3

For a mvn project, we may use dependencymanagement to do version control. But the problem also come up, like, The project's parent pom:

<parent>
    <groupId>com.XXX</groupId>
    <artifactId>XXX-dependencies</artifactId>
    <version>1.0.0</version>
</parent>

<dependencyManagement>
        <dependency>
            <groupId>com.YYY</groupId>
            <artifactId>YYY-dependencies</artifactId>
            <version>1.1.1</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
</dependencyManagement>

if there is a jar, named com.AAA:BBB, is controlled both in com.XXX:XXX-dependencies and com.YYY:YYY-dependencies, how can we know which version maven will use finally ? Is there a tool to help us to identify ? I have tried mvn dependency plugin, mvn help plugin and dependency analyzer in idea, no one works.

Ishara Madhawa
  • 3,549
  • 5
  • 24
  • 42
Jason Wang
  • 29
  • 3
  • What do you mean with "I have tried mvn dependency plugin ... no one works"? Why does it not work for you? See [How to get a dependency tree for an artifact?](https://stackoverflow.com/questions/3342908/how-to-get-a-dependency-tree-for-an-artifact) – Jesper Dec 18 '18 at 09:06
  • Check `mvn dependency:tree` – smilyface Dec 18 '18 at 09:07
  • 2
    As I said, dependency:tree just tell us the final jar version, it can not tell us where the version comes from. – Jason Wang Dec 19 '18 at 02:19

2 Answers2

0

Think in a different way. I guess you don't have to find out which version is getting from the other dependencies (transitive). You just need to make sure the version of AAA:BBB is coming in the project as expected.

Just add com.AAA:BBB (required dependency) in your pom.xml as an explicit dependency with your required version. So that it should look like below code

<parent>
    <groupId>com.XXX</groupId>
    <artifactId>XXX-dependencies</artifactId>
    <version>1.0.0</version>
</parent>

<dependencyManagement>
        <dependency>
            <groupId>com.YYY</groupId>
            <artifactId>YYY-dependencies</artifactId>
            <version>1.1.1</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
        <dependency>
            <groupId>com.AAA</groupId>
            <artifactId>AAA-dependencies</artifactId>
            <version>BBB</version> <!-- The version you expect -->
            <type>pom or jar whatever</type>
            <scope>import</scope>
        </dependency>
</dependencyManagement>

Make sure the two libraries you are consuming are runtime compatible with that version.

smilyface
  • 5,021
  • 8
  • 41
  • 57
  • 1
    Yes, this is a way to fix. But I am just wondering whether there is a tool to tell us how maven determines the jar version. We can not just override the jar but ignore the mechanism. – Jason Wang Dec 18 '18 at 09:49
0

There are some rules that maven follow to resolve transitive dependencies. First is

A.v1
- B.v1
   - D.v1
- C.v1
   - E.v1
     - D.v2

Above D.v1 will be consumed as the nearest dependency to D is A-B-D.

A.v1
- B.v1
   - D.v1
- C.v1
   - D.v2

In above, as per nearest dependency rule both are at same level, so now the dependency included (written) first will be consumed, ie. D.v1.

Sandeep Agarwal
  • 19
  • 1