| ~~ Licensed to the Apache Software Foundation (ASF) under one |
| ~~ or more contributor license agreements. See the NOTICE file |
| ~~ distributed with this work for additional information |
| ~~ regarding copyright ownership. The ASF licenses this file |
| ~~ to you under the Apache License, Version 2.0 (the |
| ~~ "License"); you may not use this file except in compliance |
| ~~ with the License. You may obtain a copy of the License at |
| ~~ |
| ~~ http://www.apache.org/licenses/LICENSE-2.0 |
| ~~ |
| ~~ Unless required by applicable law or agreed to in writing, |
| ~~ software distributed under the License is distributed on an |
| ~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| ~~ KIND, either express or implied. See the License for the |
| ~~ specific language governing permissions and limitations |
| ~~ under the License. |
| |
| ----- |
| Require Upper Bound Dependencies |
| ----- |
| ----- |
| 2012-02-08 |
| ----- |
| |
| This rule requires that the version for each dependency resolved during a build, is equal |
| to or higher than all transitive dependency declarations. The version of each dependency |
| resolved during the build will normally be the version specified in the POM or the |
| version with the least transitive steps (the "nearest" definition). For more |
| information about Maven dependency resolution, see |
| {{{http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html}the Maven site}}. |
| |
| Here is a concrete example. This will cause a build to fail: |
| |
| ----------------------------------------------------------------------------------- |
| <dependencies> |
| <dependency> |
| <groupId>org.slf4j</groupId> |
| <artifactId>slf4j-api</artifactId> |
| <version>1.4.0</version> |
| </dependency> |
| <dependency> |
| <groupId>ch.qos.logback</groupId> |
| <artifactId>logback-classic</artifactId> |
| <version>0.9.9</version> |
| <!-- Depends on org.slf4j:slf4j-api:1.5.0 --> |
| </dependency> |
| </dependencies> |
| ----------------------------------------------------------------------------------- |
| |
| Because the project will run logback-classic 0.9.9 with slf4j-api 1.4.0 |
| and slf4j-api 1.4.0 is probably not forwards compatible with slf4j-api 1.5.0. |
| |
| This is the log message: |
| |
| ----------------------------------------------------------------------------------- |
| |
| Failed while enforcing RequireUpperBoundDeps. The error(s) are [ |
| RequireUpperBoundDeps error for org.slf4j:slf4j-api:1.4.0 paths to dependency are: |
| +-test:TestParent:1.0-SNAPSHOT |
| +-org.slf4j:slf4j-api:1.4.0 |
| and |
| +-test:TestParent:1.0-SNAPSHOT |
| +-ch.qos.logback:logback-classic:0.9.9 |
| +-org.slf4j:slf4j-api:1.5.0 |
| ] |
| |
| ----------------------------------------------------------------------------------- |
| |
| And this will succeed. |
| |
| ----------------------------------------------------------------------------------- |
| <dependencies> |
| <dependency> |
| <groupId>org.slf4j</groupId> |
| <artifactId>slf4j-api</artifactId> |
| <version>1.6.0</version> |
| </dependency> |
| <dependency> |
| <groupId>ch.qos.logback</groupId> |
| <artifactId>logback-classic</artifactId> |
| <version>0.9.9</version> |
| <!-- Depends on org.slf4j:slf4j-api:1.5.0 --> |
| </dependency> |
| </dependencies> |
| ----------------------------------------------------------------------------------- |
| |
| Here is how a project should be setup to use this rule |
| |
| ----------------------------------------------------------------------------------- |
| <project> |
| ... |
| <build> |
| <plugins> |
| ... |
| <plugin> |
| <groupId>org.apache.maven.plugins</groupId> |
| <artifactId>maven-enforcer-plugin</artifactId> |
| <version>${project.version}</version> |
| <executions> |
| <execution> |
| <id>enforce</id> |
| <configuration> |
| <rules> |
| <requireUpperBoundDeps> |
| <!-- 'uniqueVersions' (default:false) can be set to true if you want to compare the timestamped SNAPSHOTs --> |
| <!-- <uniqueVersions>true</uniqueVersions> --> |
| <!-- If you wish to ignore certain cases: |
| <excludes> |
| <exclude>com.google.guava:guava</exclude> |
| </excludes> |
| --> |
| </requireUpperBoundDeps> |
| </rules> |
| </configuration> |
| <goals> |
| <goal>enforce</goal> |
| </goals> |
| </execution> |
| </executions> |
| </plugin> |
| ... |
| </plugins> |
| </build> |
| ... |
| </project> |
| ----------------------------------------------------------------------------------- |
| |
| |