https://gradle.com/ logo
Join Slack
Powered by
This message was deleted.
# community-support
s
This message was deleted.
c
Copy code
implementation("ch.qos.logback:logback-classic:[1.2.0, 1.3.0[!!")
    implementation("ch.qos.logback:logback-core:[1.2.0, 1.3.0[!!")
I was trying something like this, but a subproject was still able to compile after requesting 1.4.11 for example
v
As you defined a strict range, it should do what you want, unless you also configured to publish resolved versions. But actually, if a consumer project wants to ignore it, they can always do it, for example by depending on your library but excluding logback and then depending on their own version. Or by using 
resolutionStrategy...force
which also overwrites strict versions or similar things. Also using the legacy and discouraged Spring Dependency Management plugin would be one of the ways, as it uses exactly this resolution strategy forcing internally.
c
Ah ok, yeah that’s sorta what we’re worried about. People using spring’s dependency management plugin, having it force a potentially new (untested) version of a library and breaking compatibility with us.
We’re currently shading the library we’re trying to avoid conflicts with, I think we’ll continue to do so.
v
😨
Well, then your consumers can use an artifact transform to throw out the shaded classes and transform the usages back. 😄
If they really want, they can always trick your efforts. 🙂
And if someone is using the Spring dependency management plugin, tell them to not use it. It is a relict from times when Gradle did not have built-in BOM support and even the maintainer of the plugin recommends to not use it anymore.
c
True. Luckily in our case we’re not shading e.g. asm, but a json library which would be an implementation detail.
v
If you really feel you must shade it, at least also relocate it please.
c
Yep we do that.
👌 1
We provide convention plugins that use the dependency management plugin, and would love to get away from using that plugin.
Is the modern replacement doing something like
Copy code
implementation(project("spring-boot-bom"))
then?
Or even like this
Copy code
dependencies {
    configurations.configureEach {
        add(this.name, platform("org.springframework.boot:spring-boot-dependencies"))
    }
}
v
I maybe wouldn't add it to all configurations broadly. Especially, as not all configurations are meant for declaring dependencies and also you might want to not publish this dependency along. But besides that, yes.
Actually if you applied the spring boot plugin, or at least have it on the classpath, it also has a constant with the BOM coordinates you can use, like they also show it in their documentation
c
Ah ok, yeah we realized applying against all configurations had a high chance of breaking things. Kotlin for example wasn’t happy.
Copy code
val platformConfigurations = listOf("implementation", "kapt", "annotationProcessor")
    configurations.matching { it.name in platformConfigurations }.configureEach {
        this(platform(SpringBootPlugin.BOM_COORDINATES))
    }
is sorta what we settled on
👌 1
Do you perhaps have a source on
even the maintainer of the plugin recommends to not use it anymore.
?
v
c
Excellent, thanks!
👌 1
3 Views
Open in Slack
PreviousNext
Powered by