14

In Maven you can override the version number of a transitive dependency by an entry in dependencyManagement because dependencyManagement takes precedence over transitive dependency definitions.

But what about dependencyManagement definitions in the poms of (transitive) dependencies? Are they considered at all? If so, what do they override, how are they overridden?

J Fabian Meier
  • 33,516
  • 10
  • 64
  • 142

2 Answers2

2

Dependency management is implied to be transitive. There doesn't need to be a special rule for this, but rather it's a consequence of the already mentioned rules: Transitive Dependencies.

Consider this example structure:

  • your module
    • A - dependency
      • D - transitive dependency
    • B - dependency
      • D - transitive dependency

When A or B are built, their corresponding dependencyManagement section is checked to pick version for D, if it's not explicitly specified. Here's the important part: exactly the same process is used when A or B are used as dependencies to determine which version of D they depend on. Consequently, they do not affect each other in any way.

This could result, for example, in A depending on D:1.0, and B depending on D:1.1, their dependencyManagement sections have already been applied at this point to determine this and will not be taken into account anymore. With this information as input, dependency mediation rules are applied to pick just one version of D for your module.

Dependency mediation rules are also described in the linked page. But in a nutshell, the nearest definition wins and ties are broken based on order. Naturally, definitions in your module itself are always the nearest.

Now let's say your module is used as a dependency. Your project could depend on D:1.2 based on all the rules above due to a definition in your dependencyManagement section, but that's where the scope of your dependencyManagement ends.

(Note that import scope is an exception as it behaves completely differently from the other scopes.)

Anton Koscejev
  • 4,603
  • 1
  • 21
  • 26
  • Thank you. Do have an additional source for your claim (documentation, source code, etc)? – J Fabian Meier Apr 20 '18 at 08:28
  • @JFMeier, which part of my explanation do you believe does not correspond to the linked documentation page and, therefore, requires additional sources? – Anton Koscejev Apr 21 '18 at 11:31
  • "exactly the same process is used when A or B are used as dependencies to determine which version of D " Where did you get this from? – J Fabian Meier Apr 21 '18 at 12:31
  • Please read the linked Transitive Dependencies section carefully, it contains everything you need. E.g., "This feature is facilitated by reading the project files of your dependencies from the remote repositories specified." – Anton Koscejev Apr 21 '18 at 21:39
  • I think it it likely that your description is true, but I do not find it in the Transitive Dependencies Section. I do not see any sentence or paragraph that clearly states how the mechanism works. – J Fabian Meier Apr 22 '18 at 19:10
  • By the way: The other answer also argues based on the same source, but the explanation of the mechanism is different. – J Fabian Meier Apr 23 '18 at 06:35
0

dependencyManagement definitions in the poms of transitive dependencies are considered as long as they are not been overridden in the dependencyManagement of your project or a closer dependency (in the tree of dependencies).

in another words,

Dependency mediation: the rule is easy

  • "nearest definition" which means that it will use the version of the closest dependency to your project in the tree of dependencies.

  • if two dependency versions are at the same depth in the dependency tree, the first declaration wins (declaration order).

for more details see Transitive Dependency

hope this helps.

Hisham Khalil
  • 1,054
  • 8
  • 9
  • Thank you. Does your link explain the rules for transitive dependencyManagement or only for dependencies? It would be great to see a source for your statement in the first paragraph. – J Fabian Meier Aug 08 '16 at 12:33
  • it is about the Transitive Dependency – Hisham Khalil Aug 08 '16 at 12:41
  • So you mean, you don't know a source for transitive dependencyManagement (the things you said in your first paragraph)? – J Fabian Meier Aug 08 '16 at 12:59
  • did you check the link? – Hisham Khalil Aug 08 '16 at 13:06
  • I checked the link. Maybe I am blind, but could you please tell me where I find the source for your statement? – J Fabian Meier Aug 08 '16 at 14:17
  • the first paragraph is explained in the two point i mentioned above. you will not find that word for word in the linked site – Hisham Khalil Aug 08 '16 at 14:33
  • I am sorry to bother you but _do you have a source for_ "dependencyManagement definitions in the poms of transitive dependencies are considered as long as they are not been overridden in the dependencyManagement of your project or a closer dependency (in the tree of dependencies)." ? If yes, I would be very glad to see it. I cannot find it in your link. It does not need to be word for word, just the content. – J Fabian Meier Aug 08 '16 at 14:38
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/120480/discussion-between-hisham-kh-and-jf-meier). – Hisham Khalil Aug 09 '16 at 07:56