Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce a switch if imported dependencies should also be analysed #129

Closed
PeterWippermann opened this issue Feb 9, 2017 · 4 comments
Closed
Milestone

Comments

@PeterWippermann
Copy link

PeterWippermann commented Feb 9, 2017

In my application I use Spring Boot. Thus I set up the Dependency Management as follows:

        <dependencyManagement>
          <dependencies>
            <!-- Spring Cloud Dependencies -->
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud-dependencies.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>

Sprint Boot will manage my dependencies for me and guarantees that the selected versions work well together.
That's why I'd like to exclude the dependencies that are imported by Spring Boot from the versions:dependency-updates-report report. Otherwise I get suggested updates in my report that are out of scope for me.

I think it would be great to introduce a new boolean parameter to toogle if those imported dependencies should also be analysed. To stay backwards compatible it would default to true.

Don't get me wrong: I still want the importing dependency to be analysed, but not the dependencies it imports. That way I would still get notified if there's a newer version of Spring Boot / Dependencies.

@cs01lg
Copy link

cs01lg commented Feb 11, 2017

I think this has already been raised in #46

@PeterWippermann
Copy link
Author

It depends, I still want <dependencyManagement> to be processed so I get notified about outdated versions. However, I don't want to be informed about transitive and/or imported dependencies.

In #46 the OP asked to totally disable processing of dep-mgmt on request.

@khmarbaise
Copy link
Member

Currently the result of this looks like this:
image
What do you think?

khmarbaise added a commit that referenced this issue Jun 17, 2017
 o Added processDependencyManagementTransitive option to
   dependency-update-report.
@khmarbaise khmarbaise added this to the 2.5 milestone Jun 18, 2017
@PeterWippermann
Copy link
Author

PeterWippermann commented Jul 13, 2017

Hi @khmarbaise ,
your solution looks great to me! Thanks for incorporating this feature and mainting this project :-)
On my behalf, sorry for the late feedback...

I'd be very happy to use it in my current setup! Is there a chance for a 2.5 release in the near future? I saw you usually release once a year or less.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants