Skip to content

Dependency exclusions declared in spring-boot-dependencies have no effect when using Gradle 6 #21350

Closed
@dawi

Description

@dawi

Disclaimer: I am not sure wether this issues belongs to Gradle or Spring Boot.

Two different issues, but in both cases Springs dependency excludes are ignored.

Case 1

Given the following Gradle build script:

plugins {
    `java-library`
}

repositories {
    jcenter()
    maven { url = uri("https://repo.spring.io/libs-milestone") }
}

dependencies {
    api(platform("org.springframework.boot:spring-boot-dependencies:2.3.0.RC1"))
    api("org.springframework.boot:spring-boot-starter-quartz")
}

With Gradle 5.2.1 you will end with following quartz dependencies on the classpath:

\--- org.springframework.boot:spring-boot-starter-quartz -> 2.3.0.RC1
     \--- org.quartz-scheduler:quartz:2.3.2
          +--- com.mchange:mchange-commons-java:0.2.15
          \--- org.slf4j:slf4j-api:1.7.7 -> 1.7.30

With Gradle 6.4 you will end with following quartz dependencies on the classpath:

\--- org.springframework.boot:spring-boot-starter-quartz -> 2.3.0.RC1
     \--- org.quartz-scheduler:quartz -> 2.3.2
          +--- com.mchange:c3p0:0.9.5.4
          |    \--- com.mchange:mchange-commons-java:0.2.15
          +--- com.mchange:mchange-commons-java:0.2.15
          +--- com.zaxxer:HikariCP-java7:2.4.13
          |    \--- org.slf4j:slf4j-api:1.7.21 -> 1.7.30
          \--- org.slf4j:slf4j-api:1.7.7 -> 1.7.30

I assume that this change of behavior occurs because Gradle 6.4 uses Gradle Module Metadata and Gradle 5 uses Maven BOMs.

Case 2

Given the following dependency declaration:

dependencies {
    api(platform("org.springframework.boot:spring-boot-dependencies:2.3.0.RC1"))
    api("org.springframework.boot:spring-boot-starter-data-jpa")
}

The following transitive hibernate-core dependencies will be added to the classpath.
Interestingly, exclusions work for spring-boot-starter-data-jpa but not for spring-boot-starter-quartz.

\--- org.springframework.boot:spring-boot-starter-data-jpa -> 2.3.0.RC1
     +--- org.hibernate:hibernate-core -> 5.4.14.Final
     |    +--- org.jboss.logging:jboss-logging:3.3.2.Final -> 3.4.1.Final
     |    +--- org.javassist:javassist:3.24.0-GA
     |    +--- net.bytebuddy:byte-buddy:1.10.7 -> 1.10.10
     |    +--- antlr:antlr:2.7.7
     |    +--- org.jboss:jandex:2.1.1.Final
     |    +--- com.fasterxml:classmate:1.5.1
     |    +--- org.dom4j:dom4j:2.1.1
     |    +--- org.hibernate.common:hibernate-commons-annotations:5.1.0.Final
     |    |    \--- org.jboss.logging:jboss-logging:3.3.2.Final -> 3.4.1.Final
     |    \--- org.glassfish.jaxb:jaxb-runtime:2.3.1 -> 2.3.3
     |         +--- jakarta.xml.bind:jakarta.xml.bind-api:2.3.3
     |         +--- org.glassfish.jaxb:txw2:2.3.3
     |         +--- com.sun.istack:istack-commons-runtime:3.0.11
     |         \--- com.sun.activation:jakarta.activation:1.2.2

If I add hibernate-jcache, which also depends on hibernate-core, the result is that the dependency excludes defined via Spring Boot are "ignored".

dependencies {
    api(platform("org.springframework.boot:spring-boot-dependencies:2.3.0.RC1"))
    api("org.springframework.boot:spring-boot-starter-data-jpa")
    api("org.hibernate:hibernate-jcache")
}

The following transitive hibernate libraries will also be added tom the classpath, as long as I don't exclude them manually.

+--- org.springframework.boot:spring-boot-starter-data-jpa -> 2.3.0.RC1
|    +--- org.hibernate:hibernate-core -> 5.4.14.Final
|    |    +--- javax.persistence:javax.persistence-api:2.2
|    |    +--- org.jboss.spec.javax.transaction:jboss-transaction-api_1.2_spec:1.1.1.Final
|    |    +--- javax.activation:javax.activation-api:1.2.0
|    |    +--- javax.xml.bind:jaxb-api:2.3.1
|    |    |    \--- javax.activation:javax.activation-api:1.2.0

Metadata

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions