set a specific version of internal dependency when running dependency-checks --fix

[etylsarin]

Description

dependency-checks with a fix flag generates internal deps with an asterisk instead of specific version defined. This works fine within the monorepo, but when I want to use such library elsewhere, it becomes useless as it would be satisfied with any version of a dependent library.

Motivation

I need to use the libraries from my monorepo not only internally, but also externally. With asterisk in place, I need to set the dependencies version manually in my external apps. That becomes very fragile and hard to maintain.

Suggested Implementation

It would be great if the dependency-checks set a current version of an internal dependency with a range prefix (^1.2.3) instead of an asterisk (*). When re-run, it would bump the version to the latest. This could be managed via new config prop InternalDependenyVersionUpdate with a list of possible values: major, minor, patch, off.

[meeroslav]

Thank you @etylsarin,

That seems like a sensible feature request. Would you like to give it a try and implement this enhancement?

[etylsarin]

Thank you @etylsarin,

That seems like a sensible feature request. Would you like to give it a try and implement this enhancement?

Hi @meeroslav,

Even though I would like to try implement it, I'm afraid, I won't have capacity any time soon. Do you think there is a chance to get it on your roadmap without my contribution?

Cheers!

[meeroslav]

Hi @etylsarin,

Sure, we eventually pick up all the issues marked as community if there is no input for a while. But unfortunately this doesn't have much priority right now, so if you need it faster the best way is to make the contribution yourself (or find someone who would).

Cheers