0

I'm writing a Jenkins plugin. Once in a while, I get a dependency conflict that needs to be addressed by using an entry in the dependencyManagement section as described in the Maven documentation.

I tried using the dependencyConvergence rule from maven-enforcer-plugin to resolve all potential conflicts. That forced me to write 28 entries to the dependencyManagement section.

When making those entries, I would simply select the oldest version that would satisfy all dependencies, i.e. the newest of the required versions. Things would be so much easier if Maven would just do it for me, but it looks like they are not going to support it.

I'm fine with having a long dependencyManagement section if it's maintainable, i.e. if I can refresh easily it once I update the dependencies. But I'm afraid it's not the case.

How do I resolve dependencies without letting dependencyManagement become a mess over time?

Is there any tool to generate dependencyManagement to satisfy dependencyConvergence? Is there any tool to purge useless entries in dependencyManagement? Or maybe somebody wrote a better VersionSelector implementation for Maven?

proski
  • 3,603
  • 27
  • 27
  • 1
    I'm not aware of a solution that would bring you this close to what you are looking for. In the end maven is a tool supposed to be used by developers to keep control of the dependencies. At some point there is no magic when it comes to conflicts. That said, both dependency plugin https://maven.apache.org/plugins/maven-dependency-plugin/plugin-info.html and versions plugin https://www.mojohaus.org/versions-maven-plugin/plugin-info.html have some goals to analyze dependencies or to bulk update versions. There may be something that helps here. – wemu Jul 13 '19 at 07:52
  • Thank, I tried whole goals, I found something interesting, but not what I was looking for. It's frustrating to see people asking everywhere and getting nonsence in response (non-reproducible builds etc). Analyzing the whole tree and using the intersection would be so much superior than picking the first dependency and trying to fit the rest into it. – proski Jul 15 '19 at 17:42
  • 1
    well its always a balance. you don't want to manage ALL dependencies - including the transient ones. But the ones you rely on. But they have to be compatible with the transient ones. So the fewer the better. Just by looking at versions the best choice is often not possible. It became a best practice a long time ago to not rely on version ranges or to not specify a version at all just using the latest one found. That introduces some randomness. So as long as everything has a version and the conflicting dependencies are resolved in dependencyManagement the builds usually run fine. – wemu Jul 15 '19 at 17:51

0 Answers0