Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Don't set versions of external dependencies in BOM

See original GitHub issue

For example, in https://github.com/GoogleCloudPlatform/google-cloud-java/blob/184c219c7a7d38bd8146e3a4d35f0972a1d24a10/google-cloud-bom/pom.xml#L136 we’re setting the version of netty-tcnative-boringssl-static. This conflicts with the version we’re using in spring-cloud-gcp.

If users build their application, they get

java.lang.NoClassDefFoundError: Could not initialize class io.netty.handler.ssl.OpenSslEngine
	at io.netty.handler.ssl.OpenSslContext.newEngine0(OpenSslContext.java:49)
	at io.netty.handler.ssl.ReferenceCountedOpenSslContext.newEngine(ReferenceCountedOpenSslContext.java:378)
	at io.grpc.netty.ProtocolNegotiators$TlsNegotiator$1.handlerAdded(ProtocolNegotiators.java:306)
	at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:606)
	... 19 common frames omitted

Ideally, BOMs only export the versions of the modules the project implements. The dependencies used by the project should go in another pom, e.g., https://github.com/GoogleCloudPlatform/google-cloud-java/blob/master/pom.xml

Can we remove the versions of the dependencies of google-cloud-java from the BOM?

Issue Analytics

State:
Created 6 years ago
Comments:7 (5 by maintainers)

Top GitHub Comments

1reaction

garrettjonesgooglecommented, Jan 17, 2018

One of the biggest benefits people get from the google cloud BOM is gettings the correct tcnative dependency. If it conflicts with what you’re using, then it probably conflicts with google-cloud-java at large (well, through grpc).

Now you say that BOMs should only export the versions of the modules the project implements, but doesn’t spring-cloud-gcp export a bunch of dependencies not in spring-cloud-gcp?

0reactions

garrettjonesgooglecommented, Mar 7, 2018

We have moved the dependencies not managed by our project to the parent pom, so closing this out now.

Top Results From Across the Web

Sharing dependency versions between projects

A version catalog is a list of dependencies, represented as dependency coordinates, that a user can pick from when declaring dependencies in a...

Overriding Dependency Versions with Spring Boot

This article explains some of the dependency management tricks that can be used to create libraries and apps that depend on newer versions...

Bad resolution for BOM-style dependencies · Issue #97 - GitHub

I'm almost sure that the plugin stopped reporting newer versions of this dependency when I switched to the BOM style.

Is there anyway to exclude artifacts inherited from a parent ...

Another thing to test would be to declare the mail artifact with the version required by ALL-DEPS under the dependencyManagement in the parent ......

Gradle Goodness: Use bill of materials (BOM) As Dependency ...

We use the dependency handler method platform to define the BOM we want to import. The versions in the BOM are recommendations. We...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

Don't set versions of external dependencies in BOM

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

[Firestore] Permission denials different when using `GOOGLE_APPLICATION_CREDENTIALS` versus setCredentials

java.lang.ClassNotFoundException: org/eclipse/jetty/alpn/ALPN