-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure that actual dependencies are compared rather than listed #1
Comments
Could you please fix this? |
I've added it to my list. I should visit it in the next week or so. |
OK, done a first draft on the Can I ask @ST-DDT to take a look at this and verify that it does detect a stale/incorrect URN whitelist by modifying the values in the rule-tester module |
Testresults for commit 9e073e4:
|
This is a great test report :-) I'll do some more commits to cover the missing items. |
Missing dependencies - Build failure => not fixed This is confusing. Commenting out the Bouncy Castle test dependency from the rule-tester module and rebuilding leads to a failure due to missing dependency. Removing the @ST-DDT could you clarify this situation? |
Wrong dependency/plugin scope is now covered. |
Exploring the Maven tree to locate the enforcer/digest rules is proving unreliable and possibly unnecessarily complex. I'm going to leave this out from this version. |
Well I just build/installed your plugin and added it in one of my test projects and tested those cases. Maybe I can write a JUnit like test for this.
Nice
Okay. I will have a look at this too. Maybe I can find a solution for this. But not today. |
Spotted by Andreas Shildbach:
At present if dependencies are changed without a fresh snapshot being taken then the enforcer rules will only be applied against the whitelist.
The enforcer needs to be stricter to avoid a false sense of security
The text was updated successfully, but these errors were encountered: