leiningen

fjsousa 2024-05-21T12:59:56.388439Z

Hi everyone. When there's a transitive dependency issue, lein deps :tree prints suggestions like this.

[org.clojure/clojurescript "1.11.132"] -> [com.cognitect/transit-java "1.0.362" :exclusions [org.clojure/clojure]] -> [javax.xml.bind/jaxb-api "2.3.0"]
 overrides
[djblue/portal "0.55.1"] -> [com.cognitect/transit-clj "1.0.333"] -> [com.cognitect/transit-java "1.0.371"] -> [javax.xml.bind/jaxb-api "2.4.0-b180830.0359"]

Consider using these exclusions:
[djblue/portal "0.55.1" :exclusions [javax.xml.bind/jaxb-api]]
I'm wondering why the default suggestion isn't to exlude jaxb-api from clojurescript instead given that it's using an older version.

👍 1
fjsousa 2024-05-22T08:20:53.330299Z

thanks for the references. really appreciated

fjsousa 2024-05-22T08:22:01.143739Z

I'm still trying to understand if :managed-dependencies is right for my use case

hifumi123 2024-05-22T10:09:54.670649Z

if you need to enforce a consistent version of a dependency across multiple projects, then managed dependencies are exactly for you; that's why they exist in maven (and leiningen)

hifumi123 2024-05-22T10:10:48.763939Z

i.e. the reason managed dependencies are a feature is because people often have projects that rely on a specific version of some internal library or transitive dependency, and this helps keeps things in control

hifumi123 2024-05-22T10:12:44.583969Z

i have personally used managed dependencies to control specific versions of dependencies so that shadow-cljs and other CLJS libraries can coexist together in a lein project -- I find it easier to maintain IMO than exclusions since you get the exact version of a dep you specify

hifumi123 2024-05-21T21:53:37.259749Z

iirc this is a feature from pomegranate, which uses maven for dependency resolution

hifumi123 2024-05-21T21:54:10.234769Z

The exclusion is based off whatever is closest to the root of your dependency tree. See https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Transitive_Dependencies for details

hifumi123 2024-05-21T21:56:25.253329Z

In nearly all Clojure/Leiningen projects, I use :managed-dependencies since gives the finest control over which exact versions of a dependency get used across (sub)projects.