enforcedPlatform not working /struggling with failOnVersionConflict

christopher-cudennec · March 25, 2022, 8:59am

Hey everyone!

I’m currently really struggling updating our open source library sda-dropwizard-commons to the latest version of Jackson.

Somehow I have the feeling that my knowledge about using “enforcedPlatform” is not enough to do the job. In theory the update should be easy because Jackson provides a platform (jackson-bom) that we could use and enforce in our platform module (sda-commons-dependencies). In practice I can see that versions of the modules listed in the jackson-bom are not properly enforced. There are still modules that use a version pulled in by a transitive dependency and don’t prefer the version that I defined in our platform. In addition the “failOnVersionConflict” resolution strategy does not fail although I can clearly see that different versions were used.

Since enforcing versions from our platform does not work as I’d like it, we’ve ended up excluding/including dependencies to get the proper version. It really feels strange to do it.

Can you help me out: Is it me? What did I misunderstand about enforcing versions with a platform? Or am I hitting a bug in one of the plugins?

At the moment I feel like I’m in dependency hell.

Thanks for any feedback!

Christopher

christopher-cudennec · March 28, 2022, 5:14am

Hej everyone!

I know my topic is really very unspecific. But maybe I can boil it down to the question:

What’s the recommendation between “failOnVersionConflict” and using “enforcedPlatform” in your project? Is it a good idea to use both concepts? Or shouldn’t you use both at the same time because they somehow try to solve the same problem in a slightly different manner?

Thanks for everyone reading my post and for any insights/suggestions.

Christopher

christopher-cudennec · March 31, 2022, 6:44am

I’m talking here to myself

I decided to disable the built-in functionality of failOnVersionConflict and write my own task. In case anyone is interested, you can find it here: fix(deps): bump jackson-databind to 2.13.2.2 by christopher-cudennec · Pull Request #1529 · SDA-SE/sda-dropwizard-commons · GitHub

My assumptions about the built-in failOnVersionConflict are:

it does not seem to detect conflicts between different configurations/scopes
it detects conflicts that are handled later by using enforcedPlatform (false positives)

If you know any details I’d be happy to hear your thoughts.

Cheers,

Christopher

Topic		Replies	Views
Virtual platforms, publishing, and transitive resolution problems Help/Discuss	1	845	March 5, 2019
What is the expected behavior of 2 conflicting enforced platform dependencies on a configuration? Help/Discuss	0	326	April 10, 2020
failOnVersionConflict only for certain dependencies Help/Discuss	4	633	March 20, 2020
No matching variant with BOM platform included in both a dependency and directly Help/Discuss	3	629	December 22, 2021
Version conflict for nested dependency when using versions from platform Help/Discuss	4	1593	July 8, 2020

enforcedPlatform not working /struggling with failOnVersionConflict

Related Topics