How to see transitive dependencies for mvnrepository.com? - maven

Let's say I'm interested in using https://mvnrepository.com/artifact/org.apache.avro/avro. How can I find which other dependencies avro will bring in and which version of those dependencies it will bring in. I know I can manually add the dependency to a project's link pom.xml and run
mvn dependency:tree | tee tree.txt
to see which dependencies are used but this requires always fixing up compilation errors and there should be an easier way.
I was wondering if there's any way to check which transitive dependencies that a parent dependency will bring in using a website that will straight up mention that info.

https://mvnrepository.com/ itself has the dependencies information just select a version and scroll down to see list of dependencies.

Related

Tracing jars from BOM

Is there an easy way for me to trace a jar back to which BOM artifact it is from?
I need to upgrade org.dom4j:dom4j, but I need to figure out which of the artifact brings it in. Is there a way to print out all the transitive dependencies in Gradle? Thanks!
Depending on if you use gradle wrapper or not, gradlew dependencies or gradle dependencies should give you the dependency tree, but it doesnt show which BOM sets a specific version.
But it will show you if a dependency forces another dependency to chance its expected version.
I would recommend pipe it to a file to read easier (windows == gradle dependencies > dependencies.txt)

How to sort dependencies in a section of a Maven POM file

I need to sort the dependencies in the dependencyManagement section of a POM file that is used as a parent for all projects of my team's portfolio.
The motivation for this is similar to the one described here. In my case, I am just trying to harmonize the versions used throughout our portfolio, in order to avoid the recurring nightmare of version discrepancy: due to copy-paste, some projects use a version of a dependency while others use another version. Another motivation is to have only one place where to manage dependencies. What I am doing is essentially merging dependency specifications from all modules into a giant dependencyManagement section of a parent POM. (EDIT: In the process of looking for an answer to this need of mine, I learned that such a POM is what Maven calls a BOM or "bill of materials".)
However, this task requires that I define the version of each dependency in our parent POM. Doing so, I find myself putting the dependency specification somewhere in what is a growing list of dependencies. It gets more and more difficult to add a dependency and find out whether the dependency is already specified. But that would be much easier if I could sort the dependencies, for instance by group ID.
Is there a plugin that serves that purpose of reordering the dependencies? As a last resort, I will end up writing a small program that will read the XML file from the parent POM and output it sorted.
The recently released version 0.2.0 of BOM Helper Maven Plugin now has the sort goal that does exactly that.
You need to add the plugin to your pom:
<plugin>
<groupId>com.commsen.maven</groupId>
<artifactId>bom-helper-maven-plugin</artifactId>
<version>0.2.0</version>
</plugin>
You can configure it to run on every build, but I would rather run it manually only when I add/change a dependency. Something like:
mvn bom-helper:sort -Dbom-helper.inplace=true
should do the job. See the docs for more options.
I used sortpom. See more about parameters at https://github.com/Ekryd/sortpom/wiki/Parameters
mvn com.github.ekryd.sortpom:sortpom-maven-plugin:sort -Dsort.encoding=UTF-8 -Dsort.sortDependencies=scope,groupId,artifactId -Dsort.sortPlugins=groupId,artifactId -Dsort.sortProperties=true -Dsort.sortExecutions=true -Dsort.sortDependencyExclusions=groupId,artifactId -Dsort.lineSeparator="\n" -Dsort.ignoreLineSeparators="false" -Dsort.expandEmptyElements=false -Dsort.nrOfIndentSpace=2 -Dsort.indentSchemaLocation=true
The easiest way to sort your dependencies is to use the sortpom maven plugin.
It is very easy to use. Just go to your project directory, open terminal and run the following command:
mvn com.github.ekryd.sortpom:sortpom-maven-plugin:sort -Dsort.keepBlankLines -Dsort.predefinedSortOrder=custom_1
To find more about the project, check their github repo: https://github.com/Ekryd/sortpom

How to find different versions of a same parent in a complex maven dependency tree?

