The docs indicate that:
If more than one recommender defines a recommended version for a module, the last recommender specified will win.
However, the mavenBomProvider is always added first in the provider order, and it is never moved:
https://github.com/nebula-plugins/nebula-dependency-recommender-plugin/blob/master/src/main/groovy/netflix/nebula/dependency/recommender/provider/RecommendationProviderContainer.java#L59
https://github.com/nebula-plugins/nebula-dependency-recommender-plugin/blob/master/src/main/groovy/netflix/nebula/dependency/recommender/provider/RecommendationProviderContainer.java#L129
This causes surprising behavior if you try to rely on provider order semantics as documented.
A workaround is to use addFirst to force low-priority providers before the mavenBomProvider in the stack.
Either documentation should be updated to note the different semantics of mavenBom, or the code should be changed to move mavenBom to the end of the list on invocation.
The docs indicate that:
However, the
mavenBomProvideris always added first in the provider order, and it is never moved:https://github.com/nebula-plugins/nebula-dependency-recommender-plugin/blob/master/src/main/groovy/netflix/nebula/dependency/recommender/provider/RecommendationProviderContainer.java#L59
https://github.com/nebula-plugins/nebula-dependency-recommender-plugin/blob/master/src/main/groovy/netflix/nebula/dependency/recommender/provider/RecommendationProviderContainer.java#L129
This causes surprising behavior if you try to rely on provider order semantics as documented.
A workaround is to use
addFirstto force low-priority providers before themavenBomProviderin the stack.Either documentation should be updated to note the different semantics of
mavenBom, or the code should be changed to movemavenBomto the end of the list on invocation.