I have two modules:
- base-lib
- service
The base-lib has some Spring Boot/Security dependencies as well as some Azure ones. The Azure one needs a specific version of nimbusds so I have that dependency set to a specific version (5.64.4). When I build that first module by itself, gradle only downloads 5.64.4. But when I include it as a project dependency of the other module (which has no other dependencies), then it downloads two versions: 5.64.4 and 6.0. Why would this be different?
base-lib: build.gradle
buildscript {
repositories {
mavenCentral()
mavenLocal()
}
dependencies {
classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
}
}
apply plugin: "java"
apply plugin: "java-library"
apply plugin: "org.springframework.boot"
apply plugin: "io.spring.dependency-management"
group "${group}"
version "${version}"
sourceCompatibility = 11.0
repositories {
mavenCentral()
mavenLocal()
}
dependencies {
api( [ "com.nimbusds:oauth2-oidc-sdk:5.64.4" ] )
/* These are what pulls in 6.0 */
api( [ "org.springframework.boot:spring-boot-starter-security:${springBootVersion}" ] )
api( [ "org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:${springBootVersion}" ] )
api( [ "org.springframework.security:spring-security-oauth2-client:${springOAuthClientVersion}" ] )
//Microsoft Azure AD
api( [ "com.microsoft.azure:adal4j:${adal4jVersion}" ] )
/* elided, lot's of other dependencies here */
}
service build.gradle
dependencies {
implementation project(":base-lib")
}
If I delete the second module (service) and build the first, then it only downloads 5.64.4. But the moment I have both and build them, it pulls down 6.0 too.
This fixes it, but why is this needed when pulling in as a project dependenency and not normally? Why are the dependency rules different?
api( [ "com.nimbusds:oauth2-oidc-sdk:5.64.4" ] ) {
force = true
}
