Fork me on GitHub
#tools-deps
<
2023-12-08
>
jumar11:12:55

Is there any difference in dependency resolution mechanism when having dependencies declared directly in myapp/deps.edn vs in another module common/deps.edn, where common is used via :local/root? In particular, when there are transitive dependencies that are used by a dependency that used to be in myapp/deps.edn but is now in common/deps.edn. I'm facing this particular problem with bouncycastle and buddy

Exception in thread "main" Syntax error macroexpanding at (buddy/core/keys/jwk/eddsa.clj:1:1).
...
Caused by: java.lang.SecurityException: class "org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters"'s signer information does not match signer information of other classes in the same package
Dependency tree of myapp: • NOTE buddy-core used to be in myapp/deps.edn but it's now in common/deps.edn
clj -Stree
...
com.atlassian.jwt/jwt-core 3.2.1
...
  X commons-codec/commons-codec 1.4 :use-top
  . org.bouncycastle/bcprov-jdk15on 1.60
  . org.bouncycastle/bcpkix-jdk15on 1.60
    . org.bouncycastle/bcprov-jdk15on 1.60
...
buddy/buddy-hashers 2.0.167
  . buddy/buddy-core 1.11.423
    X commons-codec/commons-codec 1.16.0 :use-top
    . org.bouncycastle/bcpkix-jdk18on 1.75
      . org.bouncycastle/bcprov-jdk18on 1.75
      . org.bouncycastle/bcutil-jdk18on 1.75
        . org.bouncycastle/bcprov-jdk18on 1.75
    . org.bouncycastle/bcprov-jdk18on 1.75
...