Comments (5)
vandmo
commented on July 25, 2024
I agree, I looked at that but IIRC Maven API didn't have any support for that so I would need to calculate the checksums myself which would have some performance penalty. It would be a really good feature and I might implement it when I find the time.
from dependency-lock-maven-plugin.
ioggstream
commented on July 25, 2024
Maven API didn't have any support for that
:( it's quite a pity...
I might implement it when I find the time.
Maybe we should file an issue on Maven first, then.
Thanks for your reply, R!
from dependency-lock-maven-plugin.
vandmo
commented on July 25, 2024
Sorry for late reply.
I don't think they will implement that considering that they haven't implemented support for locking dependencies at all.
I have started to look into how to add checksums to the lock files now.
from dependency-lock-maven-plugin.
danielhodder
commented on July 25, 2024
In the latest RC integrity checking works, but it's not possible to disable it for a dependency set. The configuration exists but is currently un-used. When depending on a snapshot we are seeing the following:
INFO] --- dependency-lock-maven-plugin:0.0.0fcba43c95c016556b4ef8d51d8aee999a0c51b3:check (default-cli) @ --**REDACTED**-- ---
[DEBUG] Configuring mojo se.vandmo:dependency-lock-maven-plugin:0.0.0fcba43c95c016556b4ef8d51d8aee999a0c51b3:check from plugin realm ClassRealm[plugin>se.vandmo:dependency-lock-maven-plugin:0.0.0fcba43c95c016556b4ef8d51d8aee999a0c51b3, parent: java.net.URLClassLoader@5caf905d]
[DEBUG] Configuring mojo 'se.vandmo:dependency-lock-maven-plugin:0.0.0fcba43c95c016556b4ef8d51d8aee999a0c51b3:check' with basic configurator -->
[DEBUG] (f) basedir = /Users/--**REDACTED**--
[DEBUG] (f) includes = [--**REDACTED GROUP ID**--:*]
[DEBUG] (f) integrity = ignore
[DEBUG] (f) version = ignore
[DEBUG] (f) dependencySets = [se.vandmo.dependencylock.maven.mojos.DependencySet@58294867]
[DEBUG] (f) format = pom
[DEBUG] (f) project = MavenProject: --**REDACTED GROUP ID**--:--**REDACTED**--:6.0.0-SNAPSHOT @ /Users/--**REDACTED**--/pom.xml
[DEBUG] -- end configuration --
[INFO] Ignoring version for --**REDACTED GROUP ID**--:--**REDACTED ARTIFACT ID**--jar:6.0.0-20221006.002140-44:compile:optional=false@sha512:joXzInzWmGPCHZXZxG8RlzrbkzT9rYs2jHKSw7Oz1wQ2AHh8BhAdvc2YEIiUZae1Jzr/ZQC18OAIZoqph+29lg==
[ERROR] The following dependencies differ:
[ERROR] Expected --**REDACTED GROUP ID**--:--**REDACTED ARTIFACT ID**--jar:6.0.0-20221006.002140-44:compile:optional=false@sha512:joXzInzWmGPCHZXZxG8RlzrbkzT9rYs2jHKSw7Oz1wQ2AHh8BhAdvc2YEIiUZae1Jzr/ZQC18OAIZoqph+29lg== with any version but found --**REDACTED GROUP ID**--:--**REDACTED ARTIFACT ID**--jar:6.0.0-20221031.212118-45:compile:optional=false@sha512:Hk9cFGkce5kzhJH259RaIOf0UnU8kpmjACXX88yPmyWtiH1re1VecUtNq998g6TUOSneoTD/uWOq0twu78DfLA==
Seems this functionality got lost as part of the major refactor when this was added to the 1.x branch.
from dependency-lock-maven-plugin.
vandmo
commented on July 25, 2024
This is implemented in the master branch which will be released within days.
from dependency-lock-maven-plugin.
Related Issues (13)
- Make it possible to indicate versions that should be the same as project from the POM. HOT 2
- GitHub Releases still indicate that version 0.13 is the latest release HOT 2
- How to manage snapshot dependencies? HOT 12
- Readme improvements on Dependabot needed HOT 2
- Support patterns for ignore, and my version, lists HOT 8
- Release version 1.0 HOT 3
- dependency-lock-maven-plugin is part of dependencies, security concern
- Exclusion of a dependency from version and integrity check is not working HOT 1
- Using the lockfile as dependencyManagement HOT 2
- Make plugin safe for parallel builds HOT 3
- Maven 4 alpha - Plugin has an exception HOT 3
- Add more control over produced lock file HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-lock-maven-plugin.