Track uses of disallowed dependencies pattern

I am trying to expend the XML rule to scan through the POM.xml file to capture unapproved usage of library so my requirements are below

  • Minimum allowed version: 1.7.0
  • Version: 1.9.2

what is the pattern I should use

Welcome :slight_smile:

not sure if you’re able to extend the xml rules, but maybe this community plugin is an option !?


in the shown screenshot this is the template we reusing to check the dependency version I want to understand more on the pattern to be used

The parameters of xml:S3417 are explained in detail, what is the problem?

I used the below pattern to limit the dependency version from 1.7.3 and above but it is not working


Never used this template so far, but i would try 1.7.3-* as dependency version pattern for your case.

the pattern is for the negative case not the positive … so the pattern should indicate which versions are not allowed where the pattern you have shared is for the positive scenario


you’re right, after checking the sources

and the informations here

HTTP Connector Release Notes - Mule 4 | MuleSoft Documentation has version 1.1.0 (deprecated) listed as first version - don’t know if there are other versions in the wild.

the pattern should be something like that !?



according to this test

this should also work


yes this is working :slight_smile: … the only comment is the range is inclusive which means if 1.7.3 is allowed you have to do *-1.7.2 … otherwise works like magic … .thanks a lot :slight_smile:

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.