Dependency Management

This section details some ways to simplify the management of dependency versions.

Jenkins Core BOM

Since version 2.195 (and LTS version 2.164.x) Jenkins Core provides a Maven Bill Of Materials (BOM) that centrally defines versions of various libraries used by Jenkins. If you are using Maven to build your plugin, then you can simplify dependency management by importing this BOM, at jenkins.version. Then, dependency versions will automatically be synchronised with whatever version of Jenkins you are building against. This can help to avoid build errors like:

[WARNING] Rule 4: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps failed with message:
Failed while enforcing RequireUpperBoundDeps. The error(s) are [
Require upper bound dependencies error for commons-codec:commons-codec:1.9 paths to dependency are:
Require upper bound dependencies error for org.slf4j:jcl-over-slf4j:1.7.25 paths to dependency are:

What this error is saying is that there is a conflict between the versions of commons-codec and jcl-over-slf4j specified by the plugin versus Jenkins. Without using the BOM, you would need to go and update the dependencies in your plugin to match those required by Jenkins, and then keep changing these as your jenkins.version changes. With the BOM all you have to do is import the jenkins-bom for the version of Jenkins you are building against, and the versions of these and other common dependencies will be matched to that version of Jenkins.

To use the Jenkins Core BOM in your plugin, just use plugin-pom (4.0 or later).

Jenkins Plugin BOM

See the jenkinsci/bom repository


See the discussion here.