Reputation: 62652
How to configure a Gradle Java Platform to prefer the higher dependency version?
I am getting the following error in my spring boot gradle multi module project.
Dependency resolution failed because of conflict(s) on the following module(s):
- org.javassist:javassist between versions 3.24.0-GA and 3.20.0-GA
The root cause is that spring-boot-starter-data-jpa transitively depends on 3.24.0-GA and spring-boot-starter-thymeleaf transitively dependens on 3.20.0-GA. I am using the Gradle Java Platform Pulgin rather than the Spring Boot Gradle plugin.
Question:
- How do I configure a Gradle Java Platform to prefer the higher dependency version? I want to fix the conflict the resolution centrally and not in every project.
Gradle Platform Project
plugins {
`java-platform`
}
javaPlatform {
allowDependencies()
}
dependencies {
api(enforcedPlatform("org.springframework.boot:spring-boot-dependencies:2.2.5.RELEASE"))
constraints {
api(project(":core"))
api(project(":email"))
api(project(":security"))
api(project(":app"))
api("com.github.bbottema:emailaddress-rfc2822:2.1.4")
api("com.icegreen:greenmail:1.5.11")
api("nl.jqno.equalsverifier:equalsverifier:3.1.12")
api("com.google.guava:guava:28.2-jre")
}
}
Security module gradle project
plugins {
`java-library-conventions`
}
dependencies {
implementation(project(":core"))
implementation(project(":email"))
implementation("org.springframework.boot:spring-boot-starter-security")
implementation("org.springframework.boot:spring-boot-starter-data-jpa")
implementation("org.springframework.boot:spring-boot-starter-web")
implementation("org.springframework.boot:spring-boot-starter-thymeleaf")
testImplementation(testFixtures(project(":core")))
testImplementation(testFixtures(project(":email")))
}
Full dependency insight report
./gradlew :security:dependencyInsight --configuration compileClasspath --dependency org.javassist:javassist
> Task :security:dependencyInsight
Dependency resolution failed because of conflict(s) on the following module(s):
- org.javassist:javassist between versions 3.24.0-GA and 3.20.0-GA
org.javassist:javassist:3.24.0-GA
variant "compile" [
org.gradle.status = release (not requested)
org.gradle.usage = java-api
org.gradle.libraryelements = jar (compatible with: classes)
org.gradle.category = library
Requested attributes not found in the selected variant:
org.gradle.dependency.bundling = external
org.gradle.jvm.version = 11
]
Selection reasons:
- By conflict resolution : between versions 3.24.0-GA and 3.20.0-GA
org.javassist:javassist:3.24.0-GA
\--- org.hibernate:hibernate-core:5.4.12.Final
+--- org.springframework.boot:spring-boot-dependencies:2.2.5.RELEASE
| \--- project :platform
| \--- compileClasspath
\--- org.springframework.boot:spring-boot-starter-data-jpa:2.2.5.RELEASE
+--- compileClasspath (requested org.springframework.boot:spring-boot-starter-data-jpa)
\--- org.springframework.boot:spring-boot-dependencies:2.2.5.RELEASE (*)
org.javassist:javassist:3.20.0-GA -> 3.24.0-GA
\--- ognl:ognl:3.1.12
\--- org.thymeleaf:thymeleaf:3.0.11.RELEASE
+--- org.springframework.boot:spring-boot-dependencies:2.2.5.RELEASE
| \--- project :platform
| \--- compileClasspath
+--- org.thymeleaf:thymeleaf-spring5:3.0.11.RELEASE
| +--- org.springframework.boot:spring-boot-dependencies:2.2.5.RELEASE (*)
| \--- org.springframework.boot:spring-boot-starter-thymeleaf:2.2.5.RELEASE
| +--- compileClasspath (requested org.springframework.boot:spring-boot-starter-thymeleaf)
| \--- org.springframework.boot:spring-boot-dependencies:2.2.5.RELEASE (*)
\--- org.thymeleaf.extras:thymeleaf-extras-java8time:3.0.4.RELEASE
+--- org.springframework.boot:spring-boot-dependencies:2.2.5.RELEASE (*)
\--- org.springframework.boot:spring-boot-starter-thymeleaf:2.2.5.RELEASE (*)
(*) - dependencies omitted (listed previously)
A web-based, searchable dependency report is available by adding the --scan option.
BUILD SUCCESSFUL in 757ms
1 actionable task: 1 executed
Upvotes: 0
Views: 1141
Answers (1)
Reputation: 5653
Unfortunately, this type of problem cannot be solved via the Gradle Java Platform plugin. The plugin creates constraints that help the dependency resolution process to get the desired version but it doesn't eliminate conflict resolution. The error you are getting is due to the fact conflict resolution happened at all. In this case, you are getting conflicting dependency transitively. The only solution is to exclude from your first order dependencies which are bringing the undesired version.
To be able to control excludes globally you would have to create a plugin that does it and then each project has to apply that plugin. We use this approach in nebula-resolution-rules-plugin. Unfortunately, our plugin doesn't support your use case so it cannot be reused here.
I would probably suggest stopping using ResolutionStrategy:failOnVersionConflict. Library like Spring has many dependencies where you will likely have a conflict resolution. You would need to make a lot of manual adjustments to resolve your project.
Upvotes: 1
Related Questions
- How can I force Gradle to set the same version for two dependencies?
- How to make Gradle use the newer version of a dependancy when two are declared
- Define Spring dependency matching a Spring Boot version
- Gradle force dependency version?
- how to choose between versions in build.gradle
- Gradle & Spring Boot: choose dependency with implementation
- Override Spring Starter Version version in gradle
- Forcing Gradle to use an earlier dependency version for testing
- Switching dependencies in Gradle depending on platform
- Using Spring.IO dependency management, how can I override the version of a particular jar?