我目前正在尝试的是:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.4.1</version>
<executions>
<execution>
<id>enforce-banned-dependencies</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<banTransitiveDependencies>
<excludes>
<exclude>*:*:*</exclude>
</excludes>
<includes>
<include>commons-lang:commons-lang:2.4</include>
</includes>
</banTransitiveDependencies>
</rules>
</configuration>
</execution>
</executions>
</plugin>
我上面尝试的意图是:
排除禁止所有传递依赖项,commons-lang:2.4 除外
当我尝试时
mvn verify
我会得到
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-banned-dependencies) @ ebtam-core ---
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
这不好。因为我知道我的项目中有以下依赖项:
[INFO] +- org.apache.velocity:velocity:jar:1.6.2:compile
[INFO] | +- commons-lang:commons-lang:jar:2.4:compile
我做错了什么?
我没有看到这个记录在哪里,但问题是在检查
banTransitiveDependencies*<rules>
<banTransitiveDependencies>
<excludes>
<exclude>commons-lang</exclude>
</excludes>
<includes>
<include>commons-lang:commons-lang:2.4</include>
</includes>
</banTransitiveDependencies>
</rules>
但它没有回答你的问题“排除禁止所有传递依赖项,除了 commons-lang:2.4”。
问题是,你为什么要使用这个规则?它是在 MENFORCER-138 中引入的,其目标是迫使开发人员不依赖继承的传递依赖项并强制在 POM 中声明。
您的目标是,如果依赖项
commons-lang:commons-lang:2.4bannedDependenciescommons-lang:commons-lang:2.4<rules>
<bannedDependencies>
<excludes>
<exclude>commons-lang:commons-lang:2.4</exclude>
</excludes>
</bannedDependencies>
</rules>
感谢插件源代码的链接。
我用规则解决了挑战
<rules>
<bannedDependencies>
<excludes>
<exclude>groupId:artifactId</exclude>
</excludes>
</bannedDependencies>
</rules>
输出样本:
Rule 0: org.apache.maven.enforcer.rules.dependency.BannedDependencies failed with message:
SOME_GAV:36.0.39-SNAPSHOT
SOME_GAV:30.000.00.41
groupId:artifactId:jar:7.1.11 <--- banned via the exclude/include list
使用的插件版本:3.4.1