apache_maven

What can you do to avoid that when you use one Maven dependency, to also inherit some other undesirable older
dependency (which is to say from an older transitive dependency).

The fix to this is to add an exclusion to the dependency in question.
For example, if we start with a dependency upon version 1.2 of the jxpath library:

<dependency>
   <groupId>common-jxpath</groupId>
   <artifactId>common-jxpath</artifactId>
   <version>1.2</version>
   <scope>compile</scope> <!-- default scope for sake of example-->
</dependency>

This dependency to jxpath 1.2 will bring in an old version of log4j 3.8. In order to ensure that I am using the latest
versions of log4j (4.4),

I need to put in an exclusion for these transitive dependencies of common-jxpath, which I do as follows:

<dependency>
   <groupId>common-jxpath</groupId>
   <artifactId>common-jxpath</artifactId>
   <version>1.2</version>
   <scope>compile</scope> 
   <exclusions>
      <exclusion>
         <artifactId>junit</artifactId>
         <groupId>junit</groupId>
      </exclusion>
      <!-- I can put many of these here -->
</exclusions> </dependency>

Having excluded them, they will be any longer in the build.

Now, there is still too many thing that can occur in the background

  • Another 3rd party artifact may include log4j by using a transitive dependencies, and then you will have to rely/trust transitive
    dependency mediation
  • You can explicitly include the versions that you want in all pom.xml or better in your parent pom.xml

Transitive dependency mediation

Dependency mediation - this determines what version of a dependency will be used when multiple versions of an artifact are
encountered. Currently, Maven 2.0 only supports using the "nearest definition" which means that it will use the version of
the closest dependency to your project in the tree of dependencies. You can always guarantee a version by declaring it
explicitly in your project's POM. Note that if two dependency versions are at the same depth in the dependency tree, until
Maven 2.0.4 it was not defined which one would win, but since Maven 2.0.5 it's the order in the declaration that counts: the
first declaration wins.
"nearest definition" means that the version used will be the closest one to your project in the tree of dependencies, eg. if
dependencies for A, B, and C are defined as A -> B -> C -> D 2.0 and A -> E -> D 1.0, then D 1.0 will be used when building A
because the path from A to D through E is shorter. You could explicitly add a dependency to D 2.0 in A to force the use of D 2.0

find out what the transitive dependencies are?

You can't control what you do not know!

One that can be use during build stage or explicitly use on command line, is the maven plugin maven-dependency-plugin

   <build>
      <plugins>
         <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-dependency-plugin</artifactId>
         </plugin>
      </plugins>
   </build>

and then use the goal dependency:tree, so a typical build strategy could look like 

mvn clean install dependency:tree 
or
mvn clean install dependency:list   (easier to tokenize in excel sheet)
So it look like
With no exclusions

[INFO] [dependency:tree]
[INFO] com.test:test:jar:0.0.1-SNAPSHOT
[INFO] \- commons-jxpath:commons-jxpath:jar:1.2:compile
[INFO]    +- xerces:xerces:jar:1.2.3:compile
[INFO]    +- javax.servlet:servlet-api:jar:2.2:compile
[INFO]    +- junit:junit:jar:3.8:compile
[INFO]    +- ant:ant-optional:jar:1.5.1:compile
[INFO]    +- xml-apis:xml-apis:jar:1.0.b2:compile
[INFO]    +- jdom:jdom:jar:b9:compile
[INFO]    +- commons-beanutils:commons-beanutils:jar:1.4:compile
[INFO]    +- commons-logging:commons-logging:jar:1.0:compile
[INFO]    \- commons-collections:commons-collections:jar:2.0:compile
[INFO] [dependency:list]
[INFO]
[INFO] The following files have been resolved:
[INFO]    ant:ant-optional:jar:1.5.1:compile
[INFO]    commons-beanutils:commons-beanutils:jar:1.4:compile
[INFO]    commons-collections:commons-collections:jar:2.0:compile
[INFO]    commons-jxpath:commons-jxpath:jar:1.2:compile
[INFO]    commons-logging:commons-logging:jar:1.0:compile
[INFO]    javax.servlet:servlet-api:jar:2.2:compile
[INFO]    jdom:jdom:jar:b9:compile
[INFO]    junit:junit:jar:3.8:compile
[INFO]    xerces:xerces:jar:1.2.3:compile
[INFO]    xml-apis:xml-apis:jar:1.0.b2:compile

 

