Description
Disclaimer: I am not sure wether this issues belongs to Gradle or Spring Boot.
Two different issues, but in both cases Springs dependency excludes are ignored.
Case 1
Given the following Gradle build script:
plugins {
`java-library`
}
repositories {
jcenter()
maven { url = uri("https://repo.spring.io/libs-milestone") }
}
dependencies {
api(platform("org.springframework.boot:spring-boot-dependencies:2.3.0.RC1"))
api("org.springframework.boot:spring-boot-starter-quartz")
}
With Gradle 5.2.1 you will end with following quartz dependencies on the classpath:
\--- org.springframework.boot:spring-boot-starter-quartz -> 2.3.0.RC1
\--- org.quartz-scheduler:quartz:2.3.2
+--- com.mchange:mchange-commons-java:0.2.15
\--- org.slf4j:slf4j-api:1.7.7 -> 1.7.30
With Gradle 6.4 you will end with following quartz dependencies on the classpath:
\--- org.springframework.boot:spring-boot-starter-quartz -> 2.3.0.RC1
\--- org.quartz-scheduler:quartz -> 2.3.2
+--- com.mchange:c3p0:0.9.5.4
| \--- com.mchange:mchange-commons-java:0.2.15
+--- com.mchange:mchange-commons-java:0.2.15
+--- com.zaxxer:HikariCP-java7:2.4.13
| \--- org.slf4j:slf4j-api:1.7.21 -> 1.7.30
\--- org.slf4j:slf4j-api:1.7.7 -> 1.7.30
I assume that this change of behavior occurs because Gradle 6.4 uses Gradle Module Metadata and Gradle 5 uses Maven BOMs.
Case 2
Given the following dependency declaration:
dependencies {
api(platform("org.springframework.boot:spring-boot-dependencies:2.3.0.RC1"))
api("org.springframework.boot:spring-boot-starter-data-jpa")
}
The following transitive hibernate-core dependencies will be added to the classpath.
Interestingly, exclusions work for spring-boot-starter-data-jpa but not for spring-boot-starter-quartz.
\--- org.springframework.boot:spring-boot-starter-data-jpa -> 2.3.0.RC1
+--- org.hibernate:hibernate-core -> 5.4.14.Final
| +--- org.jboss.logging:jboss-logging:3.3.2.Final -> 3.4.1.Final
| +--- org.javassist:javassist:3.24.0-GA
| +--- net.bytebuddy:byte-buddy:1.10.7 -> 1.10.10
| +--- antlr:antlr:2.7.7
| +--- org.jboss:jandex:2.1.1.Final
| +--- com.fasterxml:classmate:1.5.1
| +--- org.dom4j:dom4j:2.1.1
| +--- org.hibernate.common:hibernate-commons-annotations:5.1.0.Final
| | \--- org.jboss.logging:jboss-logging:3.3.2.Final -> 3.4.1.Final
| \--- org.glassfish.jaxb:jaxb-runtime:2.3.1 -> 2.3.3
| +--- jakarta.xml.bind:jakarta.xml.bind-api:2.3.3
| +--- org.glassfish.jaxb:txw2:2.3.3
| +--- com.sun.istack:istack-commons-runtime:3.0.11
| \--- com.sun.activation:jakarta.activation:1.2.2
If I add hibernate-jcache, which also depends on hibernate-core, the result is that the dependency excludes defined via Spring Boot are "ignored".
dependencies {
api(platform("org.springframework.boot:spring-boot-dependencies:2.3.0.RC1"))
api("org.springframework.boot:spring-boot-starter-data-jpa")
api("org.hibernate:hibernate-jcache")
}
The following transitive hibernate libraries will also be added tom the classpath, as long as I don't exclude them manually.
+--- org.springframework.boot:spring-boot-starter-data-jpa -> 2.3.0.RC1
| +--- org.hibernate:hibernate-core -> 5.4.14.Final
| | +--- javax.persistence:javax.persistence-api:2.2
| | +--- org.jboss.spec.javax.transaction:jboss-transaction-api_1.2_spec:1.1.1.Final
| | +--- javax.activation:javax.activation-api:1.2.0
| | +--- javax.xml.bind:jaxb-api:2.3.1
| | | \--- javax.activation:javax.activation-api:1.2.0