- edited description
JDK Version and Repositories
Hi,
I was forced to ignore a lot of dependencies in my Project: https://www.versioneye.com/user/projects/55e50d658c0f62001b000180
I had two problems:
- The JDK Version: Many Dependencies cannot be updated because they are build with a newer JDK. => A Select-Box "Maximum allowed JDK" would be nice.
- The Repository: I'm only interested in library Versions which are available in Maven central Repo. e.g.: https://www.versioneye.com/java/org.apache.maven.plugins:maven-release-plugin or: https://www.versioneye.com/java/javax.servlet:servlet-api => A Whitelist of allowed Repositories would be nice.
Is there something similar planned? Or even exists already?
with friendly regards,
Harald
Comments (6)
-
reporter -
-
assigned issue to
-
assigned issue to
-
Hi @brabenetz. Many Thanks for your feedback.
-
Interesting Problem with the JDK version. Didn't though on that one, but that's really an issue. Currently VersionEye doesn't know which dependency is compiled/compatible with which JDK. If the information is available in the pom.xml files we could parse it and build a filter. I will take a deeper look to the pom xml structure and check if that is possible.
-
That feature doesn't exist yet and you are the first one asking for that. It's not hard to implement. But I have to think about it, if and how to integrate it into the UI, because if I would impl. ALL feature requests the UI would be already much more cluttered. That could also be a feature available via the VersionEye API and configurable in the VersionEye Maven Plugin, SBT Plugin, Gradle Plugin and so on. What do you think?
-
-
reporter Thanks,
-
parsing the pom could be difficult but possible.
- The compile version stands mostly in the property "maven.compiler.target". but the property has changed (in previous versions it was "maven.compile.target" without "r" in compile[r] ): e.g.: http://svn.apache.org/viewvc/httpcomponents/project/trunk/pom.xml?r1=1494064&r2=1494154&pathrev=1494154
- Because of this confusion, in the past, it was often written directly into the maven-compiler-plugin configuration hard coded: e.g.: https://issues.apache.org/jira/browse/MPOM-44
- Another possibility could be to analyse the JAR-File. I believe the standard maven-dependency-plugin do that somehow: http://settings4j.org/archiv/latest/dependencies.html#Dependency_File_Details
-
I wonder, because an OpenSource-Library which is deployed to the maven central should not depend on other repositories. I think the only reason because this is not a big problem now, is: there are only few dependencies which are deployed with a newer version into a third party repository.
The few Examples from my Project are definitely wrong:
- https://www.versioneye.com/java/org.apache.maven.plugins:maven-release-plugin/ The Version "3.0-r1585899" seams to be a snapshot-release deployed by Adobe. It is definitely not an official release from Apache.
- https://www.versioneye.com/java/javax.servlet:servlet-api There is only an empty pom.xml without jar as hint that the library was moved. But never mind, The "right" current version has moved to: https://www.versioneye.com/java/javax.servlet:javax.servlet-api
- https://www.versioneye.com/java/hsqldb:hsqldb The Version "1.8.1.1" from http://repo.jfrog.org and http://gradle.artifactoryonline.com has an incomplete pom.xml with description "Artifactory auto generated POM" But never mind, The "right" current version has moved to: https://www.versioneye.com/java/org.hsqldb:hsqldb
So at the end I have only one problem with "maven-release-plugin" which seams to be a hack deployed by Adobe. Sure, it makes only sense to implement a Repository-Whitelist-Feature if more people needs it.
It's really not important for me (because, now I have only one dependency which is effected).
with friendly regards, Harald
-
-
reporter And there is more...
The newest HSQLDB exists in different versions: http://search.maven.org/#artifactdetails|org.hsqldb|hsqldb|2.3.3|jar
with classifier "jdk5" it is JDK 5 compatible.
-
AssertJ as well http://joel-costigliola.github.io/assertj/assertj-core.html
- Log in to comment