Fix invalid POM caused by missing jackson-dataformat-yaml version

[JinwooHwang]

Problem

The published geode-core-2.0.0.pom was invalid, causing Maven to refuse processing ANY transitive dependencies. Users had to manually add all dependencies that should have been transitive.

Maven Error:

[WARNING] The POM for org.apache.geode:geode-core:jar:2.0.0 is invalid, 
transitive dependencies (if any) will not be available
[ERROR] 'dependencies.dependency.version' for 
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar is missing

Dependency Tree (broken):

test:app:jar:1.0
\- org.apache.geode:geode-core:jar:2.0.0:compile
   (NO TRANSITIVE DEPENDENCIES!)

Root Cause

geode-core/build.gradle line 207 declares jackson-dataformat-yaml without a version:

runtimeOnly('com.fasterxml.jackson.dataformat:jackson-dataformat-yaml')

This relies on DependencyConstraints.groovy to provide the version via the BOM. However, DependencyConstraints.groovy defined constraints for:

• com.fasterxml.jackson.core.*
• com.fasterxml.jackson.datatype.*
• com.fasterxml.jackson.dataformat.* (MISSING!)

Result: The published POM had a dependency with no <version> tag, making it invalid per Maven spec. Maven rejects invalid POMs and refuses to process their transitive dependencies.

Solution

Added the missing dependency constraint to DependencyConstraints.groovy:

dependencySet(group: 'com.fasterxml.jackson.dataformat', version: get('jackson.version')) {
  entry('jackson-dataformat-yaml')
}

This adds jackson-dataformat-yaml:2.17.0 to the geode-all-bom dependency management, ensuring the published geode-core POM is valid.

Verification

After fix, dependency tree works correctly:

test:app:jar:1.0
\- org.apache.geode:geode-core:jar:2.0.0:compile
   +- commons-io:commons-io:jar:2.19.0:compile
   +- io.micrometer:micrometer-core:jar:1.14.0:compile
   +- jakarta.transaction:jakarta.transaction-api:jar:2.0.1:compile
   +- org.apache.shiro:shiro-core:jar:1.13.0:compile
   +- org.apache.geode:geode-common:jar:2.0.0:compile
   ... (all transitive dependencies working)

No invalid POM warnings. All transitive dependencies are pulled correctly.

Impact

This fixes the invalid POM that was blocking all transitive dependencies, including:

• antlr
• jopt-simple
• micrometer-core
• shiro-core
• jakarta.transaction-api
• geode-management
• geode-deployment-legacy
• rmiio

Users no longer need to manually declare these dependencies.

Testing

• Verified geode-all-bom contains jackson-dataformat-yaml:2.17.0
• Published geode-core POM imports BOM in <dependencyManagement>
• Maven accepts the POM as valid (no warnings)
• All transitive dependencies resolve correctly

---

Issue discovered by: @leonfin during 2.0.0.RC2 testing

For all changes, please confirm:

• Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?
• Has your PR been rebased against the latest commit within the target branch (typically develop)?
• Is your initial contribution a single, squashed commit?
• Does gradlew build run cleanly?
• Have you written or updated unit tests to verify your changes?
• If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?

[JinwooHwang]

Hi @sboorlagadda and @leonfin. Please let me know if I missed anything. Thank you for your support.

[leonfin]

hi @JinwooHwang yes looks good. Thank you!

[JinwooHwang]

Thank you so much @leonfin

[JinwooHwang]

@sboorlagadda . I am so grateful for your support.