The joynr Maven direct dependency versions are managed in the dependencyManagement
section of
the root POM.
The direct dependencies shall use fixed versions and not version ranges.
The direct and transitive dependency versions are locked in lock POM.
In case automatic Maven dependency mediation results in undesired versions,
these transitive dependencies shall also be managed in the root POM,
at the end of the dependencyManagement
section. Comment these manually managed transitive
dependencies, explaining:
- why the automatic Maven dependency mediation result cannot be used
- which direct dependencies causing the problem (if any)
In case direct dependencies are added, removed or require a version change, follow the following steps:
- Add/Remove direct dependencies to/from the corresponding projects. Assure that the scope is
restrictive (use
runtime
ortest
if appropriate). Do not specify a version. - Add/Remove/Change the direct dependency version values (not range) to the
dependencyManagement
section in the root POM. E.g. the latest available versions for JVM 11+ are used. - Use the tools described in the following section to update the lock POM.
The [../examples/radio-app/pom.xml](Radio App POM) is used as an example POM file for user applications. Hence it should be independent from the root POM. All direct dependencies within that POM must have a version. To avoid implicit dependency locking, do not specify a fixed version, but a version range as required by the APIs of the dependencies.
The following tools are provided within this directory to support the dependency maintenance. All tools require Python 3 and can be executed directly in Linux shells, without any arguments.
Rewrites lock POM using automatic Maven dependency mediation.
Rewriting a dependency lock can always lead to different results in case new versions are available
for dependencies not explicitly locked in the root POM. If a general transitive
dependency upgrade is not desired, try the update.py
instead.
Instead of a rewrite, the update uses the current version of [lock POM] before applying automatic
Maven dependency mediation. Hence only unused dependencies are removed and new dependencies are
added. Be aware that the tool is running on the lock POM of your current workspace.
If you have modified it before by running write.py
, revert the changes before running update.py
.
The script basically runs update.py
and returns non-zero code if the new lock POM
differs from the previous one. Note that the script does not alter your workspace content.
It can be safely used by CI/CD pipelines.