Overriding versions from BOMs is really tricky?

[iamdanfox]

What happened?

Using a BOM to provide the majority of versions, but there's one version number that I don't want. (In this case, I want to avoid com.squareup.retrofit2:retrofit:2.5.0).

dependencies {
  rootConfiguration platform('com.palantir.foo:my-bom')
}

Things that didn't work:

rootConfiguration 'com.squareup.retrofit2:retrofit', {
    version { reject '2.5.0' }
    because 'Retrofit 2.5.0 breaks path parameters' // https://github.com/palantir/conjure-java-runtime/issues/930
}

Also this didn't work:

dependencies {
  rootConfiguration platform('com.palantir.foo:my-bom'), {
    exclude module: 'retrofit'
  }
}

What did you want to happen?

Some non-gross way to tell Gradle that I want 99% of that BOM but want to ignore one of it's versions.

I ended up using this gross hack:

configurations.all {
    resolutionStrategy.dependencySubstitution {
        it.substitute(it.module("com.squareup.retrofit2:retrofit"))
            .because("Path parameters are broken in retrofit 2.5.0")
            .with(it.module("com.squareup.retrofit2:retrofit:2.4.0"))
    }
}

[tpetracca]

would this not have worked?

dependencies {
    constraints {
        rootConfiguration('com.squareup.retrofit2:retrofit:2.4.0') { force = true }
    }
}

[iamdanfox]

@tpetracca this has the unfortunate side-effect of adding that retrofit dependency into every single configuration in your repo.

This then causes gradle-conjure to trip over with:

Could not determine the dependencies of task ':my-project:extractConjureJava'.
> Expected exactly one dependency for executable 'conjure-java', found [....., lots of jars, ...]