in Gradle manual at:
I see that to import a BOM a should use the syntax:
(or with enforcedPlatform to enforce module versions)
But in the tutorial at:
I see that the Spring Boot BOM is imported without using the platform keyword.
I tried to search the Gradle docs and Google to see if the platform keyword could just be omitted or if the two syntaxes cause two different behaviours, but I was not able to find anything useful.
Thanks in advance,
The syntax used in the Spring tutorial is added by the ‘io.spring.dependency-management’ plugin. That plugin is available for a long time and was created before Gradle introduced support for BOMs in the core (the
platform keyword). We are working with the Spring team to clarify the situation and to update documentation. But it might still take some time.
The recommendation is already:
If you do not need anything specific from the ‘io.spring.dependency-management’ plugin, you do not need to use it anymore. And you can/should use
platform(). And not apply the plugin even though it is mentioned in the tutorial.
thanks for your help. The mentioned Spring tutorial (which is hosted on Gradle website), however, says this:
Next we need to add the dependencies needed to compile and run our example as we are not using Spring’s dependency management plugin. For that we use the Gradle’s BOM support and load the Spring Boot BOM file to be able to resolve all required dependencies with the proper version.
So, the tutorial seems indeed to suggest it’s NOT using the
io.spring.dependency-management plugin, and this is why I got confused. It’s however true that, on the same page, the tutorial says that the following plugins are needed:
id 'org.springframework.boot' version '2.0.5.RELEASE'
id 'io.spring.dependency-management' version '1.0.7.RELEASE'
So, indeed, the tutorial seems to contradict itself.
Apart from this aspect, another thing which is not clear in that tutorial, IMHO, is the requirement of strictly requiring
snakeyaml version to be 1.19: I mean, the tutorial says:
To comply with the Spring Boot BOM the
components block is needed to strictly use the
snakeyaml dependency with version
1.19 as the
spring-beans dependency has version
1.20 as transitive dependency.
Apart from the fact that the 2.0.5.RELEASE of the Spring Boot BOM is now old, I see that it indeed declares version 1.19 of
snakeyaml, but also version 5.0.9.RELEASE of
spring-framework-bom which in turn declares version 5.0.9.RELEASE of
spring-beans which requires
snakeyaml 1.20. I was wondering though why it should be a problem from a consumer point of view: the Spring Boot BOM is requiring a minimal version of
snakeyaml of 1.19, isnt’ it? Why the default conflict resolution (which would upgrade
snakeyaml to version 1.20) is not desirable here?
Sorry I missed that it is our tutorial. It is horribly outdated as it was written for Gradle 4 (back then the BOM support was still “beta” and worked a bit differently). And yes, it should no longer recommend the ‘io.spring.dependency-management’ plugin.
I also don’t understand the
strictly thing. I agree with what you wrote. The only reason to do it there would be if something in
spring-beans breaks through the
1.20 update. But if that is the case, the guide should be clear about that. And even then it is debatable if using a component metadata rule is correct here (instead of defining a strict constraint directly in the
I am a bit ashamed of this content now to be honest. I’ll see that we get it updated soon.
Thank you Jendrik, greatly appreciated!