alt Hacker NewsWhat do you prefer for lockfiles in the Java world? I’ve been trying to drag a couple of Maven teams into the 2010s after finding that they weren’t.
What do you prefer for lockfiles in the Java world? I’ve been trying to drag a couple of Maven teams into the 2010s after finding that they weren’t.
You don't need them. Maven has deterministic dependency resolution (unless you use version ranges, but don't do that), so you just write your dependencies. (The flipside is you may want to get in the habit of doing something like versions:use-latest-releases as a regular housekeeping task so that you pick up any security updates, but that tends to be less of an issue in Java-land for other reasons)