Skip to content

Spring Boot 3.3.x dependencies do not converge for Micrometer Tracing and OpenTelemetry #43200

New issue
New issue
Closed
Closed
Spring Boot 3.3.x dependencies do not converge for Micrometer Tracing and OpenTelemetry#43200
Assignees
wilkinsona
Labels
status: noteworthyA noteworthy issue to call out in the release notestype: bugA general bug
Milestone
3.3.6
@mcompton13

Description

@mcompton13
mcompton13
opened on Nov 15, 2024

Found that org.springframework.boot:spring-boot-dependencies:3.3.5 specifies opentelemetry-bom version 1.37.0 and micrometer-tracing-bom version 1.3.5, but that version of micrometer-tracing depends on opentelemetry 1.38.0 dependencies.

This can be worked around by overloading the version of opentelemetry-bom to be version 1.38.0 in the Maven <dependencyManagement> section.

There is a work around, but this is the first time I've ever seen Spring Boot dependencies not converge "out of the box". Is this intentional? Is there a reason that Spring Boot Dependencies does not use opentelemetry-bom version 1.38.0 to align with the version of micrometer-tracing-bom? Can this be fixed in the next version of Spring Boot 3.3.x and 3.4.x? Is there something that can be done to prevent this misalignment of these tracing dependencies from happening in the future?

Here is a minimal pom.xml that reproduces the problem . Put this in a file called pom.xml and run mvn enforcer:enforce:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 <modelVersion>4.0.0</modelVersion>

 <parent>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-dependencies</artifactId>
   <version>3.3.5</version>
 </parent>

 <artifactId>sb3.3-dependency-converg-reproducer</artifactId>

 <dependencies>
   <dependency>
     <groupId>io.micrometer</groupId>
     <artifactId>micrometer-tracing-bridge-otel</artifactId>
   </dependency>
   <dependency>
     <groupId>io.opentelemetry</groupId>
     <artifactId>opentelemetry-exporter-otlp</artifactId>
   </dependency>
 </dependencies>

 <build>
   <plugins>
     <plugin>
       <groupId>org.apache.maven.plugins</groupId>
       <artifactId>maven-enforcer-plugin</artifactId>
       <version>3.5.0</version>
       <configuration>
         <rules>
           <dependencyConvergence/>
           <requireUpperBoundDeps/>
         </rules>
       </configuration>
       <executions>
         <execution>
           <goals>
             <goal>enforce</goal>
           </goals>
         </execution>
       </executions>
     </plugin>
   </plugins>
 </build>
</project

The issue in the above POM can be fixed by overriding the version of open-telemetry specified by Spring Boot Dependencies by adding the following:

<dependencyManagement>
  <dependencies>
    <dependency>
      <groupId>io.opentelemetry</groupId>
      <artifactId>opentelemetry-bom</artifactId>
      <!-- Override spring-boot-deps to use 1.38.0 instead of 1.37.0 -->
      <version>1.38.0</version>
      <type>pom</type>
      <scope>import</scope>
    </dependency>
  </dependencies>
</dependencyManagement>

Metadata

Metadata

Assignees

Labels

status: noteworthyA noteworthy issue to call out in the release notestype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions