spotbugs-annotations artifact depends on and exports junit-bom
davidburstrom opened this issue · comments
When a project depends on com.github.spotbugs:spotbugs-annotations
, it will add the latest JUnit Jupiter BOM to the project classpath. This causes issues for consumers, as adding or bumping spotbugs-annotations
will lead to a bump of JUnit, as the BOM ends up in the POM and Gradle module files.
This happens because the BOM is configured to be an implementation
dependency (
Line 40 in a9ae3aa
testImplementation
configurations for all projects, as it really shouldn't be leaked to any production code consumers.Here's more information on the consequences of exporting a platform to downstream consumers: https://docs.gradle.org/current/userguide/platforms.html#sub:platforms-vs-catalog