Ban Dynamic Versions

This rule bans dependencies having versions that require resolving (i.e. dynamic versions which might change with each build and require lookup of repository metadata). Dynamic versions are either

  • version ranges, i.e. all version strings starting with either [ or (,
  • the special placeholders LATEST/RELEASE or
  • versions ending with -SNAPSHOT.

The following parameters are supported by this rule:

  • allowSnapshots - if true dependencies with versions ending with -SNAPSHOT will not be banned. Default is false.
  • allowRelease - if true dependencies with version placeholder RELEASE will not be banned. Default is false.
  • allowLatest - if true dependencies with versions placeholder LATEST will not be banned. Default is false.
  • allowRanges - if true versions starting with either [ or ( will not be banned. Default is false.
  • allowRangesWithIdenticalBounds - if true ranges having a range with same upper and lower bound (always inclusive) will not be banned (although they require resolving in some Maven versions, MNG-7461).
  • excludeOptionals - if true direct optional dependencies won't be checked. Default is false.
  • excludedScopes - the list of scopes to exclude from direct dependencies. By default no scopes are excluded. For transitive dependencies the regular Maven rules are applied.
  • ignores - a list of dependencies to ignore. The format is groupId[:artifactId[:version[:type[:scope:[classifier]]]]] where artifactId, version, type, scope and classifier are optional (but require all previous parts). Wildcards may be used to replace an entire or just parts of a section. Examples:
    • org.apache.maven
    • org.apache.maven:someArtifact
    • org.apache.maven:artifact:someVersion
    • org.apache.maven:*:*:jar:test
    • *:*:*:jar:compile:tests
    • org.apache.*:maven-*:*
  • verbose - if true the dependency tree is checked before Maven computes the final dependency tree. Setting this property will make the rule check dependencies before any conflicts are resolved. This is similar to the verbose parameter for the tree goal for maven-dependency-plugin. Default is false.

Sample Plugin Configuration:

<project>
  [...]
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>3.5.0</version>
        <executions>
          <execution>
            <id>ban-dynamic-versions</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <banDynamicVersions>
                  <ignores>
                    <ignore>org.apache.maven</ignore>
                  </ignores>
                  <allowSnapshots>true</allowSnapshots>
                </banDynamicVersions>
              </rules>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  [...]
</project>