Lock packages (major) version in manifest
This rule allows you to avoid any imprecise versions (e.g. * / LATEST / no version mentioned) in the manifest file.
The best practice is to list the desired version range to prevent any discrepancies on the next build of the source code.
- Maintain the contract between the project code and external dependencies
When does this rule fail?
- When a dependency in the manifest files is not mentioning at least a major version
- When a dependency in the manifest files is listing a specific version on binary artifacts repository
How to fix?
- Fix your discrepancies so they will all list a specific version or range of accepted versions
- Push the commit, and add it to the open pull request
- Datree's policy check automatically ensures all discrepancies have at least a major version pinned
|Activate a policy|
Was this article helpful?