Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Dependency Management for Java - Code Remix Sum...
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
sullis
May 12, 2026
Programming
60
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Dependency Management for Java - Code Remix Summit 2026-05-12
May 12 2026
Code Remix Summit Miami
#openrewrite
#java
sullis
May 12, 2026
More Decks by sullis
See All by sullis
AI Assisted Software Development - Portland Java User Group - 2026-04-14
sullis
0
71
Dependency Management for Java - Seattle 2025-11-18
sullis
0
52
Dependency Management for Java - Portland - 2025-11-04
sullis
0
36
Dependency management for Java applications 2025-09-11
sullis
0
53
S3 NYC Iceberg meetup 2025-07-10
sullis
0
62
Amazon S3 Chicago 2025-06-04
sullis
0
150
Amazon S3 Boston 2025-05-07
sullis
0
110
Netty ConFoo Montreal 2025-02-27
sullis
0
180
GitHub Actions ConFoo Montreal 2025-02-26
sullis
0
120
Other Decks in Programming
See All in Programming
その問い、本当に正しいですか?AI時代のエンジニアに必要な哲学と認知科学 / ai-philosophy-cognitive-science
minodriven
14
6.6k
そのテスト、説明できますか?~LWテスト戦略FW~のご紹介
nakahara
0
190
AIを活用したE2Eテスト実装効率化のあゆみ / ebisu-mobile-14-kotetu
kotetuco
0
160
Hatena Engineer Seminar #37「言語モデルの活用に関する研究」
slashnephy
0
470
はてなアカウント基盤 State of the Union
cockscomb
1
1.3k
Haskell/Servantを通してWebミドルウェアを捉え直す
pizzacat83
0
360
TSKaigi Night Talks 2026_TypeScriptでサプライチェーンの整合性を型に閉じ込める
geekplus_tech
0
430
Dataformのリポジトリを立ち上げるときにまずやること / dataform-day0-2026
snhryt
0
210
The NotImplementedError Problem in Ruby
koic
1
1.1k
エンジニアと一緒にテストコードの設計と実装を改善した話
mototakatsu
0
250
LLM本来の能力を解き放つサンドボックス技術とAI民主化への適用
yukukotani
3
4.8k
OS アップデート対応の取り組み方がもっと共有されてほしい
andpad
0
110
Featured
See All Featured
Making Projects Easy
brettharned
120
6.7k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
10k
The Mindset for Success: Future Career Progression
greggifford
PRO
0
380
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
tomoyanonymous
3
880
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
260
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
Ruling the World: When Life Gets Gamed
codingconduct
0
270
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
220
Measuring & Analyzing Core Web Vitals
bluesmoon
9
880
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.4k
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
220
Rails Girls Zürich Keynote
gr2m
96
14k
Transcript
None
About me OpenRewrite contributor Java since 1996 platform engineer
Platform engineering @ Grubhub 🟢 minimize undifferentiated heavy lifting 🟢
provide application building blocks 🟢 enable Continuous Delivery 🟢 accelerate migration campaigns
Migration campaigns @ Grubhub 🟢 legacy Guice apps → Spring
Framework 🟢 Spring Boot 2 → Spring Boot 3 🟢 Gradle 8 → Gradle 9
None
None
None
OpenRewrite Dependency Management
JUnit migration - October 2022
🟢 hundreds of libraries on the classpath 🟢 open source
libraries 🟢 internal libraries Modern Java applications
Gradle blog November 2019 “The larger the project and its
dependency graph, the harder it is to maintain”
“Dependency issues can cause many problems” Gradle blog November 2019
“If you are lucky, you would get a compile time
error” Gradle blog November 2019
“it is common to only see problems occurring when executing
tests or even at production runtime” Gradle blog November 2019
NoClassDefFoundError ClassNotFoundException
NoSuchMethodError NoSuchFieldError
UnsatisfiedLinkError AbstractMethodError
Java dependency conflicts
Let’s talk about dependency resolution
dependencies { implementation( “foo:liba:1.5.2” ) implementation( “foo:libz:0.2.1” ) implementation( “com.google.guava:guava:28.2”
) }
liba 1.5.2 app 1.0.0 libz 0.2.1 guava 19.0 guava 33.4.8
guava 28.2
liba 1.5.2 app 1.0.0 libz 0.2.1 guava 19.0 guava 33.4.8
guava 28.2
Maven: “nearest wins” Gradle: “highest version wins” guava 28.2 guava
33.4.8
Java classpath
what Java libraries do you have in production right now?
do you have outdated libraries in production?
do you have SNAPSHOT libraries in production?
Microservice app:1.5.2 sharedlib:1.8.3 swagger-annotations:2.2.31-SNAPSHOT
“Let’s add one more Java library ” Java library
None
Dependency Hell
Dependency Hell is a common problem
Taming dependency hell
Pin dependency to a specific version?
configurations.all { resolutionStrategy { force 'com.example:foobar:0.9.2' } }
Mike McGarr Netflix, 2017
Gradle User Guide
“Gradle’s optimistic dependency resolution may inadvertently upgrade dependencies, causing compatibility
issues” Gradle User Guide
Gradle User Guide
Gradle User Guide
Gradle User Guide
Gradle User Guide
Gradle User Guide
Common problems with Java dependencies
Compilation failure [ERROR] bad class file: /Users/skywalker/.m2/repository/org/apache/iceberg/iceberg-api/1.9. 2/iceberg-api-1.9.2.jar(org/apache/iceberg/IcebergBuild.class) [ERROR] class
file has wrong version 55.0, should be 52.0
class file has wrong version 61.0, should be 52.0
Dependency misalignment jackson-databind:2.19.2 jackson-core:2.19.0
Scala sadness jackson-module-scala_2.12-2.19.2.jar jackson-module-scala_2.13-2.19.2.jar 🚩 what if both of these
jars are on the classpath?
🔵 dependencyConvergence 🔵 requireUpperBoundDeps 🔵 banDuplicateClasses Maven Enforcer plugin
Gradle Enforcer plugin
Let’s talk about OpenRewrite
🟢 AddDependency 🟢 RemoveDependency 🟢 ChangeDependency 🟢 UpgradeDependencyVersion
AddDependency 🟢 org.openrewrite.maven.AddDependency 🟢 org.openrewrite.gradle.AddDependency 🟢 org.openrewrite.java.dependencies.AddDependency
RemoveDependency 🟢 org.openrewrite.maven.RemoveDependency 🟢 org.openrewrite.gradle.RemoveDependency 🟢 org.openrewrite.java.dependencies.RemoveDependency
ChangeDependency 🟢 org.openrewrite.maven.ChangeDependency 🟢 org.openrewrite.gradle.ChangeDependency 🟢 org.openrewrite.java.dependencies.ChangeDependency
Let’s talk about Jackson
Jackson 2.x → Jackson 3.x
Jackson library
OpenRewrite recipe
Jackson 2 to Jackson 3
Jackson 2 to Jackson 3
Final thoughts
🟢 Build often 🟢 Release often 🟢 use OpenRewrite for
complex migrations
The End
Tuesday at 12:30 PM
Wednesday at 10:30 AM
Bonus
None
Let’s talk about Netty
Netty dependencies 🔵 some Netty artifacts are platform dependent 🔵
use artifact classifiers
Example: artifact <classifier> Linux x86
Linux ARM 64 Example: artifact <classifier>