Strict conflict resolution in sbt finds strange conflicts

Question

I have a big sbt project, and we use strict conflict resolution, so we have to put in a lot of overrides.

Among the more puzzling conflicts we get are these:

com.fasterxml.jackson.core#jackson-databind;2.1.1 (needed by [com.amazonaws#aws-java-sdk;1.8.9.1]) conflicts with com.fasterxml.jackson.core#jackson-databind;2.2.2 (needed by [])

Version 2.2.2 is needed by nothing?

Another one is this one:

commons-logging#commons-logging;1.1.3 (needed by [org.apache.httpcomponents#httpclient;4.3.1, com.amazonaws#aws-java-sdk;1.8.9.1]) conflicts with commons-logging#commons-logging;1.1.1 (needed by [com.amazonaws#aws-java-sdk;1.8.9.1])

The same package (aws-java-sdk 1.8.9.1) needs two different versions of commons-logging.

I can easily get around these by putting in more overrides, but it shakes my trust in the conflict resolver. Are these messages harmful? How do I get rid of them without putting in overrides?

Answer 1

There's a SettingKey for that: dependencyOverrides, which takes a Set[ModuleID]:

dependencyOverrides ++= Seq(
  "com.fasterxml.jackson.core" % "jackson-databind" % "2.2.2",
  "commons-logging" % "commons-logging" % "1.1.3"
)

Any conflict of dependencies found in the set, will be resolved by these overrides. for more information, consult the docs.