Details
-
Type:
Improvement
-
Status:
Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 1.0.1
-
Fix Version/s: None
-
Component/s: Standard Rules
-
Labels:None
-
Number of attachments :
Description
Say you depend on the foo jar and would like to exclude the servlet-api. For example:
<dependency>
<groupId>com.foo</groupId>
<artifactId>foo</artifactId>
<version>1</version>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>
Later the foo jar switches to using the geronimo version of the servlet spec. You upgrade to use the new foo jar and your exclusion of the javax.servlet:servlet-api is no longer valid. It would be nice if there was a enforcer rule to check for these invalid excludes.
This type of thing happens for various reasons like:
dependency switched to the "same" dependency but with a different groupId - technically these are different deps according to maven
dependency changed minimum java language version where some apis are now included in the java runtime
dependency switched to a new implementation of the same library
dependency no longer uses a dependency
Without this kind of rule it is very easy for an unwanted dependency slip in unnoticed.
Btw. I also created a similar jira for the dependency plugin. I'm not sure which plugin should should support this functionality.
Issue Links
- is related to
-
MDEP-317
dependency:analyze* goals could check for invalid excludes
-