When I

implementation "org.jetbrains.kotlin:kotlin-reflect"

and it works fine Does it pick up the kotlin version from the applied kotlin gradle plugin? Or is that shorthand for latest?

Does it pick up the kotlin version from the applied kotlin gradle plugin?

Yes

nice thanks

It is coming from a plugin you should stop using. The Spring dependency management plugin is a relict from times when Gradle did not have built-in BOM support and by now does more harm than good. Even the author of that plugin recommends not to use it anymore, but the built-in BOM support using

platform(...)

. Besides that, Gradle has to know a version for a dependency. If you have a dependency twice in the tree with different versions (by default) the higher version is used. If you have it twice once with and once without version, the version wins. You can also have version constraints for libraries, which means it is no dependency, but if you add that dependency the version of the constraint is also used. If you use a BOM / platform this adds all the contained things as version constraints. (the Spring dependency management plugin does something similar, just in a bad way and some other bad things) So if you have a dependency with its version already, or a version constraint for that dependency, or a platform / BOM which contains it and thus a version constraint, you can use the dependency without version as it just uses the version already known. And if there is no such version you get an error. Using the latest version would be

+

as version or

latest.release

or

latest.integration

, depending on exact intended semantic.

So now what exactly in spring boot + postgres case? Is there a bom which includes the postgres thing? Or should i version the postgres thingy explicitly?

I can hardly guess what your buildscript is looking like as you did not share it. But I already guessed that you apply the Spring Dependency Management plugin that does similar things to a BOM just in a bad way. Whether it works or not I have no idea I don't have in mind what Spring Boot BOM contains and what it does not, you have to read it or look at the docs. You can anytime use a version if you want to, and the higher one will win. But afair the sense of those Spring Boot compilations is, that they say the versions they list work together nicely, so most probably for things that are in there you should not use a version.

oh, sorry

[versions]
kotlin = "2.1.0"

[plugins]
kotlin-jvm = { id = "org.jetbrains.kotlin.jvm", version.ref = "kotlin" }
kotlin-spring = { id = "org.jetbrains.kotlin.plugin.spring", version.ref = "kotlin" }
kotlin-jpa = { id = "org.jetbrains.kotlin.plugin.jpa", version.ref = "kotlin" }
spring-boot = { id = "org.springframework.boot", version = "3.4.1" }
spring-dependency-management = { id = "io.spring.dependency-management", version = "1.1.7" }

[libraries]
kotlin-reflect = { module = "org.jetbrains.kotlin:kotlin-reflect" }
postgres = { module = "org.postgresql:postgresql" }
spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web" }
spring-boot-starter-data-jpa = { module = "org.springframework.boot:spring-boot-starter-data-jpa" }
spring-boot-openapi = { module = "org.springdoc:springdoc-openapi-starter-webmvc-ui", version = "2.7.0" }

plugins {
    alias libs.plugins.kotlin.jvm
    alias libs.plugins.kotlin.spring
    alias libs.plugins.kotlin.jpa
    alias libs.plugins.spring.boot
    alias libs.plugins.spring.dependency.management
}

dependencies {
    implementation libs.kotlin.reflect
    implementation libs.spring.boot.starter.web
    implementation libs.spring.boot.starter.data.jpa
    implementation libs.spring.boot.openapi
    runtimeOnly libs.postgres
}

just most basic setup

Did I say you should remove the dependency management plugin?

It is coming from a plugin you should stop using.

sounds like it 😄

Then why do you ask whether you should if I already told you so? 🙂 But no, the other changes in the version catalog you should not do, but you should use the Spring Boot BOM as I already said. The Spring Boot Gradle plugin even has a constant you can use. Just read the Spring Boot documentation it has all the info readily available.

I mean.. when I look at their docs, the first thing they say is to add the dependency management plugin https://docs.spring.io/spring-boot/gradle-plugin/getting-started.html

Well, they tell you wrong. Do you more trust outdated docs and outdated generator tools, or the Gradle experts you are talking to and the maintainer of that plugin who itself says you should not use it?

😄 Ofcourse I trust you guys, it's just you said to look at the docs which are readily available - and crap

No, just scroll down.

what?

plugins {
	id 'java'
	id 'org.springframework.boot' version '3.4.1'
}

apply plugin: 'io.spring.dependency-management'

this is the good version?

How do you think that is the good version? You still apply the bad plugin, just now additionally in a bad way.

Below the bad version they show the good version

.

If that is what you get from scrolling down, you are probably on the wrong page

okay I see, is using a bom preferred over the shared

version.ref

in catalogue? I mean I can never tell what's inside the bom

I mean I can never tell what's inside the bom

Sure you can, you can just read it.

is using a bom preferred over the shared

version.ref

in catalogue?

But again, whether you specify versions yourself or use the BOM is up to you. Iirc the sense of Spring Boot and the BOM is that they say "these versions properly work together we recommend you use those". Whether you follow that recommendation is up to you. Besides that you cannot use a "shared `version.ref`" except for the Spring-own modules. It defines versions for dozens of other dependencies and those are all different.

also, not sure why do I need to

implementation platform..

To use their BOM and thus the versions of the dependencies they recommend as "working together properly"

it if it is necessary

If you want to use their version recommendations, yes

there's a spring boot gradle plugin .. why won't the plugin simply add it

I don't know, ask them. Probably for the same reason they also have in the getting started docs and generator the Spring Dependency Management plugin. Why that is the case is a miracle to me when even the maintainer of the plugin tells to not use it anymore. Maybe it is due to legacy or backwards compatibility reasons. 🤷‍♂️

okay so the bom extends beyond the 1st party spring stuff that's what had me confused, as all the spring dependencies I use are

spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "spring" }
spring-boot-starter-data-jpa = { module = "org.springframework.boot:spring-boot-starter-data-jpa", version.ref = "spring" }

version.ref = spring

anyways

You should probably read a bit about Spring Boot to get the idea

just to be sure -

implementation platform..

doesnt actually include any dependency, just a sort of map of version to use if said dependency were to be included?

exactly

okay, besides the spring boot usecase - i've seen it in jetpack compose as well but then if I were to use it - won't it break with transitive dependencies? I mean if I use compose platform 2.0, which includes say

foundation:2.0

and a 3rd party dependency depends on

foundation:2.1

directly, then I'll get the

2.1

anyways, correct?

yes, unless you changed configuration to fail on version conflict, or use an enforced platform (you should almost never do) or somewhere us a strict version, or use other things or plugins that influence the resolution. But generally speaking, yes

that doesn't inspire confidence 😄

> that doesn't inspire confidence 😄 Well, Gradle is very mighty and give you much power. But with great power comes great responsibility. (✔️ Spiderman reference)

where

Or check their docs, I guess they have a list

I'm wondering why is this at all necessary if spring 1.0 depends on jackson 1.0, and I explicitly include jackson 2.0, then 2.0 will be used & it will compile -- provided jackson is backwards compatible

Spring does not depend on all those

then why does it care what version jackson im using?

The Spring Boot team says "if you want to use these libraries, use those versions, we tested that they work together nicely"

yes but why would they not play nice, in general

Who says there isn't?

but A cannot enforce B's version so I need to take care not to specify version for B for the A's bom to take over so I sort of need to make A the master of the B

The level is irrelevant, but yes otherwise. And again, it can enforce if you use an enforced platform you just shouldn't. And again, they are *recommendations

forget spring boot, just your A B C example; where A has a bom, B doesnt. so I need to take care not to specify B version for the A's bom to take over & make it all work so A('s bom) is in a sense managing B

You cannot forget Spring Boot, as it was an example situation that Spring Boot tries to solve. A and B are unrelated

if it had one

Semver is irrelevant, but in my example it correlated

well it's not getting through my skull

unrelated

in terms of gradle dependencies? anyways what I meant was if the bom is just a "collection of stuff you might probably be using" & I should obey it, in that sense that bom is master of the versions of the given stuff

Unrelated in any possible meaning

yes but I expanded on your example - A,B & A has a bom; where A & B are not related in gradle dependency manner if my assumption that A's bom is "if you use A, you prooobably are using B, and if so, use version B:x" is correct, then that means you should let the bom manage B's version, which in turn means A's bom is super to B in a sense

That's not the situation though. The situation is, that A has not relation at all to B. It does not know about B. And it is in no way more or less likely that someone uses B just because it uses A or the other way around. They are just two totally independent things that have no relation at all, besides both using C.

then I've no idea what we're talking about

I'm describing you the problem the Spring Boot BOM tries to solve. You insist on striking Spring Boot BOM from the equation and thus make the whole conversation moot.

well, because when I look at spring boot's bom, it for example references jackson - and spring boot depends on jackson

The Spring Boot BOM is not using Jackson.

what? https://repo1.maven.org/maven2/org/springframework/boot/spring-boot-dependencies/3.4.1/spring-boot-dependencies-3.4.1.pom spring boot bom 3.4.1 references

<dependency>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
<version>${jackson-bom.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>

You don't listen, do I really have to say it again?

I know it doesnt say that. I get it's a suggestion to the consumer of both spring & jackson. BUT spring depends on jackson, so this unnecessary, isn't it?

It does not imply any dependency from any project to any other project

isn't the same thing said in terms of spring boot's dependency on jackson?

"Spring Boot" consists of dozens of things, what exactly are you talking about?

I get that "spring bom 1 is saying that (spring-boot-starter 2, spring-boot-data-jpa 3, jackson 4) are all playing nice" but spring-boot-starter 2 will have a dependency on jackson 4 so why is this necessary (to mention jackson in the bom at all)

so why is this necessary (to mention jackson in the bom at all)

Who says you are using spring-boot-starter at all?

that makes sense, to publish a jackson bom 1 which says (jackson-parsing 1, jackson-whatever 2, jackson-idk 3) are all a single release in a sense

Yes, exactly. For Jackson BOM it does not make much sense to mention any other libs and it does not.