Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Dependency Management for Java - Code Remix Sum...
Search
sullis
May 12, 2026
Programming
60
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Dependency Management for Java - Code Remix Summit 2026-05-12
May 12 2026
Code Remix Summit Miami
#openrewrite
#java
sullis
May 12, 2026
More Decks by sullis
See All by sullis
AI Assisted Software Development - Portland Java User Group - 2026-04-14
sullis
0
71
Dependency Management for Java - Seattle 2025-11-18
sullis
0
52
Dependency Management for Java - Portland - 2025-11-04
sullis
0
36
Dependency management for Java applications 2025-09-11
sullis
0
53
S3 NYC Iceberg meetup 2025-07-10
sullis
0
62
Amazon S3 Chicago 2025-06-04
sullis
0
150
Amazon S3 Boston 2025-05-07
sullis
0
110
Netty ConFoo Montreal 2025-02-27
sullis
0
180
GitHub Actions ConFoo Montreal 2025-02-26
sullis
0
120
Other Decks in Programming
See All in Programming
Vite+ Unified Toolchain for the Web
naokihaba
0
420
The NotImplementedError Problem in Ruby
koic
1
1.1k
dRuby over BLE
makicamel
2
400
これからAgentCoreを触る方へトレンドはGatewayです
har1101
6
460
20260623_Loop Engineeringで自分の分身の問い合わせBotを作る
ryugen04
0
110
LLM本来の能力を解き放つサンドボックス技術とAI民主化への適用
yukukotani
3
4.8k
Vue × Nuxt × Oxc どこまで使える?実運用の現在地
andpad
0
350
なぜ型を書くのか? TSKaigi2026で改めて考える #tskaigi_smarthr
kajitack
0
190
Go1.27で導入されるジェネリクスメソッドでできること
mackee
0
240
Generative UI & AI-Assistants for Your Angular Solutions
manfredsteyer
PRO
0
120
音楽のための関数型プログラミング言語mimiumにおける多段階計算の活用
tomoyanonymous
1
220
TSKaigi Night Talks 2026_TypeScriptでサプライチェーンの整合性を型に閉じ込める
geekplus_tech
0
430
Featured
See All Featured
So, you think you're a good person
axbom
PRO
2
2.1k
First, design no harm
axbom
PRO
2
1.2k
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.9k
Facilitating Awesome Meetings
lara
57
7k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
3.2k
Building a Scalable Design System with Sketch
lauravandoore
463
34k
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
220
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
340
The Power of CSS Pseudo Elements
geoffreycrofte
82
6.3k
Claude Code のすすめ
schroneko
67
230k
The Curious Case for Waylosing
cassininazir
1
420
Transcript
None
About me OpenRewrite contributor Java since 1996 platform engineer
Platform engineering @ Grubhub 🟢 minimize undifferentiated heavy lifting 🟢
provide application building blocks 🟢 enable Continuous Delivery 🟢 accelerate migration campaigns
Migration campaigns @ Grubhub 🟢 legacy Guice apps → Spring
Framework 🟢 Spring Boot 2 → Spring Boot 3 🟢 Gradle 8 → Gradle 9
None
None
None
OpenRewrite Dependency Management
JUnit migration - October 2022
🟢 hundreds of libraries on the classpath 🟢 open source
libraries 🟢 internal libraries Modern Java applications
Gradle blog November 2019 “The larger the project and its
dependency graph, the harder it is to maintain”
“Dependency issues can cause many problems” Gradle blog November 2019
“If you are lucky, you would get a compile time
error” Gradle blog November 2019
“it is common to only see problems occurring when executing
tests or even at production runtime” Gradle blog November 2019
NoClassDefFoundError ClassNotFoundException
NoSuchMethodError NoSuchFieldError
UnsatisfiedLinkError AbstractMethodError
Java dependency conflicts
Let’s talk about dependency resolution
dependencies { implementation( “foo:liba:1.5.2” ) implementation( “foo:libz:0.2.1” ) implementation( “com.google.guava:guava:28.2”
) }
liba 1.5.2 app 1.0.0 libz 0.2.1 guava 19.0 guava 33.4.8
guava 28.2
liba 1.5.2 app 1.0.0 libz 0.2.1 guava 19.0 guava 33.4.8
guava 28.2
Maven: “nearest wins” Gradle: “highest version wins” guava 28.2 guava
33.4.8
Java classpath
what Java libraries do you have in production right now?
do you have outdated libraries in production?
do you have SNAPSHOT libraries in production?
Microservice app:1.5.2 sharedlib:1.8.3 swagger-annotations:2.2.31-SNAPSHOT
“Let’s add one more Java library ” Java library
None
Dependency Hell
Dependency Hell is a common problem
Taming dependency hell
Pin dependency to a specific version?
configurations.all { resolutionStrategy { force 'com.example:foobar:0.9.2' } }
Mike McGarr Netflix, 2017
Gradle User Guide
“Gradle’s optimistic dependency resolution may inadvertently upgrade dependencies, causing compatibility
issues” Gradle User Guide
Gradle User Guide
Gradle User Guide
Gradle User Guide
Gradle User Guide
Gradle User Guide
Common problems with Java dependencies
Compilation failure [ERROR] bad class file: /Users/skywalker/.m2/repository/org/apache/iceberg/iceberg-api/1.9. 2/iceberg-api-1.9.2.jar(org/apache/iceberg/IcebergBuild.class) [ERROR] class
file has wrong version 55.0, should be 52.0
class file has wrong version 61.0, should be 52.0
Dependency misalignment jackson-databind:2.19.2 jackson-core:2.19.0
Scala sadness jackson-module-scala_2.12-2.19.2.jar jackson-module-scala_2.13-2.19.2.jar 🚩 what if both of these
jars are on the classpath?
🔵 dependencyConvergence 🔵 requireUpperBoundDeps 🔵 banDuplicateClasses Maven Enforcer plugin
Gradle Enforcer plugin
Let’s talk about OpenRewrite
🟢 AddDependency 🟢 RemoveDependency 🟢 ChangeDependency 🟢 UpgradeDependencyVersion
AddDependency 🟢 org.openrewrite.maven.AddDependency 🟢 org.openrewrite.gradle.AddDependency 🟢 org.openrewrite.java.dependencies.AddDependency
RemoveDependency 🟢 org.openrewrite.maven.RemoveDependency 🟢 org.openrewrite.gradle.RemoveDependency 🟢 org.openrewrite.java.dependencies.RemoveDependency
ChangeDependency 🟢 org.openrewrite.maven.ChangeDependency 🟢 org.openrewrite.gradle.ChangeDependency 🟢 org.openrewrite.java.dependencies.ChangeDependency
Let’s talk about Jackson
Jackson 2.x → Jackson 3.x
Jackson library
OpenRewrite recipe
Jackson 2 to Jackson 3
Jackson 2 to Jackson 3
Final thoughts
🟢 Build often 🟢 Release often 🟢 use OpenRewrite for
complex migrations
The End
Tuesday at 12:30 PM
Wednesday at 10:30 AM
Bonus
None
Let’s talk about Netty
Netty dependencies 🔵 some Netty artifacts are platform dependent 🔵
use artifact classifiers
Example: artifact <classifier> Linux x86
Linux ARM 64 Example: artifact <classifier>