I tried to migrate gradle project with spring boot from selenium 3 to selenium 4
(implementation 'org.seleniumhq.selenium:selenium-java:4.1.1')
But chrome, firefox and edge web drivers remains from selenium version 3
(org.seleniumhq.selenium:selenium-chrome-driver:3.141.59).
If I remove spring boot dependency from project, they updates to 4.1.1
Currently using gradle version "7.3.3".
Spring boot "2.6.3".
Spring dependency management "1.0.11.RELEASE".
Any ideas why this happens, I hoped that dependency hell dissapeared with spring boot creation)
Thanks in advance!
I have the same promble, I found in spring-boot-starter-parent, there is a spring-boot-dependencies in ~/.m2/repository/org/springframework/boot/spring-boot-dependencies/2.6.3/spring-boot-dependencies-2.6.3.pom, which declared <selenium.version>3.141.59</selenium.version> in properties, so you can try add
<properties>
<selenium.version>4.1.2</selenium.version>
</properties>
in your project pom.xml.
Spring Boot comes with a set of versions that are know to work together. But you can override them in your build script. In case of Gradle, add to build.gradle:
ext['selenium.version'] = '4.1.2'
It is because Spring Boot comes packed with a set of predefined dependecies that you can find here: https://docs.spring.io/spring-boot/docs/2.6.7/reference/htmlsingle/#appendix.dependency-versions
In this page, you will also find, how to change predefined version. In general, you need to add .version to your dependency name and, in case of multiple word names, you change spaces to dashes (not needed in case of selenium).
So, to change version to most recent, type in build.gradle ext['selenium.version'] = '4.4.0' at 0 indent level. (don't add it, say inside dependencies {})
Related
I am developing two projects.
Project 1 is a spring-boot application based on gradle for dependency management. This application defines extension-points. If - at runtime - an extension is found on the classpath, this extension is being called from the main application under certain circumstances.
Project 2 is such an extension. This extension should only provide low-level functionality. So basically, I need spring annotations and an EntityManager within the application but I would like to prevent the full spring-boot dependencies to be present on the compile-path.
The obvious (and not satisfactory) solution is to define a compileonly-dependency on a specific version of, say, spring-context. This is somewhat dangerous, as the spring-boot version may progress and it may be easy to forget to adjust the spring version.
Providing a compileOnly dependency to spring-boot-starter (or even the main project) is out of the question.
So, is there a clever trick to tell gralde to use "the spring-version coming with spring-boot-xxx"?
Sometimes you are within a forrest and not seeing the trees...
Thanks to the comment of #emrekgn I looked for BOM/Gradle/Spring and found... the spring boot dependency-management plugin.
Adding this to your gradle file will allow you to include dependencies matching to the spring boot version you are using:
plugins {
id 'org.springframework.boot' version '2.6.2'
}
apply plugin: 'io.spring.dependency-management'
Obviously, you have to match the boot-version to your needs.
I am using Gradle 5's BOM (Bill of Materials) feature. This is how I describe it for my JUnit 5 dependencies:
testImplementation(enforcedPlatform("org.junit:junit-bom:5.4.0")) // JUnit 5 BOM
testImplementation("org.junit.jupiter:junit-jupiter-api")
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
testImplementation("org.junit.jupiter:junit-jupiter-params")
My assumption is that providing the BOM will resolve the versions of the dependencies to 5.4.0. However, they get resolved to 5.1.1. I am not sure why. (I also request enforcedPlatform() to lock the specified version)
Inspecting JUnit 5's BOM we see that all org.junit.jupiter dependencies are listed with version 5.4.0 (resolving to 5.1.1 in the project) and all org.junit.platform dependencies are listed with version 1.4.0 which resolve correctly in the project.
I am not sure what I am missing and was hoping to get some help here. Thanks!
EDIT:
I used Sormuras response and moved all BOMs at the top of the dependencies {} block but was still not getting version 5.4.0. Then I suspected it might be coming from the Gradle Spring Dependency Management plugin that I use, so when I commented it out, I got version JUnit 5.4.0. How do I disable JUnit coming from the Gradle Spring Dependency Management plugin?
FINALLY:
I decided to use the Spring Boot Dependencies BOM directly and remove the Gradle plugin:
implementation(platform("org.springframework.boot:spring-boot-dependencies:2.0.5.RELEASE"))
I imagine the plugin was created for those version of Gradle before Gradle 5 where you couldn't use a BOM file. Now with the BOM support I can directly include it. This way my version of JUnit is as I have specified it in the enforcedPlatform() block.
I accepted Sam Brannen's answer below because he explains well how the issue occurs and what solves it and I think it's relevant for those who use older versions of Gradle.
How do I disable JUnit coming from the Gradle Spring Dependency Management plugin?
