When I use Maven versions:display-dependency-updates to check dependencies updates, I get two sections of result.
1st:
The following dependencies in Dependency Management have newer
versions:
2nd:
The following dependencies in Dependencies have newer versions:
What's the difference between these two?
The Dependency section of the POM defines the artifacts (jars, zip etc) upon which your project depends. i.e. the artifacts that it requires to compile, run etc.
The Dependency Management section of the POM is used to manage dependency information.
So for example, in the following pom the JUnit dependency is defined completely in the dependencyManagement section of the POM with version=4.11 and scope = test.
In the dependency section you simply need to define the JUnit dependency using the groupId and artifactId and maven automatically picks up the version and scope from the dependencyManagement section.
<?xml version="1.0" encoding="utf-8"?>
<project>
...
<dependencyManagement>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</dependency>
<dependencies>
</project>
Usually you would define the dependencyManagement section in a parent POM, where you define the version and scope for all dependencies. Then in the child module's you simply need to define the dependencies using the groupId and artifactId. This allows you to centrally manage versions and means you only have to update them in one place.
All of this is far better explained in the maven documentation:
https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html
The Versions Maven Plugin is simply listing the versions found in each of these sections, as it is possible in the dependencies section to override the version that was defined in the dependencyManagement section.
Related
The Spring documentation Using Spring Boot without the parent POM shows that the dependency on spring-boot-dependencies is added to the dependencyManagement section. Is this really correct?
spring-boot-dependencies specifies version properties for all the dependencies. However, these properties are not available in the POM that uses spring-boot-dependencies. Presumably, this is because spring-boot-dependencies is in dependencyManagement.
spring-boot-dependencies only includes dependencyManagement and pluginManagement. So it seems possible to include spring-boot-dependencies as a dependency (not dependencyManagement) without adding unnecessary dependencies.
So why is spring-boot-dependencies to be included as dependencyManagement?
So why is spring-boot-dependencies to be included as dependencyManagement?
Let's say you have a project named projectA and you add the spring-boot-dependencies to the dependencyManagement section in your pom.xml.
<project>
<groupId>com.iovation.service</groupId>
<artifactId>projectA</artifactId>
<version>1.0.0-SNAPSHOT</version>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<type>pom</type>
<version>1.5.8.RELEASE</version>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<!-- Spring Boot Dependencies -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
...
</project>
If you notice closely, you will find that all the Spring Boot dependencies declared under the dependencies section don't need to specify the version. It derives the version from the version of spring-boot-dependencies specified in the dependencyManagement section.
Advantages of Dependency Management
It centralizes dependency information by specifying the Spring Boot version at one place. It really helps during upgrade from one version to another.
Subsequent declaration of Spring Boot dependencies just mentions the library name without any version. Especially helpful in multi-module projects
It avoids mismatch of different versions of spring boot libraries in a project.
No Conflicts.
It's definitely correct. Please see Using Spring Boot without the parent POM!
First, let’s understand what dependency is. So when you are developing an application, you would probably need a number of libraries(normally jar files). It means that your application depends on these libraries. Hence the name dependency.
Now you need a way to assemble all these libraries and manage them in a centralized fashion. This also means that these libraries would be made available at compile time or runtime when needed. This is what dependency management does.
So the process of dependency management involves locating these dependencies and adding them to the classpath.
Maven is a popular dependency management tool which will centralize all dependencies information.
I have gone through differences between dependencymanagement and dependencies in maven but i am still unclear when to use
just dependencies tag in parent pom and when to use dependenciesManagement tag ?
My understanding is when my all child modules need to use same dependency version then we should declare the Dependencies under Dependencies tag(without dependencyManagement tag)
But on other hand if some of the child project need to use different version then we should declare the Dependencies under Dependencies tag(which will be under dependencyManagement tag). then Child modules can refer them with overridden version
Is that correct ?
Declaring a <dependency> within <dependencyManagement> does not set the specified artifact as dependency for any project – parent or childs. It just states: If you want to use this as dependency then you can use it with these settings (version, scope, ...) without having to specify the settings again, and again, and ... You can, however, override a "management" setting in a "real" <dependency> anytime.
See also POM Reference, Dependency Management.
There are two options for a parent POM regarding your second paragraph:
As you describe correctly:
<dependencies>
<dependency>
<groupId>g-id</groupId>
<artifactId>a-id</artifactId>
<version>1.0.0</version>
</dependency>
</dependencies>
I'd use this for consistency:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>g-id</groupId>
<artifactId>a-id</artifactId>
<version>1.0.0</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>g-id</groupId>
<artifactId>a-id</artifactId>
</dependency>
</dependencies>
Your third paragraph is correct..
