Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency convergence error in azure-sdk-bom:1.2.18 #37630

Closed
mikmoila opened this issue Nov 13, 2023 · 3 comments
Closed

Dependency convergence error in azure-sdk-bom:1.2.18 #37630

mikmoila opened this issue Nov 13, 2023 · 3 comments
Assignees
@alzimmermsft
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@mikmoila
Copy link

mikmoila commented Nov 13, 2023
edited
Loading

Maven enforcer reports a dependency convergence error in com.azure:azure-sdk-bom:1.2.18 as msal4j is included as two different versions:

[ERROR] Dependency convergence error for com.microsoft.azure:msal4j:jar:1.13.9 paths to dependency are:
[ERROR]   +-com.azure:azure-identity:jar:1.10.4:compile
[ERROR]     +-com.microsoft.azure:msal4j:jar:1.13.9:compile
[ERROR] and
[ERROR]   +-com.azure:azure-identity:jar:1.10.4:compile
[ERROR]     +-com.microsoft.azure:msal4j-persistence-extension:jar:1.2.0:compile
[ERROR]       +-com.microsoft.azure:msal4j:jar:1.4.0:compile

Also json-smart is included twice:


[ERROR] Dependency convergence error for net.minidev:json-smart:jar:1.3.3 paths to dependency are:
[ERROR]   +-com.azure:azure-identity:jar:1.10.4:compile
[ERROR]     +-com.microsoft.azure:msal4j:jar:1.13.9:compile
[ERROR]       +-com.nimbusds:oauth2-oidc-sdk:jar:10.7.1:compile
[ERROR]         +-net.minidev:json-smart:jar:1.3.3:compile
[ERROR] and
[ERROR]   +-com.azure:azure-identity:jar:1.10.4:compile
[ERROR]     +-com.microsoft.azure:msal4j:jar:1.13.9:compile
[ERROR]       +-net.minidev:json-smart:jar:2.4.10:compile
@github-actions github-actions bot added Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-triage Workflow: This issue needs the team to triage. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Nov 13, 2023
@alzimmermsft alzimmermsft removed the needs-team-triage Workflow: This issue needs the team to triage. label Nov 15, 2023
@alzimmermsft alzimmermsft self-assigned this Nov 15, 2023
@github-actions github-actions bot added the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Nov 15, 2023
@alzimmermsft
Copy link
Member

Thank you for filing this issue @mikmoila.

At this time azure-sdk-bom only guarantees dependency convergence between Azure SDKs and doesn't guarantee the same dependency convergence for transitive dependencies, such as this. The MSAL4J project is outside of the scope of Azure SDKs so, unfortunately, we don't have many options on enforcing dependency convergence here.

@bowbahdoe
Copy link

@alzimmermsft Forgive me if i'm missing something, but MSAL4j is published under

com.microsoft.azure/msal4j

The MSAL4J project is outside of the scope of Azure SDKs

So this doesn't make sense.

@alzimmermsft
Copy link
Member

HI @bowbahdoe, while MSAL4J is published in the com.microsoft.azure group it's part of another repository which isn't managed by azure-sdk-for-java:

https://github.com/AzureAD/microsoft-authentication-library-for-java

We work with them to try and align their dependencies with what we use but at the end of the day since it's not all managed together there are times where there is some minor dependency skew.

@yeroc yeroc mentioned this issue Dec 6, 2023
Closed
@fatso83 fatso83 mentioned this issue Jun 10, 2024
Closed
3 tasks
@vcolin7 vcolin7 closed this as completed Jun 11, 2024
@github-actions github-actions bot locked and limited conversation to collaborators Sep 9, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@alzimmermsft alzimmermsft

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
Azure Identity SDK Improvements
Archived in project
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bowbahdoe @vcolin7 @alzimmermsft @mikmoila