Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce a switch if imported dependencies should also be analysed #129

Closed
PeterWippermann opened this issue Feb 9, 2017 · 4 comments
Closed

Introduce a switch if imported dependencies should also be analysed #129

PeterWippermann opened this issue Feb 9, 2017 · 4 comments
Labels
enhancement
Milestone
2.5

Comments

@PeterWippermann
Copy link

PeterWippermann commented Feb 9, 2017
edited
Loading

In my application I use Spring Boot. Thus I set up the Dependency Management as follows:

        <dependencyManagement>
          <dependencies>
            <!-- Spring Cloud Dependencies -->
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud-dependencies.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>

Sprint Boot will manage my dependencies for me and guarantees that the selected versions work well together.
That's why I'd like to exclude the dependencies that are imported by Spring Boot from the versions:dependency-updates-report report. Otherwise I get suggested updates in my report that are out of scope for me.

I think it would be great to introduce a new boolean parameter to toogle if those imported dependencies should also be analysed. To stay backwards compatible it would default to true.

Don't get me wrong: I still want the importing dependency to be analysed, but not the dependencies it imports. That way I would still get notified if there's a newer version of Spring Boot / Dependencies.
@cs01lg
Copy link

cs01lg commented Feb 11, 2017

I think this has already been raised in #46

@PeterWippermann
Copy link
Author

It depends, I still want <dependencyManagement> to be processed so I get notified about outdated versions. However, I don't want to be informed about transitive and/or imported dependencies.

In #46 the OP asked to totally disable processing of dep-mgmt on request.

@PeterWippermann PeterWippermann mentioned this issue Feb 13, 2017
Closed
khmarbaise added a commit that referenced this issue Jun 17, 2017
@khmarbaise
Fixed #129
71903fe 
 o Added processBoms option to dependency-update-report.
@khmarbaise
Copy link
Member

Currently the result of this looks like this:
image
What do you think?

khmarbaise added a commit that referenced this issue Jun 17, 2017
@khmarbaise
Fixed #129
18c6787 
 o Added processDependencyManagementTransitive option to
   dependency-update-report.
@khmarbaise khmarbaise added this to the 2.5 milestone Jun 18, 2017
@PeterWippermann
Copy link
Author

PeterWippermann commented Jul 13, 2017
edited
Loading

Hi @khmarbaise ,
your solution looks great to me! Thanks for incorporating this feature and mainting this project :-)
On my behalf, sorry for the late feedback...

I'd be very happy to use it in my current setup! Is there a chance for a 2.5 release in the near future? I saw you usually release once a year or less.

@rweisleder rweisleder mentioned this issue Jul 4, 2018
Closed
@stefanseifert stefanseifert mentioned this issue Apr 28, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
2.5
Development

No branches or pull requests
3 participants
@khmarbaise @cs01lg @PeterWippermann