[
https://issues.apache.org/jira/browse/MENFORCER-519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17929425#comment-17929425
]
Matthias Bünger commented on MENFORCER-519:
-------------------------------------------
I like the idea, however I'm not sure what's a good way to provide it.
To explain what I mean: I assume that when I want to ban a dependency I want to
ban it at all, regardless if it is a transitive dependency or a plugin
dependency, so I would not like to define my list of banned dependency twice.
On the other side I could also image that I'm fine to use dependencies in
plugins (for test there should be test scope) for build my artifact, but I
don't want to have them in my final artifact, what is shipped to production.
> "BannedPluginDependencies" Rule
> -------------------------------
>
> Key: MENFORCER-519
> URL: https://issues.apache.org/jira/browse/MENFORCER-519
> Project: Maven Enforcer Plugin
> Issue Type: Wish
> Components: Standard Rules
> Reporter: Jacques Burns
> Priority: Minor
>
> We ran into this issue at work where we had to prevent a certain JAR from
> ever appearing in the local repository of our build server. I was thinking of
> solving this with the Enforcer plugin, but it turns out that the JAR is also
> a dependency of some of the Maven plugins we use, and the Enforcer plugin
> doesn't check that. I realise it could probably be a custom rule, but maybe
> there could be a general desire for that kind of functionality.
> I'm willing to do the work on this and submit the PR, but first, is it
> something you folks would like added?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
