-
Notifications
You must be signed in to change notification settings - Fork 237
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Transitive bazel dependencies have public visibility #94
Comments
Yes, we should definitely restrict the visibility of unspecified artifacts. I'll mark this as a good first issue for anyone to take up if they want to give it a shot. |
This seems like a good idea in principle, but there are unfortunately some dependencies that seem to be specifically set up to bring in dependencies for you to directly reference. The Spring Boot starters would be a good example. It seems like a bad practice to me, but they get used pretty heavily. :( So, even if this gets done, I think there should be an option to turn it off. |
I agree. It's also possible for the rule, or use |
) * Add `strict_visibility` attr to hide transitive dependencies (#94) This commit adds an attribute, `strict_visibility`, to allow users to hide transitive Maven dependencies, forcing the user to explicitly name artifacts in their `maven_install`'s `artifacts` list before being able to reference in downstream build rules. Resolves #94. Testing Done: - `bazel test //tests/unit/build_tests/...` succeeded. `bazel test //tests/unit/build_tests:strict_version_neg` failed, as expected. * fixup! Add `strict_visibility` attr to hide transitive dependencies (#94) * fixup! Add `strict_visibility` attr to hide transitive dependencies (#94) * fixup! Add `strict_visibility` attr to hide transitive dependencies (#94) * fixup! Add `strict_visibility` attr to hide transitive dependencies (#94)
As a reasonably new user I found it extremely surprising that a transitive dependency that was not declared in the
artifacts
attribute had public visibility. I would have expected that the way to make a transitive artifact public was to supply a 2-part spec in theartifacts
attribute.This would make it much easier for relative beginners to read the rules as the public targets would be explicitly declared.
Was this ever considered?
Other than that, it has been reasonably easy to get started. Thanks!
The text was updated successfully, but these errors were encountered: