I like to use the maven-enforcer-plugin to ensure reliable builds.
In particular, <requireUpperBoundDeps/> it good practice because it "requires that the version for each dependency resolved during a build, is equal to or higher than all transitive dependency declarations" (see description).
But this check fails due to several inconsistencies in Vaadin's dependencies.
For example:
vaadin-spring-boot-starter:24.1.10 requires spring-boot-starter-web:3.1.2vaadin-spring-boot-starter:24.1.10 requires vaadin-spring:24.1.12vaadin-spring:24.1.12 requires spring-boot-starter-web:3.1.3
Note that there is a conflict created for spring-boot-starter-web - which is it? 3.1.2 or 3.1.3?
So Vaadin is in effect creating a small mess of indeterminacy in everyone's Maven projects.
This failure is ironic because part of the promise of Spring Boot is that it provides a wholly consistent set of dependencies for commonly used dependencies.
This problem should be easy to fix: simply include the Maven enforcer with <requireUpperBoundDeps/> in all Vaadin projects.
Or even better, include <dependencyConvergence/> which simply "requires that dependency version numbers converge".
Then Vaadin projects won't build with inconsistent dependencies.
I like to use the
maven-enforcer-pluginto ensure reliable builds.In particular,
<requireUpperBoundDeps/>it good practice because it "requires that the version for each dependency resolved during a build, is equal to or higher than all transitive dependency declarations" (see description).But this check fails due to several inconsistencies in Vaadin's dependencies.
For example:
vaadin-spring-boot-starter:24.1.10requiresspring-boot-starter-web:3.1.2vaadin-spring-boot-starter:24.1.10requiresvaadin-spring:24.1.12vaadin-spring:24.1.12requiresspring-boot-starter-web:3.1.3Note that there is a conflict created for
spring-boot-starter-web- which is it?3.1.2or3.1.3?So Vaadin is in effect creating a small mess of indeterminacy in everyone's Maven projects.
This failure is ironic because part of the promise of Spring Boot is that it provides a wholly consistent set of dependencies for commonly used dependencies.
This problem should be easy to fix: simply include the Maven enforcer with
<requireUpperBoundDeps/>in all Vaadin projects.Or even better, include
<dependencyConvergence/>which simply "requires that dependency version numbers converge".Then Vaadin projects won't build with inconsistent dependencies.