How do I figure out where a version is managed? - maven

I've got a maven project A. This project depends on project B, which again depends on mysql-connector-java.
Project B depends on mysql-connector-java:8.0.27. However, no matter what I do project A insist on using mysql-connector-java:5.1.39.
Maven tells me :
[INFO] | +- mysql:mysql-connector-java:jar:5.1.39:compile (version managed from 8.0.27)
Neither project A nor project B manage the version in any particular way, apart from the regular dependency inclusion which B does :
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.27</version>
</dependency>
How do I figure out where mysql-connector-java is managed? I've tried to search across the projects I manage - unable to find this specific version to be mentioned anywhere.

One way to analyze the dependencies a package has is by running the following command:
mvn dependency:tree
This will print a complete tree showing which dependency (and version) has been pulled into the project. This is a great way to see where the connector package with version 5.1.39 is coming from.
Once you find it, the best way to address it would be to uptick the package which is using the older version of the connector. Another (not the best) option would be to use an exclusion in package A's pom file.

Besides mvn dependency:tree -Dverbose, calling mvn help:effective-pom might also help to determine where it comes from.

Related

BiRT latest Runtime as one Maven Dependency for Eclipse

I have a given eclipse maven project which builds to a jar. The pom has one major dependency of BiRT 4.8.0-202010080643 Runtime.
<dependency>
<groupId>com.customer.birt.runtime</groupId>
<artifactId>org.eclipse.birt.runtime</artifactId>
<version>4.8.0-202010080643</version>
</dependency>
So they pushed the artifact into their own nexus; thats why com.customer.birt.runtime.
I really don't know how the guy did that and which tools he used. Currently I want to update to BiRT 4.9. Replacing the above with the only available:
<dependency>
<groupId>org.eclipse.birt</groupId>
<artifactId>birt-runtime</artifactId>
<version>4.9.0</version>
<type>pom</type>
</dependency
does not go well. Both are totally different constellations from the same big project. How can I make use of the above maven dependency of 4.9 in my simple birt project? I'm building only a service for a desktop application that is hosted and run within an RCP application. I started to list the individual maven deps so that the java compiles which I succeeded to but I still have few unit tests that execute and render ReportEngine and fail because of missing Deps at runtime. This is because the ReportEngine is loading APIs at runtime..
I started to post here once I noticed that I will be declaring the separate deps in pom.xml blindly which is (even if the Unittests pass) very unreliable..
Thank you so much!
M.Abdu
My solution was currently as I put in the comments or yet simpler. I just uploaded manually the birt-runtime jar into nexus using my account within the customer and then put in my pom the exact same unique coordinates groupid:artifactid:version. Plus some other dependencies depending of what my unit tests are asking at runtime, e.g. eclipse.platform, emf.core, w3c, batik.css etc.
I am talking about executing the build using mvn clean verify and resulting a jar file
The jar you get from here
https://search.maven.org/remotecontent?filepath=org/eclipse/birt/birt-runtime/4.9.0/birt-runtime-4.9.0.zip
pom in my case:
<dependency>
<groupId>org.eclipse.birt</groupId>
<artifactId>runtime</artifactId>
<version>4.9.0-20220502</version>
</dependency>

IntelliJ How to force downgrade dependency version?

I have a persistent problem with maven dependencies version changes in IntelliJ. Whenever I try to use a previous version of a library and change the dependency version in my pom.xml nothing happens. Maven continues to use the newer version of the library.
For example I want to use:
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.1.RELEASE</version>
</dependency>
But Maven repo has version 2.0.2 saved :
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.2.RELEASE</version>
</dependency>
So for my projects version 2.0.2.RELEASE is used.
I tried reimporting the project first. Then I tried "reimpor all maven projects". Then I checked Settings > Maven > Always update snapshots. I also tried opening the project settings and deleting the dependency from there, but on reimport the 2.0.2 version will be imported in the project. For now the only thing that works is deleting manually the folder from the ".m2" folder.
Shouldn't library versions be strictly followed and shouldn't version 2.0.1 v be used for my project?
The moment you change the version of the artifacts, maven will use the same version. It will never use neither new version nor the older version. Since you are using intellij, you can check which are the jar files along with their version used. See below the screenshot.
You can expand the External libraries as shown below and you can check the dependencies used in pom.xml.
Besides, you can also check in command prompt. Go to command prompt and point to the project directory and type the following command.
mvn install dependency:copy-dependencies
You can see all the required dependencies along with version information in target folder.
I suggest you not to delete the .m2 directory as you may have to download all the dependencies once again.
If you want to enforce the use of a particular dependency version you can use:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.1.RELEASE</version>
</dependency>
</dependencies>
</dependencyManagement>
What this will do is exclude the dependency unless it actually gets used, and then if it does gets used it only uses the version you have specified.
Not clear what is the issue.
Repo can contain everything, no matter if dependency is present locally.
Also, Idea does not resolve dependency itself, we use maven api to resolve them.
By default, maven takes dependency which is nearest to root (see https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html)
Specifiying explicit dependency in root pom should force using this version.
Could you please provide mvn dependency:tree output and corresponding IDEA maven dependency diagram (if you have IU)?
If Idea resolve another dependency version than maven, please fill an issue at https://youtrack.jetbrains.com/issues

