enforcedPlatform not working /struggling with failOnVersionConflict

Help/Discuss
1

Hey everyone!

I’m currently really struggling updating our open source library sda-dropwizard-commons to the latest version of Jackson.

Somehow I have the feeling that my knowledge about using “enforcedPlatform” is not enough to do the job. In theory the update should be easy because Jackson provides a platform (jackson-bom) that we could use and enforce in our platform module (sda-commons-dependencies). In practice I can see that versions of the modules listed in the jackson-bom are not properly enforced. There are still modules that use a version pulled in by a transitive dependency and don’t prefer the version that I defined in our platform. In addition the “failOnVersionConflict” resolution strategy does not fail although I can clearly see that different versions were used.

Since enforcing versions from our platform does not work as I’d like it, we’ve ended up excluding/including dependencies to get the proper version. It really feels strange to do it.

Can you help me out: Is it me? What did I misunderstand about enforcing versions with a platform? Or am I hitting a bug in one of the plugins?

At the moment I feel like I’m in dependency hell.

Thanks for any feedback!

Christopher

2

Hej everyone!

I know my topic is really very unspecific. But maybe I can boil it down to the question:

What’s the recommendation between “failOnVersionConflict” and using “enforcedPlatform” in your project? Is it a good idea to use both concepts? Or shouldn’t you use both at the same time because they somehow try to solve the same problem in a slightly different manner?

Thanks for everyone reading my post and for any insights/suggestions.

Christopher

3

I’m talking here to myself :smiley:

I decided to disable the built-in functionality of failOnVersionConflict and write my own task. In case anyone is interested, you can find it here: fix(deps): bump jackson-databind to 2.13.2.2 by christopher-cudennec · Pull Request #1529 · SDA-SE/sda-dropwizard-commons · GitHub

My assumptions about the built-in failOnVersionConflict are:

  • it does not seem to detect conflicts between different configurations/scopes
  • it detects conflicts that are handled later by using enforcedPlatform (false positives)

If you know any details I’d be happy to hear your thoughts.

Cheers,

Christopher