Dependency & plugin management
This parent centralizes the versions and build configuration shared by the jEAP libraries. The bulk
of dependency versions come from the inherited spring-boot-dependencies BOM; this page summarizes
what the parent adds on top of Spring Boot. It is an orientation, not a full BOM listing — consult
pom.xml for the authoritative versions.
Key properties
| Property | Purpose |
|---|---|
java.version | Java baseline (25) |
maven.compiler.release | Compiler release level (25) |
spring-boot.version | Spring Boot version; keep in sync with <parent> |
spring-cloud.version | Spring Cloud BOM version |
aws.sdk.version | AWS SDK BOM version |
testcontainers.version | Testcontainers BOM version |
pact-jvm.version | Pact (consumer-driven contracts) version |
Imported BOMs
The <dependencyManagement> section imports these BOMs (type=pom, scope=import):
org.springframework.cloud:spring-cloud-dependenciessoftware.amazon.awssdk:bomorg.testcontainers:testcontainers-bom
Additionally managed dependencies
Versions for libraries not covered (or pinned differently) by Spring Boot, including:
- ShedLock (
shedlock-spring,shedlock-provider-jdbc-template) - Togglz (
togglz-spring-boot-starter,togglz-spring-security) - Pact JUnit 5 (consumer and provider,
testscope) - Bouncy Castle (
bcpkix-jdk18on,bcprov-jdk18on) and the Amazon Corretto Crypto Provider rest-assured(and itsspring-mock-mvc,json-path,xml-pathmodules)logstash-logback-encoder,commons-collections4,protobuf-java- Lombok (also added as a
provideddependency to every project)
CVE-driven overrides (e.g. postgresql, tomcat-embed-core) are grouped together with explanatory
comments; revisit them whenever the Spring Boot version is upgraded.
Managed plugins
<pluginManagement> and the active <build><plugins> configure the shared build, including:
maven-compiler-plugin(release25, full annotation processing,-Xlintflags)maven-surefire-plugin/maven-failsafe-plugin(incl. Pact provider verification system properties)jacoco-maven-pluginfor coveragegit-commit-id-maven-pluginfor build/git metadatalombok-maven-plugin(delombok),maven-source-plugin,maven-javadoc-pluginau.com.dius.pact.provider:mavenfor contract publishing- License compliance (
org.honton.chas:license-maven-plugin) and third-party license generation (org.codehaus.mojo:license-maven-pluginwith thejeap-license-template) maven-gpg-pluginandjeap-central-publishing-maven-pluginfor Maven Central releases
Profiles
bump-patch-version/bump-minor-version/bump-major-version— bump the project version via theversions-maven-plugin(e.g.mvn -Pbump-patch-version -N validate).cdct-enable-publishing-jenkins/cdct-enable-publishing-local— enable publishing of consumer-driven contracts and verification results.internal-parent-build-only— license compliance/third-party generation for internal builds.maven-central-publish— GPG signing and publishing to Maven Central.