Maven build breaks 'Could not find artifact com.fasterxml.jackson:jackson-base:pom:2.12.1.redhat-00001'

3.7k views Asked by At

The maven build of our project fails with this error:

[ERROR] Failed to execute goal on project our_project: 
Could not resolve dependencies for project our_package:our_project:war:our_version-SNAPSHOT: 
Failed to collect dependencies at com.yubico:webauthn-server-attestation:jar:1.9.1 ->
 com.yubico:webauthn-server-core-minimal:jar:1.9.1 -> com.yubico:yubico-util:jar:1.9.1 ->
 com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.12.1.redhat-00001: 
Failed to read artifact descriptor for 
com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.12.1.redhat-00001: 
Could not find artifact com.fasterxml.jackson:jackson-base:pom:2.12.1.redhat-00001
 in bypassnexus (https://repo1.maven.org/maven2) -> [Help 1]

Digging into the matter I found that this pom https://maven.repository.redhat.com/ga/com/fasterxml/jackson/module/jackson-modules-java8/2.12.1.redhat-00001/jackson-modules-java8-2.12.1.redhat-00001.pom refers to the parent jackson-base

 <parent>
    <groupId>com.fasterxml.jackson</groupId>
    <artifactId>jackson-base</artifactId>
    <version>2.12.1.redhat-00001</version>
  </parent>

which is not in the repository, where I would expect it in https://maven.repository.redhat.com/ga/com/fasterxml/jackson/jackson-base/

The build seems to be broken since the release of version 2.12.1.redhat-00001 on Wed May 26 18:00:46 EDT 2021. Is the redhat repository broken? Can I tweek the yubico-util-package not to use the redhat version?

Best regards, Peppo

1

There are 1 answers

1
GeertPt On BEST ANSWER

Those Yubico guys uses version ranges:

<dependency>
  <groupId>com.fasterxml.jackson.core</groupId>
  <artifactId>jackson-databind</artifactId>
  <version>[2.11.0,3)</version>
</dependency>
<dependency>
  <groupId>com.fasterxml.jackson.dataformat</groupId>
  <artifactId>jackson-dataformat-cbor</artifactId>
  <version>[2.11.0,3)</version>
</dependency>
<dependency>
  <groupId>com.fasterxml.jackson.datatype</groupId>
  <artifactId>jackson-datatype-jdk8</artifactId>
  <version>[2.11.0,3)</version>
</dependency>

That's not really considered best-practice...

You can avoid loading any random dependency that happens to be on the internet, you can explicitly add fixed versions as extra dependencies in your project.

I see that 2.12.3 versions for jackson are available in the central repo, so maybe use those.