java 21 - be careful with the order of dependencies

[Olivier Bourgain]

Hello,

I had an issue in a test with bytebuddy failing to mock some third party class.

I tried to make a minimal reproducer project with just the third party lib and mockito, but this time it worked.

I then analyzed the dependencies of the project. I found the assertj is using bytebuddy 1.12.21 (which don't support java 21) and as it was declared before mockito in my pom.xml, and so its version of bytebuddy was picked by Maven as asserj was declared.before Mockito. (due to picking the nearest cf https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#transitive-dependencies ).

[Mark Waite]

Thanks so much for describing this!  We're sweeping through plugins in the Jenkins project to test with Java 21 and we've encountered this on multiple occasions.  I didn't know what to do about it until I saw your message.  Thanks very much!

Mark Waite

[Verhás István]

Maybe the order fixed your issue, but it is a fragile solution. Unintentional changes can break your project again. The referred documentation and also my practice show a better way to fix the transitive dependency version issue

>> Dependency management - this allows project authors to directly specify the versions of artifacts to be used when they are encountered in transitive dependencies or in dependencies where no version has been specified. 

Simple declare in the dependency management section the required version of byte buddy. It will not be changed unintentionally.