Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Support BOMs/dependencyManagement
See original GitHub issueCorrect me if I’m wrong, but to me it seems that the Coursier CLI doesn’t support fetching/resolving the dependencyManagement dependencies in BOMs?
For example: https://github.com/FasterXML/jackson-bom/blob/master/pom.xml#L75
I’ve tried all kinds of variants
$ coursier resolve com.fasterxml.jackson:jackson-bom:2.9.10 -t
$ coursier fetch com.fasterxml.jackson:jackson-bom:2.9.10 -j dep-tree.json && cat dep-tree.json
and more.
The dependency management section is a mechanism for centralizing dependency information. When you have a set of projects that inherits a common parent it’s possible to put all information about the dependency in the common POM and have simpler references to the artifacts in the child POMs.
Commonly used in large companies with a lot of teams developing various services in order to align them on external dependency versions!
Issue Analytics
- State:
- Created 4 years ago
- Reactions:13
- Comments:34 (11 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@alexarchambault I’m worried that the point of this feature request was misunderstood, so let me try to clarify.
What @mandrean is asking isn’t so much "fetching all the dependencies of the
dependencyManagementsection.The request is that the resolution should take
dependencyManagementinto account, in particular the dependency management included via the import scope, aka the BOM pattern. And that the equivalent capability be exposed via CLI:ResolutionParams.addForceVersion, which IIUC is the equivalent ofdependencyManagementinpom.xmldependencyManagementand put those intoResolutionParams.addForceVersionrecursively.I’m in the same boat as @mandrean in that I’m blocked by the aforementioned bazel feature. Hope this helps to prioritize this issue accordingly.
To give another case where this feature would be more than desirable is with distributed computing frameworks (Apache Beam/Google Cloud Dataflow, Apache Flink, Apache Spark, etc.), where we frequently encounter the following pattern: container images (vanilla or custom) are deployed with a predefined and mostly consistent set of dependencies whose versions are finely selected to be compatible with each other. Their selection is sometimes the result of considerable effort (example: BOM: com.google.cloud:libraries-bom:25.2.0) and, when at least one of them is incremented, all direct dependencies are re-examined with the same care in order to increment them if necessary, and so on, until a new version of the container image is consistent as a whole. For each such container image, a BOM is produced that provides an exhaustive list of the selected dependencies (either
providedwhen shared with the framework’s runtime and/or to save assembly and upload times, orcompileotherwise). This BOM is consumed by users in order to compile, test and assemble “fat” JARs (or uber-JARs) containing their application code as well as the additional dependencies they need. It is therefore the BOM that sets the pace for the versions guaranteed to be available in the deployment and consistent with each other. What’s missing is therefore a mechanism that would allow to automatically pick the individual dependency versions from BOMs, instead of doing that manually or by means of home-baked build system extensions.Edit: what I meant above is probably better summarized by Google’s Using Cloud Client Libraries: