Hi everyone.
When there's a transitive dependency issue, lein deps :tree prints suggestions like this.
[org.clojure/clojurescript "1.11.132"] -> [com.cognitect/transit-java "1.0.362" :exclusions [org.clojure/clojure]] -> [javax.xml.bind/jaxb-api "2.3.0"]
overrides
[djblue/portal "0.55.1"] -> [com.cognitect/transit-clj "1.0.333"] -> [com.cognitect/transit-java "1.0.371"] -> [javax.xml.bind/jaxb-api "2.4.0-b180830.0359"]
Consider using these exclusions:
[djblue/portal "0.55.1" :exclusions [javax.xml.bind/jaxb-api]]
I'm wondering why the default suggestion isn't to exlude jaxb-api from clojurescript instead given that it's using an older version.thanks for the references. really appreciated
I'm still trying to understand if :managed-dependencies is right for my use case
if you need to enforce a consistent version of a dependency across multiple projects, then managed dependencies are exactly for you; that's why they exist in maven (and leiningen)
i.e. the reason managed dependencies are a feature is because people often have projects that rely on a specific version of some internal library or transitive dependency, and this helps keeps things in control
i have personally used managed dependencies to control specific versions of dependencies so that shadow-cljs and other CLJS libraries can coexist together in a lein project -- I find it easier to maintain IMO than exclusions since you get the exact version of a dep you specify
iirc this is a feature from pomegranate, which uses maven for dependency resolution
The exclusion is based off whatever is closest to the root of your dependency tree. See https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Transitive_Dependencies for details
In nearly all Clojure/Leiningen projects, I use :managed-dependencies since gives the finest control over which exact versions of a dependency get used across (sub)projects.