Managing dependency versions for Spring projects

Projects depend on other frameworks, also called dependencies. It is important to manage the versions of the framework dependencies used. If you are using Spring Boot, the simplest option to manage dependency versions is to use spring-boot-starter-parent as the parent POM. This is the option we used in all our project examples in this book:

    <parent>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-parent</artifactId>
      <version>${spring-boot.version}</version>
      <relativePath /> <!-- lookup parent from repository -->
    </parent>

Versions of more than 200 dependencies are managed by spring-boot-starter-parent. Before a Spring Boot release, it is ensured that all the versions of these dependencies play well together. The following code shows some of the dependency versions that are managed:

<activemq.version>5.14.3</activemq.version>
 <ehcache.version>2.10.3</ehcache.version>
 <elasticsearch.version>2.4.4</elasticsearch.version>
 <h2.version>1.4.193</h2.version>
 <jackson.version>2.8.7</jackson.version>
 <jersey.version>2.25.1</jersey.version>
 <junit.version>4.12</junit.version>
 <mockito.version>1.10.19</mockito.version>
 <mongodb.version>3.4.2</mongodb.version>
 <mysql.version>5.1.41</mysql.version>
 <reactor.version>2.0.8.RELEASE</reactor.version>
 <reactor-spring.version>2.0.7.RELEASE</reactor-spring.version>
 <selenium.version>2.53.1</selenium.version>
 <spring.version>4.3.7.RELEASE</spring.version>
 <spring-amqp.version>1.7.1.RELEASE</spring-amqp.version>
 <spring-cloud-connectors.version>1.2.3.RELEASE</spring-cloud-connectors.version>
 <spring-batch.version>3.0.7.RELEASE</spring-batch.version>
 <spring-hateoas.version>0.23.0.RELEASE</spring-hateoas.version>
 <spring-kafka.version>1.1.3.RELEASE</spring-kafka.version>
 <spring-restdocs.version>1.1.2.RELEASE</spring-restdocs.version>
 <spring-security.version>4.2.2.RELEASE</spring-security.version>
<thymeleaf.version>2.1.5.RELEASE</thymeleaf.version>

It is recommended that you do not override any of the versions of the managed dependencies in the project POM file. This ensures that when we upgrade our Spring Boot version, we would get the latest version upgrades for all of the dependencies.

Sometimes, you have to use a custom corporate POM as a parent POM. The following snippet shows how to manage dependency versions in this scenario:

    <dependencyManagement>
      <dependencies>
        <dependency>
          <groupId>org.springframework.boot</groupId>
          <artifactId>spring-boot-dependencies</artifactId>
          <version>${spring-boot.version}</version>
          <type>pom</type>
          <scope>import</scope>
        </dependency>
      </dependencies>
    </dependencyManagement>

If you are not using Spring Boot, then you can manage all basic Spring dependencies using Spring BOM as shown in the following example:

    <dependencyManagement>
      <dependencies>
        <dependency>
          <groupId>org.springframework</groupId>
          <artifactId>spring-framework-bom</artifactId>
          <version>${org.springframework-version}</version>
          <type>pom</type>
          <scope>import</scope>
        </dependency>
      </dependencies>
    </dependencyManagement>

In summary, we recommend either using a Spring Boot starter parent or Spring BOM to manage versions of the Spring Framework used in your projects.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset