Maven registries version checks cross sub-group and cross projects
Release notes
Maven registries used across large sub-groups search across all projects to determine best match for version ranges.
Problem to solve
When two separate maven project registries have the same package the versioning scheme does not search cross sub-group for the higher version match, but instead locks into the first registry it finds.
gitlab.com/subgroupa/subsubgroupa/proja - mvnpkg-a version 1.1
gitlab.com/subgroupa/subsubgroupb/proja - mvnpkg-a version 1.2
If I configure my maven dependencies to gitlab.com/subgroupa to [1.0,2.0]
, I have a chance to receive 1.1
from subsubgroupa/proja because the search ends with the first match (I believe sorted by last updated timestamp).
Intended users
User experience goal
Maven builds automatically search cross sub-groups/projects automatically.
Proposal
Maven builds automatically search cross sub-groups/projects automatically and returns the highest in the explicit versioning range - e.g. return 1.2 in the example above.
Further details
As a large tenant on gitlab.com, with 1 parent sub-group and many sub-groups underneath it, we had an instance where a group accidentally published a maven package to their registry that was not the genuine latest.