CODEWITHSUNDEEP
mavendependenciespom.xml
Stijn Van Bael
Stijn Van Bael

Reputation: 4850

Tracking managed dependency versions in Maven

Say I have a complex project with lots of dependencies. The versions of the dependencies are managed by lots of import scope poms. My project has a dependency on artifact group:artifact, which has a dependency on artifact group:transitive-dependency. When I run dependency:tree I see something like this:

+- group:artifact:jar:1.3
   +- group:transitive-dependency:jar:1.1 (version managed from 1.3)

The problem is group:artifact:1.3 requires group:transitive-dependency version 1.3 or higher. Sure one of the import poms is forcing the wrong version. But is there any way to know which one is, other than searching through all of them?

Upvotes: 8

Views: 9326

Answers (2)

Sethu
Sethu

Reputation: 21

This happens when 2 or more parent Poms conflicting with a same artifact.

E.g.:

[INFO] |  \- com.rbs.gbm.risk:framework-core:jar:1.6.6:compile
[INFO] |     +- com.rbos.gbm.risk:log4jextensions:jar:2.3:compile (version managed from 2.2)
[INFO] |     +- oro:oro:jar:2.0.8:compile

In my case, framework-core has log4jextentsions 2.2 mentioned. And my super-pom says log4jextentsions 2.3. Somehow the framework-core convinced maven to use log4jextentsions 2.2.

Later when I update framework-core pom to use 2.3:

[INFO] |  \- com.rbs.gbm.risk:framework-core:jar:1.6.6:compile
[INFO] |     +- com.rbos.gbm.risk:log4jextensions:jar:2.3:compile
[INFO] |     +- oro:oro:jar:2.0.8:compile

Upvotes: 2

Andy Glick
Andy Glick

Reputation: 96

You should try the maven-enforcer-plugin and configure it to do DependencyConvergence, e.g.

  <plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-enforcer-plugin</artifactId>
    <version>1.2</version>
    <executions>
      <execution>
        <id>enforce</id>
        <configuration>
          <rules>
            <DependencyConvergence/>
          </rules>
        </configuration>
        <goals>
          <goal>enforce</goal>
        </goals>
      </execution>
    </executions>
  </plugin>

That will show you which top level dependencies have different versions of other dependencies in their dependency trees. You then suppress the dependency variants that you don't want using exclusions.

Upvotes: 6

Related Questions