I have a maven module with many dependencies. Some dependencies are managed by my team, some others are managed by my company and others are open source.
When I build this module, I can see that many versions of the same parent pom are downloaded into my local repository:
com\my_company\parent\18\parent-18.pom
com\my_company\parent\22\parent-22.pom
com\my_company\parent\25\parent-25.pom
My goal is to try to understand which dependencies are referencing these parents versions.
That way I can update or ask people to update their modules to use the latest parent.
I would like output somehow like the one from mvn dependency:tree -Dverbose but with parents.
I tried to find a solution in maven dependency plugin. I found mvn dependency:list -DincludeParents which displays parents. But it does not indicate the reason why they are in the list.
I found also mvn dependency:resolve -D includeParents which seems exactly the same as dependency:list...
I found this interesting plugin:
https://github.com/ExampleDriven/hierarchy-maven-plugin
but it does not display all the parents. It only displays parents that are defining used dependencies versions.
I found this one too:
https://github.com/umut/parent-checker
but I cannot ask all teams to use this plugin.

Is there a way to detect if a new dependency has been added to a maven project since it's previous build/release?

When a transitive dependency changes, there is no direct change in the project I am working on. When I update a dependency that itself brings in new dependencies since its previous version, transitive dependencies are difficult to track and it would be good to know if there is any new library added to the project I am building or the version of an existing transitive dependency has changed.
Is there a maven plugin that can detect a dependency change like this or a maven flag?
Use mvn dependency:list -Dsort=true > file to generate all dependencies into file. After POM changes generate second file. Then diff files to see changes
If you don't do any changes also transitive dependencies will not change. This can happen only if you change POM. For example you change version of used dependency.
If a library changes dependencies, version of the library will increase. To be affected by this changes you would need to use that new version in POM.

How can I expect maven to resolve dependencies required by the child jar?

I have a parent project(has its own pom.xml) in which I import the child project as a jar with its own pom.xml.
In the parent pom.xml I have specified my child jar as a dependency - this gets resolved, but i want maven to resolve the dependencies required by my child jar.
My Use case to replicate :
When I include spring-web-mvc.jar the transitive dependencies are resolved automatically.
I have a similar requirement where I include my child.jar into a main framework project and expect the transitive dependencies to get resolved (Notw: the child.jar is not hosted it is packaged as jar and present on the local file system)
Current Structure:
Child Project:
|----/src/main/java
|----/src/main/resources
|----child-pom.xml
>This child project will be a jar as dependency in the parent project
Parent Project
|----/src/main/java
|----/src/main/resources
|----/src/main/webapp/WEB-INF/lib/child.jar
|---- parent-pom.xml
The problem:
When i create a war from parent project i want all the dependecy including transitive ones to show in WEB-INF lib.
Currently this is not happening.
First when talking of parent/ child Maven projects normaly you have your"childs" specified as modules in a common parent project which itself is beeing packed with the packaging type pom rather than make them a dependency of the parent project.
When it comes to the dependencies of your "childs" or generally "dependencies of your dependencies" those are called transitive dependencies and are pretty well explained in the official documentation found here: http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html
The resolving of those transitive dependencies is one of Mavens core strenghts and guaranteed by default unless they lead to conflicts that make the build fail.
Two things to help here are having a closer look into the enforcer plugin (http://maven.apache.org/enforcer/maven-enforcer-plugin/) and the shader plugin (http://maven.apache.org/plugins/maven-shade-plugin/) .... well and the official documentation of corse (reading the whole thing takes less than a day - then supports you further for specific topics whereas we gladly further support you too if you already have pom.xml files and you are stuck somewhere.
While the enforcer-plugin covers certain conflicts regarding different versions of the same artefacts the shader plugin will just pack everything you specified to a single jar for reverseengineering (its not the normal use case but i sometimes use it that way if i am not absolutly sure what ends in my final archives).
Also worth a look at is the dependency-plugin already available in the maven distributions - mvn dependency:tree -Dverbose will give you pretty detailed information on the resolved dependencies (and probably version conflicts).

Resources