dependencyManagement in parent ignored

I have a project, P1, that creates a jar. That project has a parent POM, P1-PARENT. P1-Parent includes the following:
<dependencyManagement>
<!-- Kafka uses Zookeeper 3.3.4, but Curator requires 3.4.5. To resolve
we specify 3.4.5 so all projects using either Kafka or Curator will
get the later version which is compatible with both projects. -->
<dependency>
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
<version>3.4.5</version>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka_2.10</artifactId>
<version>0.8.0</version>
</dependency>
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-client</artifactId>
<version>2.2.0-incubating</version>
</dependency>
<!-- A bunch of other irrelevant stuff here -->
</dependencyManagement>
This works - the output of "mvn dependency:tree" includes:
[INFO] +- org.apache.kafka:kafka_2.10:jar:0.8.0:compile
[INFO] | +- org.apache.zookeeper:zookeeper:jar:3.4.5:compile (version managed from 3.3.4)
Note that this is the only dependency on zookeeper (verified via "mvn dependency:tree | grep zoo".
I have several other projects that also inherit from P1-PARENT and everything works fine, they all pull in ZooKeeper 3.4.5. However, A coworker of mine recently starting using P1 in one of their projects. Their project doesn't inherit from P1-PARENT. The transitive dependency they get from P1 is ZooKeeper 3.3.4, not 3.4.5. We have verified, via "mvn dependency:tree", that they get zookeeper.3.3.4 as a transitive dependency of Kafka (e.g. the output looks identical to what I've pasted above, but the version is 3.3.4 and it doesn't include the "(version managed ..." bit). Also, like my projects, the only dependency they have on ZooKeeper (transitive or otherwise) is through P1 (verified by dependency:tree and grep). The question is, why. When they include P1, shouldn't maven look at P1's parent POM when determining the transitive dependencies of P1?
I'm using Maven 3.0.5. They're using versions 3.0.3 and 3.1.1 and see the problem with both of those versions.
Maven doesn't resolve the version transitive dependency issue in this case.
This issue can be used by using maven bom concept.
Check the maven documentation for bom in the below link
http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Management
Here is another blog which explains usage of bom's
http://howtodoinjava.com/maven/maven-bom-bill-of-materials-dependency/
In your case to solve this issue, you need to add a dependency of your parent pom in the dependencyManagement section of other project where you are facing the issue.
When using Maven3, ensure you're using the right version of the maven-dependency-plugin by calling it by its fully qualified name: org.apache.maven.plugins:maven-dependency-plugin:2.8:tree. IIRC up to 2.6 gave a wrong tree. In such cases the advice was: run your project as 'mvn validate -X' to see the tree as resolved by Aether, the dependency management framework for Maven.

How to include jar in Maven Netbeans proj that doesnt exist in maven repo

I am using Netbeans to build a Maven project, and have the JTidy java library as a dependency. It turns out JTidy doesnt exist in any maven repos, so I can't just add a "normal" depedency entry for it.
What is the best way of handling dependencies to libraries in Maven projects that arent available on repos?
I've currently tried adding it to my maven pom as such (after copying the jar to my projects /libs folder)
<dependency>
<groupId>org.w3c</groupId>
<artifactId>org.w3c.tidy</artifactId>
<version>9.3.8</version>
<scope>system</scope>
<systemPath>${basedir}/libs/jtidy-r938.jar</systemPath>
</dependency>
However it complains that it will be unresolvable by dependent projects.
First of all, it's under another groupId, that's why you didn't find it.
<dependency>
<groupId>net.sf.jtidy</groupId>
<artifactId>jtidy</artifactId>
<version>r938</version>
</dependency>
Jtidy
But to answer your question, one way of doing this is to manually install it in your local repo as described here.
The best way IMHO is to add it to a proxy like Nexus. That way other people can access it from there without having to install it locally. However, this means you have to set up a repository manager, which doesn't make much sense if you are the only developer on the project.

question about maven dependency

i loaded the maven project in eclipse then found sth wrong with pom.xml file, when i clicked the 'overview' tab(m2eclipse), it said:
Failed to read artifact descriptor for commons-logging:commons-logging:jar:1.1.2-SNAPSHOT
when i clicked the dependency hierarchy tab, it showed 'Project read error', however i have no problem to run 'mvn dependency:tree' from command line and can see there is a dependency on commons-logging:
commons-logging:commons-logging:jar:1.1.1:compile
just don't understand where the commons-logging 1.1.2-SNAPSHOT comes from. any idea ? Thanks.
In order to determine where the dependency commons-logging comes from (even without the .pom editor and its dependency editor) open the console and execute the following command:
mvn dependency:tree -Dverbose -Dincludes=commons-logging
This will show all dependencies of commons-logging.
I looked through the dependency tree, but did not find any reference to 1.1.2-SNAPSHOT.
Finally, adding the following dependency to my pom.xml solved the problem:
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.2-SNAPSHOT</version>
</dependency>
eclipse by default does not use the same maven installation as your command line. Depending on your m2eclipse version it might use an embedded maven snaphsot (with strange behaviour). Check
eclipse -> Window -> Preferences -> Maven -> Installations
and add your external maven installation (prefer current version 3.0.3) to the list and use this as default.
It's most likely coming into your project transitively. You can check the "Dependency Hierarchy" section of your pom editor in eclipse and see where it's coming from (search for commons-logging in the right top box). Also, I cannot see a 1.1.2-SNAPSHOT version of commons-logging on central so most likely someone has made a mistake in a dependency pom.

Resources