Choosing dependency version in maven and maven plugin - maven

I have a maven plugin which is using hsqldb 1.8.0.10. In my pom.xml from the plugin, it is declared like this:
<dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>1.8.0.10</version>
</dependency>
But if I run that plugin from another maven project, and that project has a newer version of hsqldb (for instance 1.9.0), how can I configure my plugin that he will use the newest version of hsqldb, without changing it's pom.xml?
And is it possible to do this the other way around as well? If my other maven project uses hsqldb 1.7.0 (for instance), that he will use the 1.8.0.10 version which is specified in the maven plugin itself?
I hope someone can answer my question.
Kind regards,
Walle

Your main question is possible, but it might not work properly if the plugin doesn't work with the newer code for any reason.
A plugin can have it's own personal dependencies section, and will use standard Maven dependency resolution, choosing the highest version requested. So, you can do
<plugin>
<groupId>some.group.id</groupId>
<artifactId>some.artifact.id</artifactId>
<version>someversion</version>
<dependencies>
<dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>1.9.0</version>
</dependency>
</dependencies>
</plugin>
I don't think going the other way around is possible, though.

use properties place holder for the version, say ${hsqldb.version} then declare in different project pom the version you want to put in it

Related

Maven groovy-all change versions

I have dependency in pom with groovy-all
<dependency>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-all</artifactId>
<version>3.0.7</version>
<type>pom</type>
</dependency>
But if I check libs inside, I see 2.5.13 versions. How can I change all of this libs to 3.0.7? Of course I can add separately, but maybe is another option?
The versions are managed in the <dependencyManagement> section of the POM, either directly or by using a BOM (scope import).
If you want to update them, you need to look there.
You are importing Groovy 2.5.13 elsewhere likely as a transitive dependency and maven is deciding to use 2.5.13 instead of 3.0.7.
Look at the groovy 3.0.7 pom:
https://repo1.maven.org/maven2/org/codehaus/groovy/groovy-all/3.0.7/groovy-all-3.0.7.pom
It has no reference to 2.5.13.

IntelliJ How to force downgrade dependency version?

I have a persistent problem with maven dependencies version changes in IntelliJ. Whenever I try to use a previous version of a library and change the dependency version in my pom.xml nothing happens. Maven continues to use the newer version of the library.
For example I want to use:
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.1.RELEASE</version>
</dependency>
But Maven repo has version 2.0.2 saved :
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.2.RELEASE</version>
</dependency>
So for my projects version 2.0.2.RELEASE is used.
I tried reimporting the project first. Then I tried "reimpor all maven projects". Then I checked Settings > Maven > Always update snapshots. I also tried opening the project settings and deleting the dependency from there, but on reimport the 2.0.2 version will be imported in the project. For now the only thing that works is deleting manually the folder from the ".m2" folder.
Shouldn't library versions be strictly followed and shouldn't version 2.0.1 v be used for my project?
The moment you change the version of the artifacts, maven will use the same version. It will never use neither new version nor the older version. Since you are using intellij, you can check which are the jar files along with their version used. See below the screenshot.
You can expand the External libraries as shown below and you can check the dependencies used in pom.xml.
Besides, you can also check in command prompt. Go to command prompt and point to the project directory and type the following command.
mvn install dependency:copy-dependencies
You can see all the required dependencies along with version information in target folder.
I suggest you not to delete the .m2 directory as you may have to download all the dependencies once again.
If you want to enforce the use of a particular dependency version you can use:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.1.RELEASE</version>
</dependency>
</dependencies>
</dependencyManagement>
What this will do is exclude the dependency unless it actually gets used, and then if it does gets used it only uses the version you have specified.
Not clear what is the issue.
Repo can contain everything, no matter if dependency is present locally.
Also, Idea does not resolve dependency itself, we use maven api to resolve them.
By default, maven takes dependency which is nearest to root (see https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html)
Specifiying explicit dependency in root pom should force using this version.
Could you please provide mvn dependency:tree output and corresponding IDEA maven dependency diagram (if you have IU)?
If Idea resolve another dependency version than maven, please fill an issue at https://youtrack.jetbrains.com/issues

Update pom to use released versions

Trying to find a way to update a pom to use latest versions of a RELEASED dependency instead of SNAPSHOT.
We have a assembly project that assembles an image to be deployed that during development uses SNAPSHOT dependencies.
But now I want to update the dependencies to use the latest released dependencies. Tried using versions:use-latest-releases but it only affects already released versions in the pom.
Any ideas?
EDIT (can not for security reasons post the pom but here's an example)
<project>
....
<dependencies>
<dependency>
<groupId>a.b.c</groupId>
<artifactId>c-d-f</artifactId>
<version>1.0.1-SNAPSHOT</version>
<type>war</type>
</dependency>
<dependency>
<groupId>a.b.c</groupId>
<artifactId>g-h-i</artifactId>
<version>1.1.6-SNAPSHOT</version>
<type>war</type>
</dependency>
...
</dependencies>
...
</project>
Given that component a-b-c and g-h-i has been released with version 1.0.1 and 1.1.6 I want to replace their versions in this pom with these version numbers. Basically remove any snapshot dependencies in the pom.
EDIT
I should add that is to be an automated process with minimal human interaction. For some reason I can only get versions:update-properties to work if versions are already in release state. If I have a snapshot version 0.0.1-SNAPSHOT and want to update it to 0.0.1 it doesn't happen and I have verified the release exists. Same thing with versions:use-latest-relese, and versions:use-releases does nothing at all.
I see two approaches here:
You can create multiple profiles in your maven pom. Best way is to create a profile of "snapshot" and one for "release". Described here: Different dependencies for different build profiles in maven
You can use maven pom properties to define variables for your dependency versions. See here: http://books.sonatype.com/mvnref-book/reference/resource-filtering-sect-properties.html#resource-filtering-sect-user-defined
Hope that helps!
You can use maven properties in your pom.xml, such as:
<properties>
<c-d-f.version>1.0.1-SNAPSHOT</c-d-f.version>
<g-h-i.version>1.1.6-SNAPSHOT</g-h-i.version>
</properties>
<dependencies>
<dependency>
<groupId>a.b.c</groupId>
<artifactId>c-d-f</artifactId>
<version>${c-d-f.version}</version>
<type>war</type>
</dependency>
<dependency>
<groupId>a.b.c</groupId>
<artifactId>g-h-i</artifactId>
<version>${g-h-i.version}</version>
<type>war</type>
</dependency>
...
</dependencies>
and when you want to change the versions, you can use maven-versions-plugin, with the following command, such as:
versions:update-properties -Dproperties=[${release_version}] -DincludeProperties={c-d-f.version}
EDIT:
Note that if you wanna use SNAPSHOTS, you need to add -DallowSnapshots. Read here for more options. And yes, the version needs to exist in the repo, otherwise it will fail. BTW did you use brackets, such as -Dproperties=[0.0.1]? after you read the link I sent you, you will see that this commmand's input is a range, so you must use brackets in order to specify a unique version.

Difference between groupids net.sf.jasperreports and jasperreports

I was using net.sf.jasperreports as the group for the version 3.6.0.
<dependency>
<groupId>net.sf.jasperreports</groupId>
<artifactId>jasperreports</artifactId>
<version>3.6.0</version>
</dependency>
For some reasons, I was asked to downgrade to the version 3.5.2.
<dependency>
<groupId>jasperreports</groupId>
<artifactId>jasperreports</artifactId>
<version>3.5.2</version>
</dependency>
When I have taken a build it is observed that some of the jar files are missing like,
jcommon-1.0.15.jar
jdtcore-3.1.0.jar
Can anyone please explain me why this is happening. Are these jars are coming from net.sf.jasperreports? Please explain the difference between using groupids jasperreports and net.sf.jasperreports.
I'm pretty sure this is an inheritance from older maven conventions. The name of the groupId is merely an identifier and as such it only really has to be unique in the context it is being used. Se also http://www.mail-archive.com/users#maven.apache.org/msg34557.html
That means that as long as you don't use any dependencies outside of your own local repository (and stay offline), you could duplicate names of dependencies in maven central, for instance junit, primefaces or whatever.
So version 3.5.2 of jasperreports simply used artifactId as groupId (or vice versa), but later versions changed groupId to net.sf.jasperreports.
Dependencies between versions change, so it's pretty natural some artifacts "disappear" if you downgrade. If your project depends on these artifacts, you should explicitly define these as dependencies in your POM.

Can security JARS be loaded with Maven?

We have some unit tests that will fail unless you have two jars, local_policy.jar, and US_export_policy.jar in your $JAVA_HOME/jre/lib/security folder. I'm supposed to see if we can just put them in a project folder, then tell Maven to use them when it does a build("mvn install"). Maybe with something like the dependency tag? Yes, I know everyone should just install these in their $JAVA_HOME, but this is the task I've been asked to look into.
You are speaking about Maven dependency scope. Documentation here. You can say to Maven use some libraries just for testing using "test" scope.
You can add them as Maven systemPath dependencies.
systemPath
is used only if the the dependency scope is system. Otherwise, the build will fail if this element is set. The path must be absolute, so it is recommended to use a property to specify the machine-specific path (more on properties below), such as ${java.home}/lib. Since it is assumed that system scope dependencies are installed a priori, Maven will not check the repositories for the project, but instead checks to ensure that the file exists. If not, Maven will fail the build and suggest that you download and install it manually.
<dependencies>
<dependency>
<!-- The groupId can be anything. Use your own groupId for example -->
<groupId>anything</groupId>
<artifactId>local_policy</artifactId>
<!-- The version can be anything. Use the version of Java for example -->
<version>7.0</version>
<systemPath>${java.home}/lib/security/local_policy.jar</systemPath>
<scope>system</scope>
</dependency>
<dependency>
<!-- The groupId can be anything. Use your own groupId for example -->
<groupId>anything</groupId>
<artifactId>US_export_policy</artifactId>
<!-- The version can be anything. Use the version of Java for example -->
<version>7.0</version>
<systemPath>${java.home}/lib/security/US_export_policy.jar</systemPath>
<scope>system</scope>
</dependency>
</dependencies>

Resources