search

spring-cloud / spring-cloud-kubernetes

Kubernetes integration with Spring Cloud Discovery Client, Configuration, etc...
Apache License 2.0
3.46k stars 1.03k forks source link

Dependency convergence fails for spring-cloud-starter-kubernetes-client-config ver 3.1.1 #1623

Closed matsev closed 5 months ago

matsev commented 5 months ago

Describe the bug Dependency convergence fails for spring-cloud-starter-kubernetes-client-config version 3.1.1 for dependencies org.bouncycastle:bcprov-jdk18on and commons-io:commons-io.

Sample Use the following pom file:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.2.4</version>
        <relativePath/>
        <!-- lookup parent from repository -->
    </parent>

    <groupId>com.example.k8s</groupId>
    <artifactId>dependency-convergence</artifactId>
    <version>0.0.1-SNAPSHOT</version>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>2023.0.1</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-kubernetes-client-config</artifactId>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-enforcer-plugin</artifactId>
                <executions>
                    <execution>
                        <id>enforce</id>
                        <goals>
                            <goal>enforce</goal>
                        </goals>
                        <phase>validate</phase>
                        <configuration>
                            <rules>
                                <dependencyConvergence/>
                            </rules>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</project>

Execute mvn validate

Expected result

All dependencies should converge to the same version.

Actual result

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.4.1:enforce (enforce) on project dependency-convergence: 
[ERROR] Rule 0: org.apache.maven.enforcer.rules.dependency.DependencyConvergence failed with message:
[ERROR] Failed while enforcing releasability.
[ERROR] 
[ERROR] Dependency convergence error for org.bouncycastle:bcprov-jdk18on:jar:1.76 paths to dependency are:
[ERROR] +-com.example.k8s:dependency-convergence:jar:0.0.1-SNAPSHOT
[ERROR]   +-org.springframework.cloud:spring-cloud-starter-kubernetes-client-config:jar:3.1.1:compile
[ERROR]     +-org.springframework.cloud:spring-cloud-kubernetes-client-config:jar:3.1.1:compile
[ERROR]       +-io.kubernetes:client-java:jar:19.0.1:compile
[ERROR]         +-org.bouncycastle:bcpkix-jdk18on:jar:1.76:compile
[ERROR]           +-org.bouncycastle:bcprov-jdk18on:jar:1.76:compile
[ERROR] and
[ERROR] +-com.example.k8s:dependency-convergence:jar:0.0.1-SNAPSHOT
[ERROR]   +-org.springframework.cloud:spring-cloud-starter-kubernetes-client-config:jar:3.1.1:compile
[ERROR]     +-org.springframework.cloud:spring-cloud-kubernetes-client-config:jar:3.1.1:compile
[ERROR]       +-io.kubernetes:client-java:jar:19.0.1:compile
[ERROR]         +-org.bouncycastle:bcpkix-jdk18on:jar:1.76:compile
[ERROR]           +-org.bouncycastle:bcutil-jdk18on:jar:1.76:compile
[ERROR]             +-org.bouncycastle:bcprov-jdk18on:jar:1.76:compile
[ERROR] and
[ERROR] +-com.example.k8s:dependency-convergence:jar:0.0.1-SNAPSHOT
[ERROR]   +-org.springframework.cloud:spring-cloud-starter-kubernetes-client-config:jar:3.1.1:compile
[ERROR]     +-org.springframework.cloud:spring-cloud-kubernetes-client-config:jar:3.1.1:compile
[ERROR]       +-org.springframework.cloud:spring-cloud-starter:jar:4.1.2:compile
[ERROR]         +-org.springframework.security:spring-security-rsa:jar:1.1.2:compile
[ERROR]           +-org.bouncycastle:bcprov-jdk18on:jar:1.77:compile
[ERROR] 
[ERROR] 
[ERROR] Dependency convergence error for commons-io:commons-io:jar:2.15.1 paths to dependency are:
[ERROR] +-com.example.k8s:dependency-convergence:jar:0.0.1-SNAPSHOT
[ERROR]   +-org.springframework.cloud:spring-cloud-starter-kubernetes-client-config:jar:3.1.1:compile
[ERROR]     +-org.springframework.cloud:spring-cloud-kubernetes-client-config:jar:3.1.1:compile
[ERROR]       +-io.kubernetes:client-java:jar:19.0.1:compile
[ERROR]         +-org.apache.commons:commons-compress:jar:1.26.1:compile
[ERROR]           +-commons-io:commons-io:jar:2.15.1:compile
[ERROR] and
[ERROR] +-com.example.k8s:dependency-convergence:jar:0.0.1-SNAPSHOT
[ERROR]   +-org.springframework.cloud:spring-cloud-starter-kubernetes-client-config:jar:3.1.1:compile
[ERROR]     +-org.springframework.cloud:spring-cloud-kubernetes-client-config:jar:3.1.1:compile
[ERROR]       +-io.kubernetes:client-java:jar:19.0.1:compile
[ERROR]         +-commons-io:commons-io:jar:2.14.0:compile
ryanjbaxter commented 5 months ago

Is this causing an issue at runtime for you?

matsev commented 5 months ago

I don't know yet, our build failed immediately when we added the spring-cloud-starter-kubernetes-client-config dependency. We can probably work around the build problem by adding an exception to our build config, but given the high number of dependencies included by the spring-boot-starter-parent and the spring-cloud-dependencies it may be be hard to maintain since we do not control what transitive dependencies are pulled in. I am not suggesting it will be easier to address the problem here, but by pushing the problem upstreams all projects that include the library will benefit from the solution in the long run.

ryanjbaxter commented 5 months ago

Yeah I understand. We kind of have the similar issue though, lots of these dependencies are transitive and we don't have much control over them from our perspective. Trying to make sure we are trying to match dependency versions of downstream projects is going to be a never ending struggle.

spring-cloud-issues commented 5 months ago

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

spring-cloud-issues commented 5 months ago

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.