project. As 
> B or C might introduce or remove dependencies at will I could actually end up 
> with B removing the dependency on D and suddenly my project won't build any 
> longer. At that moment I do not have the possibility of making C use a fixed 
> version of D, and I do not want to introduce a dependency on D in my project 
> A just to resolve that (my dependency tree is much larger than this and it 
> will be unreasonable to keep fixing things up).
> In order to solve that I want to ban dynamic versions in the entire 
> dependency tree before the final dependency tree is computed. This currently 
> isn't supported by the plugin.

This message was sent by Atlassian Jira

Reply via email to