Normally I would expect the dependencies task in Gradle to help me out, which it normally does. Now I have this issue when I print the dependency tree:
xml-apis:xml-apis:1.4.01 -> 2.0.2
xml-apis:xml-apis:1.3.04 -> 2.0.2
I have many of these lines where 1.3.04 and 1.4.01 get overriden, however, I have no line that explicitly shows a direct or transitive dependency to 2.0.2 version.
Where can 2.0.2 come from if there is no line with xml-apis:xml-apis:2.0.2 in the dependency tree?
How is that possible?
It's in there somewhere, try running gradle dependencyInsight --dependency xml-apis to find out.
This could be Gradle custom ResolutionStrategy working: https://docs.gradle.org/2.4/userguide/dependency_management.html#N15583, https://docs.gradle.org/2.4/dsl/org.gradle.api.artifacts.ResolutionStrategy.html. It can be instructed to use arbitrary version of any library, even if that version wouldn't otherwise be present anywhere in the dependency tree. It can also replace one library with another (log4j with log4j-over-slf4j, for example).
Related
I am using gradle for dependency resolution but we rely on a library with cannot be resolved from a repo. As a workaround they asked us to use a workaround like :
implementation (files($network-file-path/lib.jar))
but this in turn is bringing a lot of transitive dependencies and causing a lot of trouble. I am very new to gradle and could not find a fix.
Is there a way through I can omit all the transitive dependencies of this specific jar ?
We are using gradle version 7.3.3
Is there an easy way for me to trace a jar back to which BOM artifact it is from?
I need to upgrade org.dom4j:dom4j, but I need to figure out which of the artifact brings it in. Is there a way to print out all the transitive dependencies in Gradle? Thanks!
Depending on if you use gradle wrapper or not, gradlew dependencies or gradle dependencies should give you the dependency tree, but it doesnt show which BOM sets a specific version.
But it will show you if a dependency forces another dependency to chance its expected version.
I would recommend pipe it to a file to read easier (windows == gradle dependencies > dependencies.txt)
In my build.gradle , for one of the direct dependency A , "jersey-client" 2.25.1 is transitive dependency. But when I do gradle build it downloads 2.7 version, when I check dependency A pom, it has only 2.25.1 version, how Gradle resolves it to 2.7?
There are versions above 2.7 as well in the artifactory, how only 2.7 is downloaded?
Only dependency A is using jersey-client.
Cleared gradle cache and tried, but same result.
There's probably another dependency in your dependency graph bringing in a later version. Try running
gradle dependencies
And it should show some insight into why it chose the newer version. Gradle has a few strategies allowing you to force a particular version of a dependency or perhaps ignoring transitive dependencies of a particular dependency should you wish to do so
Spring dependency management plugin is overriding jersey 2.25.1 with 2.7,
I have explicitly declared in my build.gradle file to use 2.25.1 by adding the below property.
ext['jersey.version'] = '2.25.1'
I have two dependencies A and B. Inside B, I have multiple transitive dependencies BB1, BB2, BB3, BB4 etc. And inside of these transitive dependencies I have again dependency A with lower version which is causing problem.
A version 2.8
B version 2.4 > BB1 version 4.6 > A version 2.2
B version 2.4 > BB2 version 2.8 > A version 1.8
The project scans all nested dependencies and if it finds version of A lower than 2.8, it fails. B version 2.4 is the latest version. I tried exclusions inside B for A but didn't work. Is there anyway to increase version of A inside BB1 & BB2 explicitly? Any other solutions? Thanks.
Within the POM the A v2.8 would be the one considered (assuming it is declared explicitly in the POM), I think the issue is there is now cyclic dependency
In this situation maven dependencyMnagment will resolve your issue.
It is good practice to use dependencyManagement to manage version of your artifact and version of transitive dependency (not all transitive are needed - only this with problem)
Another good tool is maven enforcer plugin, which can help to detect version conflicts.
From my experience excluding is not proper way to resolve versions conflict.
When you upgrade version of artifact, you can get another transitive dependency or one which was exclude is not need to be excluded.
And exclude dependency maybe required in runtime in your application in time when you don't expect.
https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Management
https://maven.apache.org/enforcer/maven-enforcer-plugin/
https://maven.apache.org/enforcer/enforcer-rules/dependencyConvergence.html
I am trying to add the following dependency to my Gradle build file:
compile 'org.eclipse.scout.sdk.deps:org.eclipse.core.resources:3.10.+'
This package depends on a lot of other packages, that are located in the same repository. The problem is that for some reason, Gradle deems them unworthy. Here's an example of the errors I've been getting:
Could not find any version that matches org.eclipse.scout.sdk.deps:org.eclipse.equinox.common:[3.7.0,3.7.1).
Versions that do not match:
3.7.0.v20150402-1709
Note that 3.7.0.v20150402-1709 does match [3.7.0,3.7.1)
Some additional technical details:
I'm working on Gradle v. 2.11.
This dependency, as well as its' dependencies, are located in the following repository:
https://repo1.maven.org/maven2/
Edit 1:
Yes, I could just exclude the transitive dependencies and add them with the correct version numbers, but it's such a horrible solution I can't bring myself to write it down. Hoping someone out there has an elegant solution.