Closed akvone closed 1 year ago
We use gradle dependencies --configuration=runtimeClasspath
to see the classpath
I am surprised that JUnit appearing in Jackson's bom (which should only affect its version if it already appears in the dependency graph) prevented its exclusion. It would appear that the appearance of the dependency constraints in the resolution result is confusing the algorithm that determines the dependencies that should be excluded. I think it probably needs to be updated to ignore dependencies where the selected variant's org.gradle.category
attribute has a value of platform
.
In the meantime, your workaround is a good temporary solution.
Got it, thank you.
We have a project with
spring-boot-dependencies:2.4
and excluded transitive dependency (junit
):When we tried to bump a version to
spring-boot-dependencies:2.5
thejunit
appeared again. It turned out thatspring-boot-dependencies:2.5
brings jackson dependencies with version 2.12 instead of 2.11 which in turn started to publish Gradle metadata which brings Jackson platform (jackson-bom
). The platform controlsjunit
and this disables our exclusion.The same behavior appears if we just use jackson dependency with version 2.12 or if we use
jackson-bom
platform.After reading the Gradle documentation and some existing issues we found a solution: we also exclude
junit
from the platform:The question is: Do we use the correct way to handle such logic? And could the documentation contain a warning about this case?