2

I have a project that uses gradle and mavenCentral() (plus mavenLocal()). It has enough dependencies that I can't go through them one by one.

Given the name of a .jar file in build/install/x/lib, how do I find out the chain of transitive dependencies that caused it to be included?

update: I discovered gradle dependencies. The output shows:

org.apache.commons:commons-jexl:2.1.1
   \---- commons-logging:commons-logging:1.1.1 -> 1.1.3

What does this mean? 1.1.1 is the version I expect, and 1.1.3 is the version I seem to actually end up using. Looking at the pom for commons-jexl it looks like it does indeed list logging:1.1.1 as a requirement. What's going on? Is there a way for me to tell it to avoid certain versions, or force it to use the version it was set to?

The problem in my case is that it's including a -SNAPSHOT version and I'd rather it didn't. In fact I probably want it to just use the version numbers I'm asking for instead of the most recent it can find.

Opal
  • 81,889
  • 28
  • 189
  • 210
redtuna
  • 4,586
  • 21
  • 35
  • The [dependencies documentation](http://gradle.org/docs/current/javadoc/org/gradle/api/artifacts/dsl/DependencyHandler.html) a good summary (see the user guide for a longer walkthrough). Another dependency is forcing a upgrade resolution, but you might be able to use an exclude rule or [resolution strategy](https://docs.gradle.org/current/dsl/org.gradle.api.artifacts.ResolutionStrategy.html) to avoid that. – Ben Manes Aug 12 '15 at 00:25
  • @redtuna, is that clear now for you or you still need any explanation? – Opal Aug 13 '15 at 08:25
  • @Opal I wouldn't quite say that it's clear. What it looks like is that this isn't exactly gradle's doing, perhaps the commons-jexl maven file says to use the latest available commons-logging. Now I need to also become an expert at maven. Or perhaps it's something in the gradle configuration, I don't know. The thing is Turing-complete after all. – redtuna Aug 13 '15 at 18:13
  • @redtuna, see my response. Hope it helps a bit. – Opal Aug 14 '15 at 10:29

1 Answers1

2

Dependencies of gradle-managed project have their own dependencies (they're called transitive). It may happen (and happens quite often) that two different dependencies has the same (group and module) dependency but in the different version). This is the case with commons-logging:commons-logging. In this case there are two transitive dependencies one versioned with 1.1.1 and the second one with 1.1.3. If both of the libraries will be included in the final artifact it may result in a conflict and exception. To prevent such situation gradle tries to resolve mentioned version resolution problems by picking (by default) the latest version. It's indicated with the right arrow -> see here. You can exclude transitive dependencies from a particular dependency. This chapter of manual might be useful.

Community
  • 1
  • 1
Opal
  • 81,889
  • 28
  • 189
  • 210
  • Thanks! With this I was able to figure things out. It turns out no dependency was asking for that number directly, but one dependency was asking for "the highest available number", and that showed up in the gradle dependencies output. – redtuna Aug 14 '15 at 20:50