spring-boot-configuration-metadata leaks enforced dependency constraints into consuming builds #27726
Description
A minimal reproducible build.gradle:
apply plugin: 'java'
dependencies {
testImplementation platform('org.springframework.boot:spring-boot-dependencies:2.5.3')
constraints {
testImplementation 'org.mockito:mockito-core:3.11.2'
}
testImplementation 'org.springframework.boot:spring-boot-properties-migrator'
testImplementation 'org.mockito:mockito-core'
}The expected Mockito version in testImplementation configuration is 3.11.2, but I get 3.9.0. However, I can get 3.11.2 version by removing org.springframework.boot:spring-boot-properties-migrator dependency.
The bug can be fixed by changing this line:
... to this one:
api(platform(project(path: ":spring-boot-project:spring-boot-dependencies")))
Let me explain why I think it makes sense to change the current behavior.
-
spring-boot-properties-migratormodule depends onspring-boot-configuration-metadata: -
spring-boot-configuration-metadatamodule depends onspring-boot-parentplatform: -
spring-boot-parentplatform depends onspring-boot-dependenciesenforced platform: -
Enforcing
spring-boot-dependenciesplatform makes Gradle prioritize its versions over versions defined independencies.constraints { ... }, even if the version in constraints is greater than the version inspring-boot-dependencies.
By making spring-boot-configuration-metadata depend on spring-boot-dependencies instead of spring-boot-parent we'll make Spring versions not enforced, and this will allow changing dependency versions in constraints.