Lock packages (major) version in manifest
  • Updated on 22 Apr 2019
  • 1 minute to read
  • Contributors
  • Share
  • Dark
    Light

Lock packages (major) version in manifest

  • Share
  • Dark
    Light

This rule allows you to avoid any imprecise versions (e.g. * / LATEST / no version mentioned) in the manifest file.

The best practice is to list the desired version range to prevent any discrepancies on the next build of the source code.

Use case(s)

  • Maintain the contract between the project code and external dependencies

When does this rule fail?

  • When a dependency in the manifest files is not mentioning at least a major version
  • When a dependency in the manifest files is listing a specific version on binary artifacts repository

3x-1e91d7b-Screen_Shot_2019-01-21_at_17.31.19.png

How to fix?

  1. Fix your discrepancies so they will all list a specific version or range of accepted versions
  2. Push the commit, and add it to the open pull request
  3. Datree's policy check automatically ensures all discrepancies have at least a major version pinned


What's Next

Activate a policy
Was this article helpful?