Staging a release fails as Thymeleaf 3.1.0.RELEASE depends on artifacts from https://repo.spring.io/milestone

[wilkinsona]

Execution failed for task ':spring-boot-project:spring-boot-autoconfigure:compileJava'.
> Could not resolve all files for configuration ':spring-boot-project:spring-boot-autoconfigure:compileClasspath'.
   > Could not resolve org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.0.RELEASE.
     Required by:
         project :spring-boot-project:spring-boot-autoconfigure
      > Could not resolve org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.0.RELEASE.
         > Could not parse POM https://repo.maven.apache.org/maven2/org/thymeleaf/extras/thymeleaf-extras-springsecurity6/3.1.0.RELEASE/thymeleaf-extras-springsecurity6-3.1.0.RELEASE.pom
            > Could not find org.springframework.security:spring-security-bom:6.0.0-RC2.
   > Could not resolve org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.0.RELEASE.
     Required by:
         project :spring-boot-project:spring-boot-autoconfigure > project :spring-boot-project:spring-boot-parent > project :spring-boot-project:spring-boot-dependencies
      > Could not resolve org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.0.RELEASE.
         > Could not parse POM https://repo.maven.apache.org/maven2/org/thymeleaf/extras/thymeleaf-extras-springsecurity6/3.1.0.RELEASE/thymeleaf-extras-springsecurity6-3.1.0.RELEASE.pom
            > Could not find org.springframework.security:spring-security-bom:6.0.0-RC2.

Our release builds should use only mavenCentral(). To work around this problem with Thymleaf, we'll need to add https://repo.spring.io/milestone as well, with its content limited to org.springframework.security:spring-security-bom.

[bclozel]

I've reported this problem to the Thymeleaf project, see thymeleaf/thymeleaf#932

[snicoll]

They did release the next day of spring framework 6. I think they mentioned a milestone for webflow as well.

[M-Whitaker]

Hi this seems to be an issue with projects generated using start.spring.io:

Could not resolve all files for configuration ':compileClasspath'.

Could not resolve org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.0.RELEASE.
Required by:
project :
> Could not resolve org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.0.RELEASE.
> Could not parse POM https://repo.maven.apache.org/maven2/org/thymeleaf/extras/thymeleaf-extras-springsecurity6/3.1.0.RELEASE/thymeleaf-extras-springsecurity6-3.1.0.RELEASE.pom
> Could not find org.springframework.security:spring-security-bom:6.0.0-RC2.

plugins {
	id 'java'
	id 'org.springframework.boot' version '3.0.0'
	id 'io.spring.dependency-management' version '1.1.0'
}

group = 'com.example'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '17'

configurations {
	compileOnly {
		extendsFrom annotationProcessor
	}
}

repositories {
	mavenCentral()
}

ext {
	set('testcontainersVersion', "1.17.6")
}

dependencies {
	implementation 'org.springframework.boot:spring-boot-starter-actuator'
	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
	implementation 'org.springframework.boot:spring-boot-starter-hateoas'
	implementation 'org.springframework.boot:spring-boot-starter-mail'
	implementation 'org.springframework.boot:spring-boot-starter-security'
	implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
	implementation 'org.springframework.boot:spring-boot-starter-validation'
	implementation 'org.springframework.boot:spring-boot-starter-web'
	implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6'
	compileOnly 'org.projectlombok:lombok'
	developmentOnly 'org.springframework.boot:spring-boot-devtools'
	runtimeOnly 'com.h2database:h2'
	runtimeOnly 'io.micrometer:micrometer-registry-prometheus'
	annotationProcessor 'org.projectlombok:lombok'
	testImplementation 'org.springframework.boot:spring-boot-starter-test'
	testImplementation 'org.springframework.security:spring-security-test'
	testImplementation 'org.testcontainers:junit-jupiter'
}

dependencyManagement {
	imports {
		mavenBom "org.testcontainers:testcontainers-bom:${testcontainersVersion}"
	}
}

tasks.named('test') {
	useJUnitPlatform()
}

[wilkinsona]

@M-Whitaker This will be fix in Thymeleaf 3.1.1. Please add the following repository to your project in the meantime:

maven {
    url "https://repo.spring.io/milestone"
    content {
        // Thymeleaf 3.1.0 uses 6.0.0-RC2 of Security's bom in its dependency management
        includeModule("org.springframework.security", "spring-security-bom")
    }
}