When a transitive dependency changes, there is no direct change in the project I am working on. When I update a dependency that itself brings in new dependencies since its previous version, transitive dependencies are difficult to track and it would be good to know if there is any new library added to the project I am building or the version of an existing transitive dependency has changed.
Is there a maven plugin that can detect a dependency change like this or a maven flag?
Use mvn dependency:list -Dsort=true > file to generate all dependencies into file. After POM changes generate second file. Then diff files to see changes
If you don't do any changes also transitive dependencies will not change. This can happen only if you change POM. For example you change version of used dependency.
If a library changes dependencies, version of the library will increase. To be affected by this changes you would need to use that new version in POM.
Related
I am working on a maven project, there is a dependency in the pom added, but I don't know where it is used in the code, so if it is not used I want to delete it.
so how can I tell where this dependency is used?
note that the dependency I am mentioning is under
its name is maven-assembly-plugin
I need to sort the dependencies in the dependencyManagement section of a POM file that is used as a parent for all projects of my team's portfolio.
The motivation for this is similar to the one described here. In my case, I am just trying to harmonize the versions used throughout our portfolio, in order to avoid the recurring nightmare of version discrepancy: due to copy-paste, some projects use a version of a dependency while others use another version. Another motivation is to have only one place where to manage dependencies. What I am doing is essentially merging dependency specifications from all modules into a giant dependencyManagement section of a parent POM. (EDIT: In the process of looking for an answer to this need of mine, I learned that such a POM is what Maven calls a BOM or "bill of materials".)
However, this task requires that I define the version of each dependency in our parent POM. Doing so, I find myself putting the dependency specification somewhere in what is a growing list of dependencies. It gets more and more difficult to add a dependency and find out whether the dependency is already specified. But that would be much easier if I could sort the dependencies, for instance by group ID.
Is there a plugin that serves that purpose of reordering the dependencies? As a last resort, I will end up writing a small program that will read the XML file from the parent POM and output it sorted.
The recently released version 0.2.0 of BOM Helper Maven Plugin now has the sort goal that does exactly that.
You need to add the plugin to your pom:
<plugin>
<groupId>com.commsen.maven</groupId>
<artifactId>bom-helper-maven-plugin</artifactId>
<version>0.2.0</version>
</plugin>
You can configure it to run on every build, but I would rather run it manually only when I add/change a dependency. Something like:
mvn bom-helper:sort -Dbom-helper.inplace=true
should do the job. See the docs for more options.
I used sortpom. See more about parameters at https://github.com/Ekryd/sortpom/wiki/Parameters
mvn com.github.ekryd.sortpom:sortpom-maven-plugin:sort -Dsort.encoding=UTF-8 -Dsort.sortDependencies=scope,groupId,artifactId -Dsort.sortPlugins=groupId,artifactId -Dsort.sortProperties=true -Dsort.sortExecutions=true -Dsort.sortDependencyExclusions=groupId,artifactId -Dsort.lineSeparator="\n" -Dsort.ignoreLineSeparators="false" -Dsort.expandEmptyElements=false -Dsort.nrOfIndentSpace=2 -Dsort.indentSchemaLocation=true
The easiest way to sort your dependencies is to use the sortpom maven plugin.
It is very easy to use. Just go to your project directory, open terminal and run the following command:
mvn com.github.ekryd.sortpom:sortpom-maven-plugin:sort -Dsort.keepBlankLines -Dsort.predefinedSortOrder=custom_1
To find more about the project, check their github repo: https://github.com/Ekryd/sortpom
I am including another pom file as parent in my current maven project.
There is a dependency for hibernate 3.3.2 defined in parent pom file.
I want to use the latest version of hibernate 4.3.5 in my current project. my question is how to exclude the older version so that antlr and other dependencies gets properly generated in my war file.
I also want my war file not to have duplicate jar files
Please help
Just put the version you want in your own POM file.
When there are multiple versions of same artifact resolved transitively (through parent, or through transitive dependencies), Maven is going to resolve find the version to use. Normally it use the "nearest" one. If you are declaring the dependency in the POM of the project itself, it will always be the "nearest" and hence will be used.
In your case, just put hibernate:4.3.5 in your POM, and hence this version will be taken instead of hibernate:3.3.2 (which is declared in parent), no related transitive dependencies of hibernate:3.3.2 will be included in project.
Just one thing to be careful: such kind of version resolution is done only for same artifact, which means, artifact with same Group ID and Artifact ID. If the old version in parent is org.hibernate:hibernate:3.3.2 while the newer version is org.hibernate:hibernate-core:4.3.5, it will not work. In such case, you need some trick to explicitly exclude the dependency from parent, for which you can look into https://stackoverflow.com/a/7898553/395202 for one method.
I have a parent project(has its own pom.xml) in which I import the child project as a jar with its own pom.xml.
In the parent pom.xml I have specified my child jar as a dependency - this gets resolved, but i want maven to resolve the dependencies required by my child jar.
My Use case to replicate :
When I include spring-web-mvc.jar the transitive dependencies are resolved automatically.
I have a similar requirement where I include my child.jar into a main framework project and expect the transitive dependencies to get resolved (Notw: the child.jar is not hosted it is packaged as jar and present on the local file system)
Current Structure:
Child Project:
|----/src/main/java
|----/src/main/resources
|----child-pom.xml
>This child project will be a jar as dependency in the parent project
Parent Project
|----/src/main/java
|----/src/main/resources
|----/src/main/webapp/WEB-INF/lib/child.jar
|---- parent-pom.xml
The problem:
When i create a war from parent project i want all the dependecy including transitive ones to show in WEB-INF lib.
Currently this is not happening.
First when talking of parent/ child Maven projects normaly you have your"childs" specified as modules in a common parent project which itself is beeing packed with the packaging type pom rather than make them a dependency of the parent project.
When it comes to the dependencies of your "childs" or generally "dependencies of your dependencies" those are called transitive dependencies and are pretty well explained in the official documentation found here: http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html
The resolving of those transitive dependencies is one of Mavens core strenghts and guaranteed by default unless they lead to conflicts that make the build fail.
Two things to help here are having a closer look into the enforcer plugin (http://maven.apache.org/enforcer/maven-enforcer-plugin/) and the shader plugin (http://maven.apache.org/plugins/maven-shade-plugin/) .... well and the official documentation of corse (reading the whole thing takes less than a day - then supports you further for specific topics whereas we gladly further support you too if you already have pom.xml files and you are stuck somewhere.
While the enforcer-plugin covers certain conflicts regarding different versions of the same artefacts the shader plugin will just pack everything you specified to a single jar for reverseengineering (its not the normal use case but i sometimes use it that way if i am not absolutly sure what ends in my final archives).
Also worth a look at is the dependency-plugin already available in the maven distributions - mvn dependency:tree -Dverbose will give you pretty detailed information on the resolved dependencies (and probably version conflicts).
On mvnrepositry, when you search for a certain module, there's a link to download the binary. For some versions it has a pom.xml file available for download instead of the jar. What are you supposed to do with that pom.xml? It seems like if I specify a version that does not have a downloadable jar, but instead downloadable pom.xml, my maven build will fail. Is what I'm seeing correct?
Modules that only have pom files are maven modules with pom packaging. They are used to aggregate multiple modules into one unit. You can use such a module as a dependency for your maven project. Maven will download the pom file, analyze the dependencies included in that pom file and download those & add it to your automatically.
Even modules that have jars (jar packaging) have a pom file associated with them. This pom file defines the other dependencies that are required for using it. Maven will automatically process and fetch those dependencies (transitive dependencies).
This makes specifying and managing dependency for any project. You will specify the top level modules that your projects directly depends on and other things required will automatically figured out and downloaded. It also makes it easier when you have upgrade to a new version - all the transitive dependencies will get upgraded automatically.
One of the reason that cause this is because of licensing issue.
License for such JARs prohibit public redistribution in such approach. So someone provide only the POM so that you can get the JAR yourself and install it to your local maven repo/ internal repo, together with the POM provided.