[jira] [Commented] (MENFORCER-360) requireUpperBoundDeps should have option to check for same major version

Fri, 18 Sep 2020 03:51:40 -0700 


    [ 
https://issues.apache.org/jira/browse/MENFORCER-360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17198284#comment-17198284
 ] 

Guy Veraghtert commented on MENFORCER-360:
------------------------------------------

[~rfscholte] Thank you for your response. You are mainly talking about (public) 
libraries. We are working on a large international internal project with 
different teams. Of course breaking an API should be avoided. However in 
practice, from time to time, it's not feasible to maintain backwards 
compatibility (or it would be too costly). Therefor all teams follow the rules 
of semantic versioning ([https://semver.org/|https://semver.org/).]) strictly, 
we use the proposed option to check for equal major versions in the build of 
the overarching application (where all different components of the teams come 
together) to have a final check that all components depend on compatible 
versions. (Note that also a class binary compatible change, can be breaking 
(different functional behavior)).

 

Note that spring-framework until now  was not following the rules of semantic 
versioning, they are rather bad at modularity and API management (but rather 
good at backwards compatibility). Checking spring compatibility is not the 
target of this change, we place it in the exclude tag.

 

We use this check for almost a year now, and it works very well for us. As I 
also heard of other projects doing something similar and the change is very 
small, I thought it would be a nice addition to this rule.

> requireUpperBoundDeps should have option to check for same major version
> ------------------------------------------------------------------------
>
>                 Key: MENFORCER-360
>                 URL: https://issues.apache.org/jira/browse/MENFORCER-360
>             Project: Maven Enforcer Plugin
>          Issue Type: Improvement
>          Components: Standard Rules
>    Affects Versions: 3.0.0-M3
>            Reporter: Guy Veraghtert
>            Priority: Trivial
>
> In our project we use semantic versioning for our dependencies 
> ([https://semver.org/|https://semver.org/).])
> The requireUpperBoundDeps rule already checks for compatible versions, but we 
> would like to have the option to specify that no major (i.e. breaking) 
> versions are mixed.
> So a (transitive) dependency on groupId:artifactId:1.0.0 and on 
> groupId:artifactId:2.0.0 means that we have a conflict.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to