Hi to all,
currently I'm trying to build a simple spring boot application which
uses a BOM for spring-boot-dependencies..
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>3.3.3</version>
<scope>import</scope>
<type>pom</type>
</dependency>
So based on the releases of JUnit Jupiter, Mockito etc.
I define the BOM's of JUnit Jupiter and Mockito (and others; only
excerpts shown here) before the spring boot dependencies like this,
because I want to use newer versions, than spring-boot-dependencies defines.
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.junit</groupId>
<artifactId>junit-bom</artifactId>
<version>5.12.1</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-bom</artifactId>
<version>5.16.1</version>
<scope>import</scope>
<type>pom</type>
</dependency>
..
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>${spring.boot.version}</version>
<scope>import</scope>
<type>pom</type>
</dependency>
..
</dependencies>
</dependencyManagement>
If I build the project Maven 4.0.0-rc3 I got a bunch of warnings like this:
mvn clean -e
[INFO] Error stacktraces are turned on.
[INFO]
.....
[INFO] Scanning for projects...
[WARNING]
[WARNING] 26 problems were encountered while building the effective
model for 'com.soebes.spring.example:employee:jar:0.0.1-SNAPSHOT' (use
-e to see details)
[WARNING] Ignored POM import for:
org.assertj:assertj-core:jar:3.25.3@compile as already imported
org.assertj:assertj-core:jar:3.27.3@compile. Add the conflicting managed
dependency directly to the dependencyManagement section of the POM.
[WARNING] Ignored POM import for:
org.assertj:assertj-guava:jar:3.25.3@compile as already imported
org.assertj:assertj-guava:jar:3.27.3@compile. Add the conflicting
managed dependency directly to the dependencyManagement section of the POM.
[WARNING] Ignored POM import for:
org.junit.jupiter:junit-jupiter:jar:5.10.3@compile as already imported
org.junit.jupiter:junit-jupiter:jar:5.12.1@compile. Add the conflicting
managed dependency directly to the dependencyManagement section of the
POM....
In Maven 3.9.9 I can build that project without any warning, because the
junit-bom is defined before the spring-boot-dependencies (which has
junit-bom on it's own in an older version), but overwrites the defined
in the spring-boot-dependencies with the newer versions, which is
exactly what I want..
Back to Maven 4:
So does that mean I have to add all the deps which are coming from the
junit-bom (also for the deps from assertj-bom, mockito-bom etc.)
manually into my dependencyManagement, as suggested?
That will wipe away any advantage that using BOMs gives me.
Is there a better solution which I'm not yet aware of?
Kind regards
Karl Heinz Marbaise
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
