3

I am in my project reusing an open source maven-based component that includes a bunch of shaded (e.g, using the maven-shade plugin) direct and transitive dependencies in the component uber-jar. Unfortunately some of those dependencies clash with dependencies that my own project has. Specifically, the component's dependencies transitively include servlet-api 2.x whereas I need 3.x in my project - and they appear to be in the same namespace. The component's top-level dependency that pulls in servlet-api (lucene-demo) is actually not needed for the functionality of the component, so I'd be happy to remove it if possible. My project is built with Gradle.

What is the recommended way of dealing with this type of situation? Is there any way of removing the offending dependencies from the reused uber-jar when I build my own project? Or should I rebuild the reused component myself, excluding the troublesome dependency? If so, can this be done in an automatic manner, such that I don't need to maintain my own fork of the open source component? The component is presently hosted in GitHub and published via Maven Central.

(As you might understand, I'm a bit of a beginner to both Maven and Gradle, so don't worry about dumbing things down).

Tunaki
  • 132,869
  • 46
  • 340
  • 423
Karl
  • 75
  • 1
  • 6
  • Maybe you could copy this dependency with the maven-dependency-plugin and use a "zipfileset" ant task with the maven ant plugin (http://stackoverflow.com/questions/2521231/ant-task-to-remove-files-from-a-jar) to remove the content from the dependend jar within your build. – gclaussn Mar 20 '15 at 19:20
  • Can you list the components you're using in your project? – watery Mar 20 '15 at 21:33
  • @watery: The package that I am intending to reuse and that via shaded inclusion pulls in the jars for lucene-demo (and transitively servlet-api 2.x) is is Semantic Vectors, from https://code.google.com/p/semanticvectors/. I want to deploy my code using Spring Boot (spring-boot-starter-web) which as I understand things necessitates using a newer servlet-api version. – Karl Mar 21 '15 at 07:25
  • @gclaussn Interesting solution. I'll play around with it and see if it works. – Karl Mar 21 '15 at 07:28
  • 1
    I'm unable to replicate your issue (I just tried with an empty webapp project, I'm probably missing something), but you can try to give a look at [maven dependency exclusion](http://maven.apache.org/guides/introduction/introduction-to-optional-and-excludes-dependencies.html): it should let your exclude dependencies from a specific dependency – watery Mar 21 '15 at 10:59
  • 1
    @watery: this wont help, if the dependend jar contains the content (classes and resources) of all its dependencies - http://stackoverflow.com/questions/11947037/what-is-an-uber-jar if it is normally packaged, you could use the dependency exclusion like you mentioned. – gclaussn Mar 22 '15 at 18:04
  • I just realised that I never followed up on this question, my apologies. What I ended up doing is convincing the maintainers of the upstream package to no longer use shading unless doing an end-user binary release, which means I could then use dependency exclusion as suggested by watery – Karl Jan 13 '17 at 10:45

0 Answers0