Golden Versions
The Golden Version
Sonatype's Component Intelligence scores a component version as the Golden Version if it falls under the recommended-non-breaking-with-dependencies category of recommendation.
This is a safe-to-use version of the component (including its dependencies) with no resulting breaking changes, that can be used for upgrade to remediate the reported policy violation.
NOTE: The Golden Version recommendation is currently available for the Maven ecosystem only.
Spotting the Golden Version
If Sonatype Component Intelligence finds a Golden Version for a component, the Recommendation Column in the Priorities View will show as "Non-breaking upgrade resolving issues for this component and its dependencies"
Click on the row, to view the Golden Version of the component on the component details page
Spotting Golden Versions in IDEs
If Sonatype Component Intelligence finds a Golden Version for a policy violation, it can flag the suggestion in the supported Integrated Development Environment (IDE). The Golden Version can then be easily applied by the developers, seamlessly within the context of the IDE.
Prerequisites to view Golden Versions in the IDE:
Your IDE has been integrated with one of the available Sonatype IQ Server plugins for IDE.
The IQ Server IDE plugins that are currently support Golden PR are:
The Golden PR
Sonatype IQ Server plugins for Source Control Management (SCM) can create PRs (pull request) with comments to upgrade dependencies to the recommended Golden Version. These versions are upgrade suggestions that will not cause breaking changes, while remediating the policy violation.
Using Golden Version recommendations you can enhance the fix rate for version upgrades by simplifying
Prerequisites to view Golden PRs in the SCM system
Your SCM environment has been integrated using one of the available Sonatype IQ Server plugins.
Check the Sonatype Developer dashboard to see if the application has been configured to use automatic SCM Feedback.
Automated Pull Requests is enabled for the SCM.
Spotting Golden PRs Source Control Management Systems
The IQ Server plugins that currently support Golden PRs are:
How is the Golden Version Different from Recommended Version?
The Golden Version of a component will remediate all policy violations on the current version of the component and its dependencies, without causing any breaking changes.
The recommended version of a component (seen as Bumping to version xxx in PR comments) will remediate policy violations on the current version of the component, without causing any breaking changes. It may not remediate policy violations for its dependencies.
When a Golden Version of a component is not available, the recommended version of the component can be used.