Related to https://github.com/spring-projects/spring-framework/issues/31322, it looks like org.apache.httpcomponents:httpclient has a transitive dependency on commons-logging:commons-logging which is a dependency that creates conflicts with Spring Framework own implementation, and even worse that breaks the native compilation (see for details on https://github.com/spring-projects/spring-framework/issues/30575).
Discussing with @snicoll about that, we were wondering if it could be possible for Spring Boot dependency management to exclude commons-logging:commons-logging transitive dependency from the managed dependencies like org.apache.httpcomponents:httpclient (and potentially other ones).
Comment From: snicoll
I also wonder if commons-logging could be a "banned dependency". I know the build has such capability so that we make sure only spring-jcl remains on the classpath for an app that uses our dependency management.
Comment From: wilkinsona
Boot's own build bans commons-logging:commons-logging. We could do that for apps in Boot's Gradle plugin or we could go one better and automatically configure a dependency substitution so that org.springframework:spring-jcl is used in place of commons-logging:commons-logging.
I'm not sure there's much we can do for Maven. Could we add some configuration for the Enforcer plugin to spring-boot-starter-parent perhaps?
Comment From: philwebb
I'm not sure we should try to configure the enforcer plugin but perhaps we can use our own plugin to check there isn't a commons-logging dependency.
Comment From: snicoll
I am not a big fan of having the enforcer plugin configured in the parent either. The route of using our own plugin sounds really interesting!