Add support for BOM (Bill Of Materials) dependencies

Question

Currently, if you have a dependency that is a BOM on Maven, you have to track down what all the components of that BOM are and list them as explicit, individual dependencies. It would save a lot of detective work and redundancy if t.d.a supported this type of dependency directly.

Answer 1

Logged as https://clojure.atlassian.net/browse/TDEPS-202

Example:

clj -Stree '{:deps {com.fasterxml.jackson/jackson-bom {:mvn/version "2.13.0" :extension "pom"}}}'

Comments

Ran into this issue trying to use the newly released graalvm polyglot artifacts, e.g.


    clj -Sdeps '{:deps {org.graalvm.polyglot/js {:mvn/version "23.1.0"}}}'

---

Just adding another example.. there are a growing number of ML libraries that depend on Tribuo, and this also occurs for libraries that try to include `org.tribuo/tribuo-all {:mvn/version "4.3.1" :extension "pom"}` as a dep (end users have to include that in their own `deps.edn` or else it can't be found.

---

thanks, that's helpful info

---

At $WORK we've been asked to support some azure services and their libraries are packed together into a BOM: https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/boms/azure-sdk-bom/README.md#adding-the-bom-to-your-project

Would the linked approach also handle the situation where sub-packages wouldn't require version specification? (it's mentioned in the next paragraph in the link to the azure sdk above)