I am working on a project and I am generating a Maven BOM that projects can reference for standard versions of dependencies. I was about to start implementing the nebula-dependency-recommender-plugin but I noticed it is now deprecated and the project now points to Gradle’s new BOM capabilities (since 4.6).
I started looking into it and and at first it seemed like exactly what I needed… I expected that if you don’t specify a version of your dependency, you will get the recommend version for the dependency based on an imported BOM. This is how I understand the nebula plugin to work, from basic testing. Maybe this assumption and the fact that the nebula plugin is deprecated is where my confusion is coming from.
Please correct me if I’m wrong but with the Gradle implementation, it seems like it is constraining all versions of a dependency (including transitive) to the version listed in the BOM. This is what I’m seeing but maybe I’m doing something wrong? The title in the bom import section of the managing transitive dependencies user guide seems to suggest they are recommendations but from everything else I’m reading, and from testing, it appears that the BOM import is forcing all versions to the one specified in the BOM (a dependency constraint).
If that is not whats expected or there is a way to get the import to only set a version when one doesn’t exist, please let me know! I’m stuck between this and the now deprecated Nebula plugin. I’d really like to use the built in functionality if I can get it to work beyond just forcing dependency constraints. Maybe its possible using the new module metadata format?
Another option I’m looking at is implementing a custom versioning scheme but like I said, I’d prefer to utilize the built in BOM import capability, if possible.