如何解决父 POM 的无效包装,必须 "pom" 但 "jar"
How to resolve invalid packaging for parent POM, must be "pom" but is "jar"
解决 spring.io
发布的 spring- 框架漏洞
我尝试将 spring-boot 版本从 2.4.5 升级到 2.5.12 并使用 gradle-6.8 版本,运行 ./gradlew clean build 任务是因错误而失败
Invalid packaging for parent POM org.apache.logging.log4j:log4j-api:2.17.2, must be "pom" but is "jar" in org.apache.logging.log4j:log4j-api:2.17.2
依赖项org.springframework.boot:spring-boot-starter-webflux加载内部依赖项log4j-api:2.17.2
如何解决内部依赖项的无效父 POM 打包问题?
build.gradle
buildscript {
ext {
springBootVersion = '2.5.12'
}
repositories {
mavenCentral()
}
dependencies {
classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
{
exclude group: 'org.slf4j', module: 'slf4j-ext'
}
}
}
apply plugin: 'java'
apply plugin: 'eclipse'
apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'
group = 'com.service'
version = ''
sourceCompatibility = 11
def logbackVersion = '1.2.3'
repositories {
mavenCentral()
}
configurations.all {
resolutionStrategy.eachDependency { DependencyResolveDetails details ->
if (details.requested.group == 'org.apache.logging.log4j') {
details.useVersion '2.17.1'
}
}
}
dependencies {
implementation ('org.springframework.boot:spring-boot-starter-webflux')
developmentOnly('org.springframework.boot:spring-boot-devtools')
testImplementation('org.springframework.boot:spring-boot-starter-test')
testImplementation('io.projectreactor:reactor-test')
implementation("ch.qos.logback:logback-core:${logbackVersion}")
implementation("ch.qos.logback:logback-classic:${logbackVersion}")
implementation('org.apache.httpcomponents:httpclient:4.5.11')
implementation('org.apache.commons:commons-collections4:4.4')
implementation("org.springframework.cloud:spring-cloud-vault-config:2.1.3.RELEASE")
implementation("org.springframework.cloud:spring-cloud-vault-config-consul:2.1.3.RELEASE")
implementation group: 'org.springframework.cloud', name: 'spring-cloud-consul-dependencies', version: '1.0.0.RELEASE', ext: 'pom'
implementation('com.amazonaws:aws-java-sdk-sqs:1.11.634')
implementation('org.projectlombok:lombok:1.18.12')
implementation('org.yaml:snakeyaml:1.26')
implementation group: 'com.google.code.gson', name: 'gson', version: '2.8.6'
annotationProcessor('org.projectlombok:lombok:1.18.12')
implementation group: 'org.bouncycastle', name: 'bc-fips', version: '1.0.2'
implementation group: 'org.bouncycastle', name: 'bctls-fips', version: '1.0.11'
}
添加 mavenBom spring-cloud-dependencies 帮助解决了这个问题。怀疑 webflux 引入了对旧版本的传递依赖,并在 dependencyManagement 中添加 spring-cloud-dependencies bom 确保所有 Spring 依赖处于同一版本
这是有效的更新 build.gradle 文件
plugins {
id 'org.springframework.boot' version '2.6.6'
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
id 'java'
id 'application'
}
group = 'com.service'
version = '1.0.0-SNAPSHOT'
sourceCompatibility = '11'
application {
mainClass = 'com.service.scheduler.SchedulerApplication'
}
repositories {
mavenCentral()
}
ext {
set('springCloudVersion', "2021.0.1")
set('logbackVersion', "1.2.11")
}
bootJar {
archiveFileName = 'scheduler.jar'
}
bootRun {
systemProperties = System.properties
}
dependencies {
/*---spring dependencies---*/
implementation 'org.springframework.boot:spring-boot-starter-webflux'
implementation 'org.springframework.cloud:spring-cloud-starter-vault-config'
implementation 'org.springframework.cloud:spring-cloud-vault-config-consul'
developmentOnly 'org.springframework.boot:spring-boot-devtools'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'io.projectreactor:reactor-test'
implementation 'com.amazonaws:aws-java-sdk-sqs:1.12.187'
implementation 'org.apache.httpcomponents:httpclient:4.5.13'
implementation 'org.apache.commons:commons-collections4:4.4'
implementation 'org.yaml:snakeyaml:1.30'
implementation 'com.google.code.gson:gson:2.9.0'
/*---fips dependencies---*/
implementation group: 'org.bouncycastle', name: 'bc-fips', version: '1.0.2'
implementation group: 'org.bouncycastle', name: 'bctls-fips', version: '1.0.11'
/*---lombok dependencies---*/
implementation 'org.projectlombok:lombok:1.18.22'
annotationProcessor 'org.projectlombok:lombok:1.18.22'
/*---logback dependencies---*/
implementation("ch.qos.logback:logback-core:${logbackVersion}")
implementation("ch.qos.logback:logback-classic:${logbackVersion}")
}
dependencyManagement {
imports {
mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
}
}
解决 spring.io
发布的 spring- 框架漏洞我尝试将 spring-boot 版本从 2.4.5 升级到 2.5.12 并使用 gradle-6.8 版本,运行 ./gradlew clean build 任务是因错误而失败
Invalid packaging for parent POM org.apache.logging.log4j:log4j-api:2.17.2, must be "pom" but is "jar" in org.apache.logging.log4j:log4j-api:2.17.2
依赖项org.springframework.boot:spring-boot-starter-webflux加载内部依赖项log4j-api:2.17.2
如何解决内部依赖项的无效父 POM 打包问题?
