FYI:
----- Forwarded Message -----
Subject: ${project.version} in dependency versions considered harmful
Hey everyone,
I just wanted to give a little PSA about this insidious little
expression (see $subject).
Using that expression in dependency declarations seems like a shortcut,
but it can go wrong in SO MANY WAYS. By far the most common problem is
the use of ${project.version} in a BOM or parent POM.
If anyone inherits from that parent POM or imports that BOM in an
external project, that external project's version will be used in place
of the one that the parent POM / BOM intended, and all of your carefully
managed dependencies will be wrong.
Example: jboss-as-console-bom-2.5.5.Final-redhat-1.pom
This declares org.jboss.as:console-spi:sources:${project.version}:jar.
Then, the Teiid build imports that BOM and uses it when it builds
against the console-core library. The above sources jar listed as a
second-level dependency (coming in via console-core) uses the Teiid
project version, and everything grinds to a halt.
Please, if you find dependency declarations using ${project.version},
fix it! If there are many, many references, simply switch to using a
property (eg. ${consoleVersion} in place of ${project.version})...and
DON'T use ${project.version} as the value for that property.
Show replies by date