My project contains a lot libraries and I want update following:
spring from 5.0.10.RELASE to 5.3.18 or higher
spring-content
spring-core
spring-beans
spring-aop
spring-context-support
spring-orm
spring-jdb
spring-web
spring-webmvc
spring-tx
spring-data-jpa from to 2.3.2 or higher
spring-data-commons from to 2.3.2 or higher
But when I changed version my project durring start has a many errors.
How can I check that these verions libraires are compatible with other (hibernate, log4j etc..)
remove all version tags of spring in your pom and create a dependency management as following:
<dependencyManagement>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring</artifactId>
<version>5.2.9.RELEASE</version>
<type>pom</type>
</dependency>
</dependencyManagement>
Related
We are currently using spring boot 2.7.4 and we want to use a built in dependency of 2.7.5. I added it to the properties in the pom, but its being ignored. I have done this successfully with other dependencies.
jackson-databind 2.13.4 is a builtin dependency of spring boot 2.7.4
jackson-databind 2.13.4.2 is a dependency of spring boot 2.7.5
<jackson-databind.version>2.13.4.2</jackson-databind.version>
That does not seem to work.
Will spring just ignore an incompatible version automatically ?
Spring boot does not have jackson-databind.version variable. Full list can be seen here
But you can manually specify the required dependency version:
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.13.4.2</version>
<scope>compile</scope>
</dependency>
You need to use jackson-bom.version to override via the property.
From the spring-boot-dependencies POM, which is inherited by the spring-boot-starter-parent the following is defeined in 2.7.5,
<dependency>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
<version>${jackson-bom.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
and and the property is set to <jackson-bom.version>2.13.4.20221013</jackson-bom.version>
I am using below Red Hat Fuse BOM for my camel application to get the camel dependencies for my project. It returns camel dependencies version 2.23.x
<dependencyManagement>
<dependency>
<groupId>org.jboss.redhat-fuse</groupId>
<artifactId>fuse-springboot-bom</artifactId>
<version>7.7.0.fuse-sb2-770010-redhat-00001</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependencyManagement>
My Maven is set to get the dependency through JFrog, which blocks camel-spring-2.23.x version due to some vulnerability found in this version of jar as per our client security policy. My question is, Will it be correct to specify the camel-spring dependency in pom.xml as below to download 2.25.x version and let the other camel lib dependencies as 2.23.x ? Is it going to cause any issue in amy camel application due to different camel library versions?
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-spring</artifactId>
<version>2.25.2</version>
</dependency>
Which is the best way to determine the versions for my Spring modules and other libraries in a Spring Boot project?
Versions for Spring Modules
Versions for Third Party libraries
There are a lot of question when you search for "Compatible versions in Spring".
But all these questions are regarding specific libraries.
I would like to have general rules of how to determine compatible versions for my project.
You may checkout my post on this A comprehensive list of dependencies managed by latest Spring-Boot 2.3.2.RELEASE (as a custom parent)
That's is just a reference for how it should be, but you may discard the version in as they will be managed indirectly by spring itself.
Ok so, this is something almost every spring developer stumble upon. Let me try to explain this how was I able to resolve all the managed and third party libraries.
Let's suppose you want to build spring-boot microservices with a centralized configuration server.
So we can take it as following modules:
A company project starter: acts as a parent, managing the dependency
A config-server
A config-client
and let's suppose you chose spring-boot 2.3.2 version, which I used and find more stable. You would expect all the managed ones are using this spring-boot 2.3.2 version directly or indirectly.
I would highly recommend using https://mvnrepository.com
artifact: my_company-boot-starter-parent
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.2.RELEASE</version>
</parent>
<groupId>com.my_company</groupId>
<artifactId>my_company-boot-starter-parent</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>pom</packaging>
<name>my_company starter-parent</name>
<dependencyManagement>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- ... -->
<!-- ... -->
<!-- other dependencies -->
<!-- ... -->
<!-- ... -->
</dependencyManagement>
If you got to Spring Boot Starter Parent ยป 2.3.2.RELEASE, under Managed Dependencies you can see the comprehensive list of all the dependencies with default version that would be referenced implicitly with boot version 2.3.2, see column Version.
The Updates column indicate that these managed dependencies are having their newest updates as this, but you are not required to override the dependency version of managed ones. If you intent to use more recent version, you have to chose more recent version of spring-boot-starter-parent. So let the spring download all the managed one itself.
With spring-boot-starter-parent 2.3.2 , they do not mention which spring-cloud-dependencies verion you should use, and this is where we get stuck and we need to figure it out.