build.gradle
buildscript {
ext {
springBootVersion = '2.5.12'
}
repositories {
mavenCentral()
}
dependencies {
classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
{
exclude group: 'org.slf4j', module: 'slf4j-ext'
}
}
}
apply plugin: 'java'
apply plugin: 'eclipse'
apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'
group = 'com.service'
version = ''
sourceCompatibility = 11
def logbackVersion = '1.2.3'
repositories {
mavenCentral()
}
configurations.all {
resolutionStrategy.eachDependency { DependencyResolveDetails details ->
if (details.requested.group == 'org.apache.logging.log4j') {
details.useVersion '2.17.1'
}
}
}
dependencies {
implementation ('org.springframework.boot:spring-boot-starter-webflux')
developmentOnly('org.springframework.boot:spring-boot-devtools')
testImplementation('org.springframework.boot:spring-boot-starter-test')
testImplementation('io.projectreactor:reactor-test')
implementation("ch.qos.logback:logback-core:${logbackVersion}")
implementation("ch.qos.logback:logback-classic:${logbackVersion}")
implementation('org.apache.httpcomponents:httpclient:4.5.11')
implementation('org.apache.commons:commons-collections4:4.4')
implementation("org.springframework.cloud:spring-cloud-vault-config:2.1.3.RELEASE")
implementation("org.springframework.cloud:spring-cloud-vault-config-consul:2.1.3.RELEASE")
implementation group: 'org.springframework.cloud', name: 'spring-cloud-consul-dependencies', version: '1.0.0.RELEASE', ext: 'pom'
implementation('com.amazonaws:aws-java-sdk-sqs:1.11.634')
implementation('org.projectlombok:lombok:1.18.12')
implementation('org.yaml:snakeyaml:1.26')
implementation group: 'com.google.code.gson', name: 'gson', version: '2.8.6'
annotationProcessor('org.projectlombok:lombok:1.18.12')
implementation group: 'org.bouncycastle', name: 'bc-fips', version: '1.0.2'
implementation group: 'org.bouncycastle', name: 'bctls-fips', version: '1.0.11'
}
添加 mavenBom spring-cloud-dependencies 帮助解决了这个问题。怀疑 webflux 引入了对旧版本的传递依赖,并在 dependencyManagement 中添加 spring-cloud-dependencies bom 确保所有 Spring 依赖处于同一版本
这是有效的更新 build.gradle 文件
plugins {
id 'org.springframework.boot' version '2.6.6'
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
id 'java'
id 'application'
}
group = 'com.service'
version = '1.0.0-SNAPSHOT'
sourceCompatibility = '11'
application {
mainClass = 'com.service.scheduler.SchedulerApplication'
}
repositories {
mavenCentral()
}
ext {
set('springCloudVersion', "2021.0.1")
set('logbackVersion', "1.2.11")
}
bootJar {
archiveFileName = 'scheduler.jar'
}
bootRun {
systemProperties = System.properties
}
dependencies {
/*---spring dependencies---*/
implementation 'org.springframework.boot:spring-boot-starter-webflux'
implementation 'org.springframework.cloud:spring-cloud-starter-vault-config'
implementation 'org.springframework.cloud:spring-cloud-vault-config-consul'
developmentOnly 'org.springframework.boot:spring-boot-devtools'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'io.projectreactor:reactor-test'
implementation 'com.amazonaws:aws-java-sdk-sqs:1.12.187'
implementation 'org.apache.httpcomponents:httpclient:4.5.13'
implementation 'org.apache.commons:commons-collections4:4.4'
implementation 'org.yaml:snakeyaml:1.30'
implementation 'com.google.code.gson:gson:2.9.0'
/*---fips dependencies---*/
implementation group: 'org.bouncycastle', name: 'bc-fips', version: '1.0.2'
implementation group: 'org.bouncycastle', name: 'bctls-fips', version: '1.0.11'
/*---lombok dependencies---*/
implementation 'org.projectlombok:lombok:1.18.22'
annotationProcessor 'org.projectlombok:lombok:1.18.22'
/*---logback dependencies---*/
implementation("ch.qos.logback:logback-core:${logbackVersion}")
implementation("ch.qos.logback:logback-classic:${logbackVersion}")
}
dependencyManagement {
imports {
mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
}
}