Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

spotbugs-annotations artifact depends on and exports junit-bom #2255

Closed
davidburstrom opened this issue Nov 14, 2022 · 1 comment · Fixed by #2256
Closed

spotbugs-annotations artifact depends on and exports junit-bom #2255

davidburstrom opened this issue Nov 14, 2022 · 1 comment · Fixed by #2256
Milestone
SpotBugs 4.8.0

Comments

@davidburstrom
Copy link
Contributor

When a project depends on com.github.spotbugs:spotbugs-annotations, it will add the latest JUnit Jupiter BOM to the project classpath. This causes issues for consumers, as adding or bumping spotbugs-annotations will lead to a bump of JUnit, as the BOM ends up in the POM and Gradle module files.

This happens because the BOM is configured to be an implementation dependency (

spotbugs/build.gradle

Line 40 in a9ae3aa

implementation platform('org.junit:junit-bom:5.9.1')
). It would likely be better to add the BOM exclusively to the testImplementation configurations for all projects, as it really shouldn't be leaked to any production code consumers.
davidburstrom added a commit to davidburstrom/spotbugs that referenced this issue Nov 14, 2022
@davidburstrom
Stop exposing junit-bom to consumers (spotbugs#2255)
244bb88
davidburstrom added a commit to davidburstrom/spotbugs that referenced this issue Nov 14, 2022
@davidburstrom
Stop exposing junit-bom to consumers (spotbugs#2255)
a7a4bbd
davidburstrom added a commit to davidburstrom/spotbugs that referenced this issue Nov 14, 2022
@davidburstrom
Stop exposing junit-bom to consumers (spotbugs#2255)
0af800f
@davidburstrom davidburstrom mentioned this issue Nov 14, 2022
Merged
1 task
@davidburstrom
Copy link
Contributor Author

Here's more information on the consequences of exporting a platform to downstream consumers: https://docs.gradle.org/current/userguide/platforms.html#sub:platforms-vs-catalog

hazendaz pushed a commit that referenced this issue Jan 5, 2023
@davidburstrom
Stop exposing junit-bom to consumers (#2255) (#2256)
d99f069
@hazendaz hazendaz added this to the SpotBugs 4.8.0 milestone Dec 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
SpotBugs 4.8.0
Development

Successfully merging a pull request may close this issue.

Stop exposing junit-bom to consumers (#2255) davidburstrom/spotbugs
2 participants
@hazendaz @davidburstrom