Closed timtebeek closed 7 months ago
I see maven-index-search-suspect-coordinates
scans for similar coordinates across different groupIds.
Are you also looking at (or have you considered) relocation records? https://maven.apache.org/guides/mini/guide-relocation.html
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.33</version>
<distributionManagement>
<relocation>
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
<message>MySQL Connector/J artifacts moved to reverse-DNS compliant Maven 2+ coordinates.</message>
</relocation>
</distributionManagement>
</project>
No idea if those are available through the index already, but they could help either find more changed groupIds, or flush out false positives.
If they exist in pom.xml files, relocations are displayed when using Maven. This is why I did not try to find them in Maven indexes. Meanwhile, they are displayed as warnings only (if my memory is correct). oga-maven-plugin offers an option to break the build, and it can give more context (description, links...). I don't know if users need these features when official relocation data exist.
Helpful context, thanks! As a user I'd be surprised if the plugin does not flag a dependency that was officially relocated, but perhaps that's just me. Let me know if this is something interesting enough to track in it's own issue, and discuss further there. All good too if it's not something you'd want to have in here, but with an eye towards the Gradle plugin I doubt if relocated artifacts are already surfaced there.
Old groupId
mysql
Old artifactId
mysql-connector-java
New groupId
com.mysql
New artifactId
mysql-connector-j
Context
MySQL Connector/J artifacts moved to reverse-DNS compliant Maven 2+ coordinates.
Additional information
Relocation record is up at: https://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.33/mysql-connector-java-8.0.33.pom
Is this an official migration by the same team?