Gradle choosing unexpected dependencies

bparkison · December 19, 2017, 10:02pm

We’ve got a project that has a transitive dependency on aspectjrt version 1.8.10. However, during dependency resolution, it steadfastly selects 1.8.9. We’re using the dependency-lock plugin, which currently says to use 1.8.9. But, regenerating the dependencies.lock file still selects 1.8.9. Further, disabling the dependency-lock plugin on the command line still leads to gradle choosing 1.8.9. I ran:

gradlew -PdependencyLock.ignore=true dependencies --debug

The only thing I see that really seems interesting is:

14:37:23.578 [DEBUG] [io.spring.gradle.dependencymanagement.VersionConfiguringAction] Processing dependency 'org.aspectj:aspectjrt:1.8.10’
14:37:23.578 [DEBUG] [io.spring.gradle.dependencymanagement.DependencyManagementContainer] Found managed version ‘1.8.9’ for dependency ‘org.aspectj:aspectjrt’ in global dependency management
14:37:23.578 [INFO] [io.spring.gradle.dependencymanagement.VersionConfiguringAction] Using version ‘1.8.9’ for dependency ‘org.aspectj:aspectjrt:1.8.10’

What does “in global dependency management” mean? Is that important?

Thanks,

Brian

sterling · December 19, 2017, 11:47pm

It looks like you’re also using Spring’s dependency management plugin which forces versions of things based on Maven BOMs or configured versions:

bparkison · December 20, 2017, 2:51pm

Hmm, I can’t figure out why, yet, but you’re onto something! I commented out that plugin, and all the stuff that came with it, and now gradle resolves version 1.8.10. I don’t see any place related to that plugin that’s pulling in a different version, but I don’t know anything about that plugin, so I’ll check with the dev team that’s using it. Thanks!