-
Notifications
You must be signed in to change notification settings - Fork 582
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add common-security-config modules to dependency management #5485
Comments
You can see the published pom is using project.version - not an actual resolved version number https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-dataflow-server-core/2.11.0/spring-cloud-dataflow-server-core-2.11.0.pom |
More specifically this is an issue when another project uses SCDF parent module as their parent. Given the following simple app pom.xml: <?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dataflow-parent</artifactId>
<version>2.11.0</version>
<relativePath/>
</parent>
<groupId>com.example</groupId>
<artifactId>demo1</artifactId>
<version>0.0.1-SNAPSHOT</version>
<properties>
<java.version>17</java.version>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dataflow-dependencies</artifactId>
<version>2.11.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>2.7.16</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-dataflow-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project> Will fail w/
as <dataflow.version>${project.version}</dataflow.version>
<spring-cloud-dataflow-common.version>${project.version}</spring-cloud-dataflow-common.version>
<spring-cloud-skipper.version>${project.version}</spring-cloud-skipper.version> If I define the following in my demo app above: <dataflow.version>2.11.0</dataflow.version>
<spring-cloud-dataflow-common.version>2.11.0</spring-cloud-dataflow-common.version>
<spring-cloud-skipper.version>2.11.0</spring-cloud-skipper.version> then I get to the original symptom reported in this issue:
|
We are currently missing the following modules in the Dataflow dependency management (
/spring-cloud-dataflow/spring-cloud-dataflow-dependencies/pom.xml
)Additionally, we are also using
project.version
as the dependency version in other modules in Dataflow, such as/spring-cloud-dataflow/spring-cloud-dataflow-server-core/pom.xml
:In normal conditions this is not a problem, the Dataflow project.version is used and all is well. However, if an application extends Dataflow and pulls the above module into its build, the project version of the consuming project will be used.
Example: SCDF Pro has a reference to
This ends up pulling in the
common-security-config-web
and uses a version of1.6.0-SNAPSHOT
(which is the Pro project.version) which just so happens that thecommon-security-config-web
has an old version number of 1.6.x and so it uses the very old 1.6.x dependencies.Re-evaluate usage of project.version
We should also re-evaluate our usage of project.version as our version identifier. Where else could this be an issue for us?
The text was updated successfully, but these errors were encountered: