I have a persistent problem with maven dependencies version changes in IntelliJ. Whenever I try to use a previous version of a library and change the dependency version in my pom.xml nothing happens. Maven continues to use the newer version of the library.
For example I want to use:
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.1.RELEASE</version>
</dependency>
But Maven repo has version 2.0.2 saved :
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.2.RELEASE</version>
</dependency>
So for my projects version 2.0.2.RELEASE is used.
I tried reimporting the project first. Then I tried "reimpor all maven projects". Then I checked Settings > Maven > Always update snapshots. I also tried opening the project settings and deleting the dependency from there, but on reimport the 2.0.2 version will be imported in the project. For now the only thing that works is deleting manually the folder from the ".m2" folder.
Shouldn't library versions be strictly followed and shouldn't version 2.0.1 v be used for my project?
The moment you change the version of the artifacts, maven will use the same version. It will never use neither new version nor the older version. Since you are using intellij, you can check which are the jar files along with their version used. See below the screenshot.
You can expand the External libraries as shown below and you can check the dependencies used in pom.xml.
Besides, you can also check in command prompt. Go to command prompt and point to the project directory and type the following command.
mvn install dependency:copy-dependencies
You can see all the required dependencies along with version information in target folder.
I suggest you not to delete the .m2 directory as you may have to download all the dependencies once again.
If you want to enforce the use of a particular dependency version you can use:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.1.RELEASE</version>
</dependency>
</dependencies>
</dependencyManagement>
What this will do is exclude the dependency unless it actually gets used, and then if it does gets used it only uses the version you have specified.
Not clear what is the issue.
Repo can contain everything, no matter if dependency is present locally.
Also, Idea does not resolve dependency itself, we use maven api to resolve them.
By default, maven takes dependency which is nearest to root (see https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html)
Specifiying explicit dependency in root pom should force using this version.
Could you please provide mvn dependency:tree output and corresponding IDEA maven dependency diagram (if you have IU)?
If Idea resolve another dependency version than maven, please fill an issue at https://youtrack.jetbrains.com/issues
Related
Scenario:
I am refactoring my application to work under java 17. Birt runtime 3.7.x is embedded in my application.
In updating to point to birt 4.9.0, I have updated my pom as follows:
<dependency>
<groupId>org.eclipse.birt</groupId>
<artifactId>birt-runtime</artifactId>
<version>4.9.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.eclipse.birt/birt-runtime-osgi -->
<dependency>
<groupId>org.eclipse.birt</groupId>
<artifactId>birt-runtime-osgi</artifactId>
<version>4.9.0</version>
</dependency>
When I build, I get the exception
org.eclipse.birt:birt-runtime:jar:4.9.0 was not found in https://repo1.maven.org/maven2 during a previous attempt
I have deleted and rebuilt my local .m2 directory.
When I dig around the maven repository I find the file at https://repo1.maven.org/maven2/org/eclipse/birt/birt-runtime/4.9.0/
This link (BiRT latest Runtime as one Maven Dependency for Eclipse) was resolved by manually downloading the file and pointing to a local copy. I'd prefer to avoid that, since Maven is all about avoiding that kind of scenario.
I suspect there's something in the maven path I am missing.
Thank you in advance.
Project A references Project B. Project B has included a local dependency. This local dependency unfortunately has a dependency to net.java.dev.designgridlayout in version 1.5.
We want to use net.java.dev.designgridlayout in version 1.11 in Project A but we are not able to "overwrite" the dependency. Eclipse always uses the dependency from Project B.
We already tried to exclude the 1.5 version from the local dependency, but it doesn't work.
The strange thing is, that Eclipse successfully resolves a class that has been added with version 1.11. For an already existing class, however, eclipse resolves it from the transitive dependency from de.someCompany.
Project B:
<dependencies>
<dependency>
<groupId>de.someCompany</groupId>
<artifactId>fs-client</artifactId>
<version>5.1.209</version>
<exclusions>
<exclusion>
<groupId>net.java.dev.designgridlayout</groupId>
<artifactId>designgridlayout</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>net.java.dev.designgridlayout</groupId>
<artifactId>designgridlayout</artifactId>
<version>1.11</version>
</dependency>
</dependencies>
Project A:
<dependencies>
<dependency>
<groupId>Project-B</groupId>
<artifactId>Project-B</artifactId>
<version>1503.01</version>
</dependency>
</dependencies>
I also tried to include the 1.11 dependency in Project A.
We even tried to install the DesignGridLayout V. 1.11 in the local dependency and to change the groupID and artifactId to something different, but it cannot even be found by Eclipse for some reason. If it would be possible to include the DesignGridLayout with another groupId and artifactId, I think it would work.
mvn install:install-file -Dfile=lib\designgridlayout.jar -DgroupId=com.company.designgridlayout -DartifactId=design-grid-layout -Dversion=1.11 -DgeneratePom=true -Dpackaging=jar -DlocalRepositoryPath="%USERPROFILE%\.m2\repository"
Not sure - but:
Your project A has a dependency to itself? Shouldn't it use project-b?
Its not a good idea to change group or artifact id's as maven can no longer detect its the same artifact. If you do a custom version the version number should be enough.
If you add the dependency in your own pom then you don't need to exclude the artifact, since the groupId and artifactId are the same. The version in your own pom will win in project-b. If project a defines that dependency again itself that version will win.
I would do a mvn dependency:tree on project-a pom to see where the dependencies come from.
For eclipse: it indexes the local repository. In the maven settings there is a re-index button. So if you manually copy jars in there that may help eclipse to find the artifact. But that workaround would need to be done on every machine. I would not count that as solution. In the maven world artifact-resolution is an infrastructure issue and should not be handled per project. The way this is done should be transparent through the settings.xml
I have a maven project in eclipse with m2e plugin. Dependency hierarchy is showing it is omitting spring 3.2.3 in place of 3.0.0.RELEASE as shown below. How to do it otherwise? Should it not omit the older version and keep the latest?
Maven works on the principle of nearest wins strategy while resolving the dependency conflicts , that means whichever version it finds nearer in the tree , it will take that version and ignore the other versions.
In your case when you can run -
mvn dependency:tree -Dverbose -Dincludes=spring-aop
You will notice that in the tree hierarchy version 3.0.0 is coming earlier in comparison to version 3.2.3 , so that's why it is taking version 3.0.0 version for resolving the dependency.
Solution : As a recommended solution to these types of problem is have a proper dependency management in your parent pom.xml file. Like in your case you can have something lik e this :
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>3.2.3</version>
</dependency>
<dependencies>
</dependencyManagement>
Now no matter what whenever Maven try to resolve the version for spring-aop , it will always consult the dependency management and will use the version defined under dependencyManagement.
For more you can refer here on my blog: how maven resolves dependency conflicts
I have a dependency that I have added to my project:
<dependency>
<groupId>com.vaadin</groupId>
<artifactId>vaadin-server</artifactId>
<version>7.0.5</version>
</dependency>
When I compile and run I get an error indicating a mismatch of signatures. Looking at my Maven Dependencies in my Java Build Path (Eclipse) I see a jar being added by Maven for Vaadin version 6.8.8. I have scoured my pom.xml and do not see that I have added that. I assume that this dependency is being added by another dependency.
I definitely want to use Vaadin version 7.0.5. As long as version 6.8.8 keeps getting included it will be an issue. How can I resolve this?
mvn dependency:tree
Once you have its output you can add a suitable exclusion.
I am using Netbeans to build a Maven project, and have the JTidy java library as a dependency. It turns out JTidy doesnt exist in any maven repos, so I can't just add a "normal" depedency entry for it.
What is the best way of handling dependencies to libraries in Maven projects that arent available on repos?
I've currently tried adding it to my maven pom as such (after copying the jar to my projects /libs folder)
<dependency>
<groupId>org.w3c</groupId>
<artifactId>org.w3c.tidy</artifactId>
<version>9.3.8</version>
<scope>system</scope>
<systemPath>${basedir}/libs/jtidy-r938.jar</systemPath>
</dependency>
However it complains that it will be unresolvable by dependent projects.
First of all, it's under another groupId, that's why you didn't find it.
<dependency>
<groupId>net.sf.jtidy</groupId>
<artifactId>jtidy</artifactId>
<version>r938</version>
</dependency>
Jtidy
But to answer your question, one way of doing this is to manually install it in your local repo as described here.
The best way IMHO is to add it to a proxy like Nexus. That way other people can access it from there without having to install it locally. However, this means you have to set up a repository manager, which doesn't make much sense if you are the only developer on the project.