Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[MENFORCER-494] Allow banning dynamic versions in whole tree #294

Merged
merged 3 commits into from
May 26, 2024

Conversation

JimmyAx
Copy link
Contributor

@JimmyAx JimmyAx commented Oct 26, 2023

This commit introduces the possibility of banning dynamic versions in the entire dependency tree before Maven computes the final dependency tree. If a dependency exists multiple times in the dependency tree the plugin will not detect any dynamic versions as long as the final dependency tree does not have any dynamic versions.

In this example the dependency A -> C -> D is not detected with a dynamic version unless the verbose parameter has been set in this pull request.

A
+- B
|  \- D version 1.0
\- C
   \- D version [1.0,2.0)

Following this checklist to help us incorporate your
contribution quickly and easily:

  • Make sure there is a JIRA issue filed
    for the change (usually before you start working on it). Trivial changes like typos do not
    require a JIRA issue. Your pull request should address just this issue, without
    pulling in other changes.
  • Each commit in the pull request should have a meaningful subject line and body.
  • Format the pull request title like [MENFORCER-XXX] - Fixes bug in ApproximateQuantiles,
    where you replace MENFORCER-XXX with the appropriate JIRA issue. Best practice
    is to use the JIRA issue title in the pull request title and in the first line of the
    commit message.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Run mvn clean verify to make sure basic checks pass. A more thorough check will
    be performed on your pull request automatically.
  • You have run the integration tests successfully (mvn -Prun-its clean verify).

If your pull request is about ~20 lines of code you don't need to sign an
Individual Contributor License Agreement if you are unsure
please ask on the developers list.

To make clear that you license your contribution under
the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.

JimmyAx and others added 3 commits October 26, 2023 11:29
This commit introduces the possibility of banning dynamic versions
in the entire dependency tree before Maven computes the final
dependency tree.
@slawekjaranowski slawekjaranowski merged commit 5c7d0bc into apache:master May 26, 2024
19 checks passed
@slawekjaranowski
Copy link
Member

@JimmyAx thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants