-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(maven): Disable all parent packages by default #25823
fix(maven): Disable all parent packages by default #25823
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so if required a user can enable if required?
Yes, it's optional and can be reverted to current behavior |
But I think in reality nobody will want it |
May I ask why the solution suggested in #25758 (reply in thread) wouldn't be enough to solve this? Disabling updates for all deps with <parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.2</version>
</parent> With this PR merged, this dep won't see updates anymore, unless the workaround is disabled. |
🎉 This PR is included in version 37.60.1 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Your solution is correct, maybe if these two presets work for everyone, we later could just remove |
Oh, I see actually some packages publish their parent POMs |
@Churro Now I'm not sure I understand your solution. The |
@zharinov, Yes, making them all For others that are not locally defined, such as Perhaps I'm overlooking something but isn't the root cause that the |
If @Churro is correct that remotely defined parent POMs are now ignored by default, then I can think of many projects that will no longer get their application frameworks updated by Renovate, indeed like application that use Spring Boot for instance, because those applications generally use a framework artifact as the parent to inherit Maven plugin configuration, dependency management, etc. These parents will come typically come from a remote Maven repository. Ignoring parent updates by default sounds like a bad idea to me. |
Now I think maybe we need to disable only known set of packages which are generating error messages |
@rarkins What do you think, should we stick to more targeted solution: #18117 (comment)? |
Changes
In most cases (if not all), parent POM is used to define some common variables and isn't published to Maven.
This PR fixes lookups for 2 and more levels of POM parent files.
Context
Documentation (please check one with an [x])
How I've tested my work (please select one)
I have verified these changes via: