I have two dependencies A and B. Inside B, I have multiple transitive dependencies BB1, BB2, BB3, BB4 etc. And inside of these transitive dependencies I have again dependency A with lower version which is causing problem.
A version 2.8
B version 2.4 > BB1 version 4.6 > A version 2.2
B version 2.4 > BB2 version 2.8 > A version 1.8
The project scans all nested dependencies and if it finds version of A lower than 2.8, it fails. B version 2.4 is the latest version. I tried exclusions inside B for A but didn't work. Is there anyway to increase version of A inside BB1 & BB2 explicitly? Any other solutions? Thanks.
Within the POM the A v2.8 would be the one considered (assuming it is declared explicitly in the POM), I think the issue is there is now cyclic dependency
In this situation maven dependencyMnagment will resolve your issue.
It is good practice to use dependencyManagement to manage version of your artifact and version of transitive dependency (not all transitive are needed - only this with problem)
Another good tool is maven enforcer plugin, which can help to detect version conflicts.
From my experience excluding is not proper way to resolve versions conflict.
When you upgrade version of artifact, you can get another transitive dependency or one which was exclude is not need to be excluded.
And exclude dependency maybe required in runtime in your application in time when you don't expect.
https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Management
https://maven.apache.org/enforcer/maven-enforcer-plugin/
https://maven.apache.org/enforcer/enforcer-rules/dependencyConvergence.html
Related
I introduced org.elasticsearch:elasticsearch:7.14.0 in pom.xml, but I ended up using the version number 7.12.1 provided in springboot, why?
I need the 7.14.0 version
End-use version
spring-boot-dependencies[pom.xml]
easy-es-parent[pom.xml] |
easy-es-common[pom.xml]
This is my complete pom.xml file
https://gist.github.com/2720851545/b75a50bd0119590f928d1e70a99ea03f
In Maven, any transitive dependency-version might be used, you could try to explicitly state in the POM which version for that given dependency you want to have.
With maven dependency-plugin, it should be transparent which dependency-version will be effective:
mvn dependency:tree
I am using gradle for dependency resolution but we rely on a library with cannot be resolved from a repo. As a workaround they asked us to use a workaround like :
implementation (files($network-file-path/lib.jar))
but this in turn is bringing a lot of transitive dependencies and causing a lot of trouble. I am very new to gradle and could not find a fix.
Is there a way through I can omit all the transitive dependencies of this specific jar ?
We are using gradle version 7.3.3
In my build.gradle , for one of the direct dependency A , "jersey-client" 2.25.1 is transitive dependency. But when I do gradle build it downloads 2.7 version, when I check dependency A pom, it has only 2.25.1 version, how Gradle resolves it to 2.7?
There are versions above 2.7 as well in the artifactory, how only 2.7 is downloaded?
Only dependency A is using jersey-client.
Cleared gradle cache and tried, but same result.
There's probably another dependency in your dependency graph bringing in a later version. Try running
gradle dependencies
And it should show some insight into why it chose the newer version. Gradle has a few strategies allowing you to force a particular version of a dependency or perhaps ignoring transitive dependencies of a particular dependency should you wish to do so
Spring dependency management plugin is overriding jersey 2.25.1 with 2.7,
I have explicitly declared in my build.gradle file to use 2.25.1 by adding the below property.
ext['jersey.version'] = '2.25.1'
Normally I would expect the dependencies task in Gradle to help me out, which it normally does. Now I have this issue when I print the dependency tree:
xml-apis:xml-apis:1.4.01 -> 2.0.2
xml-apis:xml-apis:1.3.04 -> 2.0.2
I have many of these lines where 1.3.04 and 1.4.01 get overriden, however, I have no line that explicitly shows a direct or transitive dependency to 2.0.2 version.
Where can 2.0.2 come from if there is no line with xml-apis:xml-apis:2.0.2 in the dependency tree?
How is that possible?
It's in there somewhere, try running gradle dependencyInsight --dependency xml-apis to find out.
This could be Gradle custom ResolutionStrategy working: https://docs.gradle.org/2.4/userguide/dependency_management.html#N15583, https://docs.gradle.org/2.4/dsl/org.gradle.api.artifacts.ResolutionStrategy.html. It can be instructed to use arbitrary version of any library, even if that version wouldn't otherwise be present anywhere in the dependency tree. It can also replace one library with another (log4j with log4j-over-slf4j, for example).
I am including another pom file as parent in my current maven project.
There is a dependency for hibernate 3.3.2 defined in parent pom file.
I want to use the latest version of hibernate 4.3.5 in my current project. my question is how to exclude the older version so that antlr and other dependencies gets properly generated in my war file.
I also want my war file not to have duplicate jar files
Please help
Just put the version you want in your own POM file.
When there are multiple versions of same artifact resolved transitively (through parent, or through transitive dependencies), Maven is going to resolve find the version to use. Normally it use the "nearest" one. If you are declaring the dependency in the POM of the project itself, it will always be the "nearest" and hence will be used.
In your case, just put hibernate:4.3.5 in your POM, and hence this version will be taken instead of hibernate:3.3.2 (which is declared in parent), no related transitive dependencies of hibernate:3.3.2 will be included in project.
Just one thing to be careful: such kind of version resolution is done only for same artifact, which means, artifact with same Group ID and Artifact ID. If the old version in parent is org.hibernate:hibernate:3.3.2 while the newer version is org.hibernate:hibernate-core:4.3.5, it will not work. In such case, you need some trick to explicitly exclude the dependency from parent, for which you can look into https://stackoverflow.com/a/7898553/395202 for one method.