For starters, if you are using the dependency management plugin from Spring, you should not be importing the junit-bom since that results in duplicate (and potentially conflicting) management of those dependencies.
Aside from that, whenever you use the dependency management plugin from Spring and want to override a managed version, you have to do it by overriding the exact name of the version defined in the BOM used by the plugin.
This is documented in Spring Boot for Gradle and for Maven.
For Spring Boot the name of the JUnit Jupiter version is "junit-jupiter.version". You can find the names of all managed versions for Spring Boot 2.1.2 here.
So, in Gradle you would override it as follows.
ext['junit-jupiter.version'] = '5.4.0'.
You can see that I have done exactly that here.
With Maven you would override it as follows.
<properties>
<junit-jupiter.version>5.4.0</junit-jupiter.version>
</properties>
Further background information here: https://docs.spring.io/platform/docs/current/reference/html/getting-started-overriding-versions.html
JUnit 5.4.0 simplified its artifacts, and now delivered a single artifact for Jupiter - org.junit:junit-jupiter. I.e., you should simplify your Gradle file too:
testImplementation(enforcedPlatform("org.junit:junit-bom:5.4.0")) // JUnit 5 BOM
testImplementation("org.junit.jupiter:junit-jupiter")
Ensure to include JUnit's BOM before other BOMs that also refer to JUnit. First BOM wins and locks version of all later artifacts.
See this issue for a similar setup using Maven and Spring Boot: https://github.com/sormuras/junit-platform-maven-plugin/issues/29#issuecomment-456958188
I understand that Maven dependency mediation feature determines what version of a dependency will be used when multiple versions are encountered using the "nearest definition" mechanism (closest in the dependency tree). My question is if there is a way to make Maven alert/log it when it does this.
I found that when i was using spring boot & using the starter parent along with other dependencies one of my dependencies got resolved automatically but that caused things to fail at run time which took a while for me to figure out..so was wondering if there is a way to get alerted when Maven does this so i can take some action if needed (explicitly add a dependency, etc.)
Thanks
Muthu
im using spring boot in a recommended way, that is by adding
classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
and then adding dependencies i need, like:
compile('org.springframework.boot:spring-boot-starter-web')
That dependency pulls some predefined version of tomcat that will host my microservice.
but what happens when there is a security fix for tomcat released? does spring team track all the security issues in all the project they use and bump spring-boot version when new fix is released? or do i have to track it by myself and control dependencies (like tomcat) manually instead of using 'the spring-boot way'?
Whenever we release a new version of Spring Boot, we update the managed dependency versions to the latest appropriate release of that dependency. Appropriate means that we won't, for example, move to a new major or minor version of a dependency in a maintenance release of Spring Boot.
Generally speaking, a new version of a managed dependency (even if it contains a security fix) won't trigger the release of a new version of Spring Boot. It's impossible for us to know exactly how a dependency is being used and if the fix is relevant to all, some, or even any of Spring Boot's users.
This means that you do need to keep track of security vulnerabilities yourself. If a vulnerability affects you and Spring Boot has not yet updated its managed version then you can easily override that version in your build script. For example, if you are using Gradle:
ext['tomcat.version']='8.0.36'
Or Maven:
<properties>
<tomcat.version>8.0.36</tomcat.version>
</properties>
I understand the concept of Spring boot, but I am looking for the logic how it is implemented and where it is maintaining the configuration. When we add any Starter-pom immediately it is giving the dependency and the configuration needed for it. How it automated that feature and where is that automating code in the spring boot?
Thanks in advance
The configuration classes for Spring Boot are in the module spring-boot-autoconfigure. A starter POM has a dependency on that (through the general spring-boot-starter module) and the required 3rd party libraries, and then the autoconfiguration for that library is activated.
The SpringBoot project has been put there so to be more productive & build production ready app in no time. SpringBoot project referes many starter projects like spring-boot-starter-jdbc, spring-boot-starter-logging, etc. All these starter libraries are like maven sub module projects and they add a set of libraries to respective project in turn. Like the spring-boot-starter-jdbc library adds these libraries -> spring-jdbc,spring-tx,tomcat-jdbc.
Now for the configuration part, spring boot has maintained another library called spring-boot-autoconfigure which auto configures all needed configs depending on the libraries present on your pom and the initial set of config annotation been used on the app. For Eg. if it sees ojdbc jar present in your pom then it will autoconfigure oracle datasource to your project
From my bare understanding, this feature are not provided by Spring Boot. It is the power of Maven. Maven allow you to declare dependencies, and the dependencies themselves, PLUS the transitive dependencies will be retrieved.
The starter POMs are simply normal Maven POM-type artifact which declared essential dependencies, and hence, when you include in your own POM, related dependencies will be downloaded.
You may get some more understanding on Maven from Maven Site or Maven Guide by Sonatype