Let us got to spring-cloud-dependencies . Hee you can see numerous version but which one to chose, it's like verifying which latest version uses spring-boot 2.3.2 indirectly.
You need to follow the managed dependency and go along with it until you find your parent version.
For example If you go for :
Hoxton.SR6
Spring Cloud Dependencies(Hoxton.SR6) -> Spring Cloud Config Dependencies( 2.2.3.RELEASE) -> Spring Cloud Starter Config(2.2.3.RELEASE) -> Spring Cloud Starter(2.2.3.RELEASE) -> Spring Boot Starter(2.3.0.RELEASE)
Here you can see, we end up using Spring Boot Starter(2.3.0.RELEASE) which is not what we expected it to be.
Hoxton.SR7
Spring Cloud Dependencies(Hoxton.SR7) -> Spring Cloud Config Dependencies(2.2.4.RELEASE) -> Spring Cloud Starter Config(2.2.4.RELEASE) -> Spring Cloud Starter(2.2.4.RELEASE) -> Spring Boot Starter(2.3.2.RELEASE)
Here we end up using same boot version 2.3.2. So in your parent pom.xml, you can set the spring cloud version as :
<properties>
<java.version>15</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<lombok.version>1.18.20</lombok.version>
<spring-cloud.version>Hoxton.SR7</spring-cloud.version>
</properties>
And in child poms (jars), you can just use the dependencies justby mentioning the group and artifact, skipping the version.
sample:
<parent>
<groupId>com.my_company</groupId>
<artifactId>my_company-boot-starter-parent</artifactId>
<version>1.0-SNAPSHOT</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
<dependency>
<groupId>com.google.googlejavaformat</groupId>
<artifactId>google-java-format</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
</dependency>
</dependencies>
See, we have not provided the any version here, so spring-cloud-config-server version would be auto managed and it would be 2.2.4.RELEASE which again uses spring-boot-starter-web and spring-boot-starter both of 2.3.2 version.
Third party libraries
This is somewhat based on language version. You might want to use the latest third-party libs which is most recent till your language version supports it.
Like lombok: 1.18.20
Hope this might have helped you and others and provides an approach towards version compatibility.
Tips: Never forget to check the Managed Dependency Coordinates in Aappendix of all the spring boot release page as they keep their managed dependencies & version there. Like this one Appendix F: Dependency versions
1. Use Spring Initializr
Select all Spring modules you need in spring initializr and generate your code: https://start.spring.io/
You do not need to use the full generated code. But you should copy the library versions out of the generated pom.xml.
2. Watch out for dependency pom.xml
If available, import dependency pom.xml in your dependencyManagement.
Use the versions provided by these dependency poms.
E.g.
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
Spring Dependency Version Documentation
You can also check the Spring Dependency Version Documentation. But I prefer the initilizr, because it's easier to handle.
How to get the list of all dependencies with versiosn used in spring-context 4.3.6 Release ? I do see that for spring boot in spring.io page but not for spring-context
If you are using maven adding this will resolve all dependencies
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>4.3.6.RELEASE</version>
</dependency>
It has following dependencies:
org.springframework:spring-context:4.3.6.RELEASE
org.springframework:spring-aop:4.3.6.RELEASE
org.springframework:spring-beans:4.3.6.RELEASE
org.springframework:spring-core:4.3.6.RELEASE
commons-logging:commons-logging:1.2
org.springframework:spring-expression:4.3.6.RELEASE
It seems when I add the dependency for the spring-hateoas
<groupId>org.springframework.hateoas</groupId>
<artifactId>spring-hateoas</artifactId>
<version>0.13.0.RELEASE</version>
The Class below is no longer available on the classpath
org.springframework.web.bind.annotation.RestController;
I have tried to exclude various dependencies for the spring-hateoas but the APP no longer runs.
Has anyone had any luck running spring-hateoas within spring boot.
Absolutely no problem whatsoever. The #RestController annotation is still available and you shouldn't need to do any exclusion.
In case it helps, I'm currently using version 1.0.2 of Spring Boot:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.0.2.RELEASE</version>
</parent>
spring-boot-starter-web provides the #RestController:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
I don't define an explicit version for spring-hateoas in my pom.xml, but my build is pulling in 0.9.0.RELEASE:
<dependency>
<groupId>org.springframework.hateoas</groupId>
<artifactId>spring-hateoas</artifactId>
</dependency>
As a side note, I can see from the Eclipse POM editor, that Spring HATEOAS is defining dependencies on Spring 3.2.7. However the spring-boot-starter-parent project manages the versions up to 4.0.3. Can you see what version of Spring you are getting? Have you perhaps not used the spring-boot-parent as a parent project?