microsoft-authentication-library-for-java icon indicating copy to clipboard operation
microsoft-authentication-library-for-java copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

Ship downstream dependencies of msal4j with updated versions

Open billwert opened this issue 1 year ago • 1 comments

Ref customer issue: https://github.com/Azure/azure-sdk-for-java/issues/42942

In short, dependencies of msal4j should re-ship whenever msal4j ships with updated version numbers to avoid potential dependency resolution conflicts, etc. I think this includes persistence as well as broker.

Ideally all dependencies will be aligned between these packages, so include things like slf4j.

billwert avatar Nov 21 '24 17:11 billwert

Any update on this? It is tedious to have to explicitly manage the msal version, when enforcing dependency convergence - which I think is "best practice". The problem can be demonstrated with this pom:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>msal-user</groupId>
    <artifactId>msal-user</artifactId>
    <version>1.0.0</version>
    <dependencies>
        <dependency>
            <groupId>com.azure</groupId>
            <artifactId>azure-identity</artifactId>
        </dependency>
    </dependencies>
    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>com.azure</groupId>
                <artifactId>azure-sdk-bom</artifactId>
                <version>1.2.38</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <dependency>
                <groupId>io.netty</groupId>
                <artifactId>netty-bom</artifactId>
                <version>4.1.123.Final</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <dependency>
                <groupId>com.fasterxml.jackson</groupId>
                <artifactId>jackson-bom</artifactId>
                <version>2.18.4</version>
                <scope>import</scope>
                <type>pom</type>
            </dependency>
            <dependency>
                <groupId>org.slf4j</groupId>
                <artifactId>slf4j-api</artifactId>
                <version>1.7.36</version>
            </dependency>
        </dependencies>
    </dependencyManagement>
    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-enforcer-plugin</artifactId>
                <version>3.5.0</version>
                <configuration>
                    <rules>
                        <dependencyConvergence/>
                    </rules>
                </configuration>
            </plugin>
        </plugins>
    </build>
</project>

And running mvn enforcer:enforce.

mnk avatar Sep 20 '25 08:09 mnk