java-spiffe icon indicating copy to clipboard operation
java-spiffe copied to clipboard
verified publisher icon spiffe

Manage Dependencies of Netty and gRPC with their respective BOMs

Open thomasrichner-oviva opened this issue 3 years ago • 0 comments

Both gRPC and netty come with a lot of modules that need to have the same version. Furthermore gRPC has netty shaded so any netty runtime dependencies on native bits need to also be aligned with whatever is shaded within gRPC.

In order to make sure all gRPC and netty dependencies (direct or transitive) are in the same version, the usual approach is to make use of BOMs.

The goal here would be to manage both the gRPC dependencies as well as the netty dependencies with BOMs.

Since java-spiffe itself also comes with multiple modules, it might be worthwhile to also publish a BOM so those versions are aligned.

See also:

  • https://docs.gradle.org/current/userguide/platforms.html#sub:bom_import
  • https://search.maven.org/artifact/io.grpc/grpc-bom/1.51.1/pom
  • https://central.sonatype.dev/artifact/io.netty/netty-bom/4.1.86.Final/versions

thomasrichner-oviva avatar Jan 11 '23 17:01 thomasrichner-oviva