由 Maven 构建

此规则要求在构建期间解析的每个依赖项的版本等于或高于所有传递依赖项声明。在构建期间解决的每个依赖项的版本通常是 POM 中指定的版本或传递步骤最少的版本(“最近”定义)。有关 Maven 依赖项解析的更多信息,请参阅Maven 站点

这是一个具体的例子。这将导致构建失败:

  <dependencies>
    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-api</artifactId>
      <version>1.4.0</version>
    </dependency>
    <dependency>
      <groupId>ch.qos.logback</groupId>
      <artifactId>logback-classic</artifactId>
      <version>0.9.9</version>
      <!-- Depends on org.slf4j:slf4j-api:1.5.0 -->
    </dependency>
  </dependencies>

因为该项目将使用 slf4j-api 1.4.0 运行 logback-classic 0.9.9,而 slf4j-api 1.4.0 可能与 slf4j-api 1.5.0 不向前兼容。

这是日志消息:

Failed while enforcing RequireUpperBoundDeps. The error(s) are [
RequireUpperBoundDeps error for org.slf4j:slf4j-api:1.4.0 paths to dependency are:
+-test:TestParent:1.0-SNAPSHOT
  +-org.slf4j:slf4j-api:1.4.0
and
+-test:TestParent:1.0-SNAPSHOT
  +-ch.qos.logback:logback-classic:0.9.9
    +-org.slf4j:slf4j-api:1.5.0
]

这将成功。

  <dependencies>
    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-api</artifactId>
      <version>1.6.0</version>
    </dependency>
    <dependency>
      <groupId>ch.qos.logback</groupId>
      <artifactId>logback-classic</artifactId>
      <version>0.9.9</version>
      <!-- Depends on org.slf4j:slf4j-api:1.5.0 -->
    </dependency>
  </dependencies>

以下是如何设置项目以使用此规则

<project>
  ...
  <build>
    <plugins>
      ...
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>3.0.0</version>
        <executions>
          <execution>
            <id>enforce</id>
            <configuration>
              <rules>
                <requireUpperBoundDeps>
                  <!-- 'uniqueVersions' (default:false) can be set to true if you want to compare the timestamped SNAPSHOTs  -->
                  <!-- <uniqueVersions>true</uniqueVersions> -->
                  <!-- If you wish to ignore certain cases:
                  <excludes>
                    <exclude>com.google.guava:guava</exclude>
                  </excludes>
                  -->
                  <!-- If you include specific cases only these will be checked: (when omitted everything is included)
                  <includes>
                    <include>com.google.guava:guava</include>
                  </includes>
                  -->
                </requireUpperBoundDeps>
              </rules>
            </configuration>
            <goals>
              <goal>enforce</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
      ...
    </plugins>
  </build>
  ...
</project>