Hi, AFAIK bom import never worked when there was overlapping dependencies (never worked = it can work but it was not defined and behavior was not guaranteed nor intended by design). What works better from my experience is to not use the import scope and rather just the type=pom with a proper scope, there you have includes/excludes and standard dependencies mechanism.
Romain Manni-Bucau @rmannibucau <https://x.com/rmannibucau> | .NET Blog <https://dotnetbirdie.github.io/> | Blog <https://rmannibucau.github.io/> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book <https://www.packtpub.com/en-us/product/java-ee-8-high-performance-9781788473064> Le mar. 18 mars 2025 à 06:55, Delany <delany.middle...@gmail.com> a écrit : > My gut says the last occurrence should set the value, not the first. > At least that's how dependency versions are managed in the POM inheritance. > Other configuration systems like ini files override with subsequent values. > Is it too late to change? > Delany > > On Mon, 17 Mar 2025 at 21:43, Karl Heinz Marbaise > <khmarba...@gmx.de.invalid> > wrote: > > > Hi to all, > > > > currently I'm trying to build a simple spring boot application which > > uses a BOM for spring-boot-dependencies.. > > > > <dependency> > > <groupId>org.springframework.boot</groupId> > > <artifactId>spring-boot-dependencies</artifactId> > > <version>3.3.3</version> > > <scope>import</scope> > > <type>pom</type> > > </dependency> > > > > So based on the releases of JUnit Jupiter, Mockito etc. > > I define the BOM's of JUnit Jupiter and Mockito (and others; only > > excerpts shown here) before the spring boot dependencies like this, > > because I want to use newer versions, than spring-boot-dependencies > > defines. > > > > > > <dependencyManagement> > > <dependencies> > > <dependency> > > <groupId>org.junit</groupId> > > <artifactId>junit-bom</artifactId> > > <version>5.12.1</version> > > <type>pom</type> > > <scope>import</scope> > > </dependency> > > <dependency> > > <groupId>org.mockito</groupId> > > <artifactId>mockito-bom</artifactId> > > <version>5.16.1</version> > > <scope>import</scope> > > <type>pom</type> > > </dependency> > > .. > > <dependency> > > <groupId>org.springframework.boot</groupId> > > <artifactId>spring-boot-dependencies</artifactId> > > <version>${spring.boot.version}</version> > > <scope>import</scope> > > <type>pom</type> > > </dependency> > > .. > > </dependencies> > > </dependencyManagement> > > > > > > If I build the project Maven 4.0.0-rc3 I got a bunch of warnings like > this: > > mvn clean -e > > [INFO] Error stacktraces are turned on. > > [INFO] > > ..... > > [INFO] Scanning for projects... > > [WARNING] > > [WARNING] 26 problems were encountered while building the effective > > model for 'com.soebes.spring.example:employee:jar:0.0.1-SNAPSHOT' (use > > -e to see details) > > [WARNING] Ignored POM import for: > > org.assertj:assertj-core:jar:3.25.3@compile as already imported > > org.assertj:assertj-core:jar:3.27.3@compile. Add the conflicting managed > > dependency directly to the dependencyManagement section of the POM. > > [WARNING] Ignored POM import for: > > org.assertj:assertj-guava:jar:3.25.3@compile as already imported > > org.assertj:assertj-guava:jar:3.27.3@compile. Add the conflicting > > managed dependency directly to the dependencyManagement section of the > POM. > > [WARNING] Ignored POM import for: > > org.junit.jupiter:junit-jupiter:jar:5.10.3@compile as already imported > > org.junit.jupiter:junit-jupiter:jar:5.12.1@compile. Add the conflicting > > managed dependency directly to the dependencyManagement section of the > > POM.... > > > > In Maven 3.9.9 I can build that project without any warning, because the > > junit-bom is defined before the spring-boot-dependencies (which has > > junit-bom on it's own in an older version), but overwrites the defined > > in the spring-boot-dependencies with the newer versions, which is > > exactly what I want.. > > > > Back to Maven 4: > > So does that mean I have to add all the deps which are coming from the > > junit-bom (also for the deps from assertj-bom, mockito-bom etc.) > > manually into my dependencyManagement, as suggested? > > > > That will wipe away any advantage that using BOMs gives me. > > > > Is there a better solution which I'm not yet aware of? > > > > Kind regards > > Karl Heinz Marbaise > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > > For additional commands, e-mail: dev-h...@maven.apache.org > > > > >