I have a multi-module Maven project, and some of the modules use Ant for the build.
One such module should depend on another, but the target module doesn't have any Java sources and so it doesn't produce any artifact. Can I add a dependency on such a module, or do I have to produce an empty JAR?
If the only goal is to fix the build order, try adding a dependency on the POM.
<dependency>
<groupId>com.mycompany</groupId>
<artifactId>project-built-by-ant</artifactId>
<version>1.0</version>
<type>pom</type>
</dependency>
I have a multi-module maven project with the structure
main/
core/
interface/
where interface has a dependency on the artifact produced by core.
interface compiles, packages, and installs properly. However, when running tests in interface they fail due to not resolving dependencies found in core.
interface does not depend on the test classes themselves in core, simply compile scope maven dependencies defined in the core pom.xml file.
I did one painful attempt whereby I copied every single compile dependency declaration in core that was needed into the interface pom.xml and gave them all
<scope>test</scope>
. This helped with the tests but broke the install.
What is the best way to fix the dependency resolution of these tests in interface?
Here is an example of compile scope dependencies that are not resolved when running interface maven test goal.
core/pom.xml excerpt:
<dependency>
<groupId>com.sun.faces</groupId>
<artifactId>jsf-api</artifactId>
<version>${jsf-version}</version>
</dependency>
<dependency>
<groupId>com.sun.faces</groupId>
<artifactId>jsf-impl</artifactId>
<version>${jsf-version}</version>
</dependency>
interface/pom.xml excerpt:
<dependency>
<groupId>com.mycompany</groupId>
<artifactId>core</artifactId>
<version>1.0-SNAPSHOT</version>
</dependency>
I have a maven build which generates some duplicated JARs in classpath.
Here are some examples:
groupId: javax.xml.stream
artifactId: stax
version: 1.0-2
groupId: stax
artifactId: stax
version: 1.0.1
groupId: jboss
artifactId: javassist
version: 3.7.0 GA
groupId: javassist
artifactId: javassist
version: 3.9.0 GA
These JARs are not imported directly from my project, they are transitive dependencies. Since the groupId and artifactId of the different versions does not matches, maven thinks that they are independent.
I can hunt down (may be using some tool for that) these duplicates and exclude them explicitly in pom.xml. However I don't want to manually hunt them down and exclude them, because this defeats the automatic dependency managing from maven and is a nightmare when some dependency is upgraded and the transistive dependencies mismatches again. There exist some way to make maven smarter and fix this automatically?
Answering that. I found no way to make maven smarter and had to hunt down and manually exclude every duplicated dependency. Switching the repositories to use a set of repositories that does not messes up one to the other helps too, but this is not always possible and can have side-effects of breaking some dependencies.
There is a workaround using the relocation mechanism, though it may only work in certain environments.
In short relocation allows you to "redirect" all dependencies from e.g. javax.xml.stream:stax to stax:stax. The problem is, adding a relocation is nothing you can do in your own project. You have to add a new version to the original groupId and artifactId containing the relocation information. If you have a private (e.g. corporate) Maven repository you can add it there or if there are only few developers the developers local repository can be used. In other cases you are probably out of luck with this solution.
Now the details:
Create a new Maven project with a pom.xml like this:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<!-- Coordinates of the artifact you want to replace -->
<groupId>javax.xml.stream</groupId>
<artifactId>stax</artifactId>
<!-- Some dummy version that would never be released -->
<version>relocate-to-stax</version>
<distributionManagement>
<relocation>
<!-- Coordinates of the new artifact -->
<groupId>stax</groupId>
<!-- artifactId stays the same → no need to specify again -->
</relocation>
</distributionManagement>
</project>
Add this to your repository (e.g. using mvn install).
In your project add this new version for the artifact to the dependencyManagement section:
<project>
<!-- ... -->
<dependencyManagement>
<dependencies>
<dependency>
<groupId>javax.xml.stream</groupId>
<artifactId>stax</artifactId>
<version>relocate-to-stax</version>
</dependency>
</dependencies>
</dependencyManagement>
</project>
With this, all dependencies to javax.xml.stream:stax will use the "version" relocate-to-stax which will relocate to stax:stax:relocate-to-stax. The only thing left to do is to add the desired version of the destination artifact to the dependencyManagement:
<project>
<!-- ... -->
<dependencyManagement>
<dependencies>
<!-- ... -->
<dependency>
<groupId>stax</groupId>
<artifactId>stax</artifactId>
<version>1.0.1</version>
</dependency>
</dependencies>
</dependencyManagement>
</project>