We can add check for it in Maven validation - https://maven.apache.org/guides/plugins/validation/
and also in plugin-tools ... On Fri, 22 Aug 2025 at 20:03, Tamás Cservenák <ta...@cservenak.net> wrote: > > Howdy, > > I was just checking downstream dependencies of Resolver 2.x and was > first surprised how many of them are: > https://deps.dev/maven/org.apache.maven.resolver%3Amaven-resolver-api/2.0.10/dependents > > By inspecting, I discovered that MANY are in fact Maven 3 plugins (!), > building against some Maven 3.9.x version AND Resolver 2.0.x!!! > > By spot testing, I see these versions usually entered plugin projects > via automated dependency updates that were "green" and then (blindly) > merged. This is wrong! > > Resolver version in case Maven plugins should be kept in "lockstep" > with Maven plugin is built against (as those artifacts are swapped out > at runtime with runtime provided ones). This works based on the GA > exported by Maven Core. Maven 3 uses Resolver 1, so exported GAs are > based on Resolver 1.x, while Resolver 2.x introduces new artifacts but > also things like transport renames (http -> apache, new jdk transport, > etc). Basically, Resolver 2.x was NEVER meant to be used by Maven 3 > plugins! > > Automated updates done by dependabot and alike _work_ as Resolver 2.x > is strict regarding source and binary compatibility, see > https://maven.apache.org/resolver/upgrading-resolver.html but this > does not mean it is "right thing to do" (tm). > > Again, in case of Maven plugins major Maven dependencies usually need > to be kept in "lockstep" (fx if you build against Maven 3.9.11 you > should use Resolver 1.9.24). > > Maven 3 uses Resolver 1.x lineage, while Maven 4 uses Resolver 2.x lineage. > > Mixing two major versions should not happen! > > Thanks > T > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > -- Sławomir Jaranowski --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
