Hello. I have supplied a patch for the maven-dependency-plugin in JIRA (http://jira.codehaus.org/browse/MDEP-273). I was hoping to post here to encourage review and consideration of the patch for acceptance into the next release of the maven-dependency-plugin.
This patch creates a new goal `dependency:analyze-dep-versions` which will list mismatched dependencies. Mismatched dependencies are dependencies which are resolved at a lower version than required by a transitive project dependency due to its listing in the dependencyManagement section of a pom.xml, or due to being overridden by a version declared closer to the project root. It generates an intermediate XML report which is parsed during the site phase to create an HTML printout. I've also attached two examples that show why this is a problem, even for a project such as maven. There is an example which shows that (for example) maven-core (requires wagon-ssh requires wagon-ssh-common) requires plexus-interactivity 1.0-alpha-6 but maven-core itself directly depends on (and thus resolves) plexus-interactivity 1.0-alpha-4. If bugs were fixed in between those minor revisions, it could cause possibly hidden problems in the ssh functionality of maven. Thank you for your time and attention. Cole Mickens | Velocity Technical Intern | Cerner Corporation | cole.mick...@cerner.com | http://www.cerner.com ---------------------------------------------------------------------- CONFIDENTIALITY NOTICE This message and any included attachments are from Cerner Corporation and are intended only for the addressee. The information contained in this message is confidential and may constitute inside or non-public information under international, federal, or state securities laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or you may call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
