GetRequirements API call does not return version in case of maven
Opened this issue · 2 comments
As per the documentation https://docs.deps.dev/api/v3alpha/#getrequirements , this API should return
maven.dependencies[].version: string
The version requirement of the dependency.
When calling https://api.deps.dev/v3alpha/systems/maven/packages/org.apache.httpcomponents.client5:httpclient5/versions/5.3.1:requirements , version is always empty:
{
"maven": {
"parent": {
"system": "MAVEN",
"name": "org.apache.httpcomponents.client5:httpclient5-parent",
"version": "5.3.1"
},
"dependencies": [
{
"name": "org.apache.httpcomponents.core5:httpcore5",
"version": "",
"classifier": "",
"type": "",
"scope": "",
"optional": "false",
"exclusions": []
},
{
"name": "org.apache.httpcomponents.core5:httpcore5-h2",
"version": "",
"classifier": "",
"type": "",
"scope": "",
"optional": "false",
"exclusions": []
}, ...
Hello, thanks for getting touch!
This is potentially a confusing situation, but in this case I believe it is working as intended. For Maven the GetRequirements API returns exactly what is in the POM file for the particular version. As you're probably aware, Maven itself does quite a bit of work to determine the actual set of requirements by recursively merging parent POMs, interpolating variables and so on.
In this particular case:
- the POM for httpclient5 does not have version strings for any of the dependencies
- the parent, httpclient5-parent has a dependencyManagement section that provides some of the httpclient dependencies with explicit versions, specified via the properties section
- the API response from https://api.deps.dev/v3alpha/systems/maven/packages/org.apache.httpcomponents.client5:httpclient5-parent/versions/5.3.1:requirements matches this as far as I can tell
We're currently working on publishing some helper code in this repo for merging POMs and performing the variable interpolation which should be available soon, I'll update here once that's done.
Finally, there is a fair question about whether our API responses should contain empty strings when the value is entirely absent from the POM (the alternative would be omitting the key from the JSON), so I would be interested to hear any opinions about that.
Oh, now I understand, thanks for the detailed answer.
Finally, there is a fair question about whether our API responses should contain empty strings when the value is entirely absent from the POM (the alternative would be omitting the key from the JSON), so I would be interested to hear any opinions about that.
Hmm, good question, I think I'd prefer an empty string over an absent key. But elsewhere, folks seem to have a different opinion.