Fork me on GitHub
#leiningen
<
2024-05-21
>
fjsousa12:05:56

Hi everyone. When there's a transitive dependency issue, lein deps :tree prints suggestions like this.

[org.clojure/clojurescript "1.11.132"] -> [com.cognitect/transit-java "1.0.362" :exclusions [org.clojure/clojure]] -> [javax.xml.bind/jaxb-api "2.3.0"]
 overrides
[djblue/portal "0.55.1"] -> [com.cognitect/transit-clj "1.0.333"] -> [com.cognitect/transit-java "1.0.371"] -> [javax.xml.bind/jaxb-api "2.4.0-b180830.0359"]

Consider using these exclusions:
[djblue/portal "0.55.1" :exclusions [javax.xml.bind/jaxb-api]]
I'm wondering why the default suggestion isn't to exlude jaxb-api from clojurescript instead given that it's using an older version.

👍 1
hifumi12321:05:37

iirc this is a feature from pomegranate, which uses maven for dependency resolution

hifumi12321:05:10

The exclusion is based off whatever is closest to the root of your dependency tree. See https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Transitive_Dependencies for details

hifumi12321:05:25

In nearly all Clojure/Leiningen projects, I use :managed-dependencies since gives the finest control over which exact versions of a dependency get used across (sub)projects.

fjsousa08:05:53

thanks for the references. really appreciated

fjsousa08:05:01

I'm still trying to understand if :managed-dependencies is right for my use case

hifumi12310:05:54

if you need to enforce a consistent version of a dependency across multiple projects, then managed dependencies are exactly for you; that's why they exist in maven (and leiningen)

hifumi12310:05:48

i.e. the reason managed dependencies are a feature is because people often have projects that rely on a specific version of some internal library or transitive dependency, and this helps keeps things in control

hifumi12310:05:44

i have personally used managed dependencies to control specific versions of dependencies so that shadow-cljs and other CLJS libraries can coexist together in a lein project -- I find it easier to maintain IMO than exclusions since you get the exact version of a dep you specify