With exclusions

[dependency:tree]
[INFO] com.test:test:jar:0.0.1-SNAPSHOT
[INFO] \- commons-jxpath:commons-jxpath:jar:1.2:compile
[INFO]    +- xerces:xerces:jar:1.2.3:compile
[INFO]    +- javax.servlet:servlet-api:jar:2.2:compile
[INFO]    +- ant:ant-optional:jar:1.5.1:compile
[INFO]    +- xml-apis:xml-apis:jar:1.0.b2:compile
[INFO]    +- jdom:jdom:jar:b9:compile
[INFO]    +- commons-beanutils:commons-beanutils:jar:1.4:compile
[INFO]    +- commons-logging:commons-logging:jar:1.0:compile
[INFO]    \- commons-collections:commons-collections:jar:2.0:compile
[INFO] [dependency:list]
[INFO]
[INFO] The following files have been resolved:
[INFO]    ant:ant-optional:jar:1.5.1:compile
[INFO]    commons-beanutils:commons-beanutils:jar:1.4:compile
[INFO]    commons-collections:commons-collections:jar:2.0:compile
[INFO]    commons-jxpath:commons-jxpath:jar:1.2:compile
[INFO]    commons-logging:commons-logging:jar:1.0:compile
[INFO]    javax.servlet:servlet-api:jar:2.2:compile
[INFO]    jdom:jdom:jar:b9:compile
[INFO]    xerces:xerces:jar:1.2.3:compile
[INFO]    xml-apis:xml-apis:jar:1.0.b2:compile

 
see Maven Dependency Plugin
comments powered by Disqus

You might like also

Fetching artifact programmatically through REST/API in Nexus 3.x
There is so many case where it is desirable to pull down artifact from Sonatype Nexus using REST API, unfortunately Nexus 3.x Rest API are still under development... Some use cases in Nexus 2.x: You have a script that uses REST call to pull down the LATEST maven artifacts every night from Nexus and deploys them. You make extensive use of the REST API in all your puppet modules You use the Atlassian Puppet module for Nexus for creating repository, …
724 Days ago
git-branch-renamer-maven-plugin
When working with many feature/release/bugix/hotfix branches, it is a bad idea to start changing the pom version as this will create merge conflicts using pull request. this plugin allow you to keep in ALL branches the same pom version for all your projects, for example MASTER-SNAPSHOT the version will be derived from branch name automagically :-) You may want to read more first these 2 short articles Update Maven pom version on GIT checkout in TeamCity maven-release-plugin with GIT git-branch-renamer-maven-plugin …
736 Days ago
Review: Getting Started with Apache Maven by Russell Gold
Some time ago I was asked if I would like to write a review about one of the new video courses from Packt Publishing. It was "Getting Started with Apache Maven" http://bit.ly/1fycmpP by Russell Gold and since I have been using Maven for some years now (since 2007) and did publish some articles myself, I thought it would be nice to help them promote Apache Maven. The course is organized in eight chapters, forty videos with a length between two …
1923 Days ago
Update Maven pom version on GIT checkout in TeamCity
Here is a solution to the following problems Deriving Maven artifact version from GIT branch, Update pom version on GIT checkout automatically, Add the ability to use Pull request with Apache Maven. You have a workflow requirement that require you to have the artifact version of a module externally defined from the current branch in GIT. For example You want to start working on a new feature branch “feature-memory-improvement”, so you branch from master a new branch named feature/feature-memory-improvement Having …
1928 Days ago
Easily Compress Web Application Resources with EhCache
Resources such as JavaScript and CSS files can be compressed before being sent to the browser, improving network efficiencies and application load time in certain case. If you are not using Apache with mod_deflate or nginx in front of your web application, you may need to implement resources compression yourself…. Wait! don’t start writing your own filter to compress files like CSS, html, txt, javascript it is way more difficult than you think to properly handle http response headers and …
2410 Days ago
Tomcat 7 and Apache Maven
Here is 3 different way to control the lifetime a local Tomcat 7 container using Apache Maven. A typical scenario would be to start a servlet container prior to running integration tests (Selenium, SAHI or using any other framework you can think of ) With the following examples, you will be able to start an instance of Tomcat 7 running your web application in the pre-integration-test phase and stop the instance in the post-integration-test phase. You can also decide to …
2410 Days ago
Apache Maven copy local file to a remote server server using SSH
I will show you in an Apache Maven configuration file how to copy files to server each time the package phase is executed. Solution with Ant SCP task This snippet of code is a ready to use code that make use of Apache Ant task scp, Just put this snippet of code in your Maven module where the assembly is executed or anywhere else to push all tar.gz files to a server just run a maven mvn package, you can …
2598 Days ago
Apache M2Eclipse: Get rid of Duplicate resources when opening resources and types
In this small post, I’ll show you how to remove duplicated resources in the Open Resource view of Eclipse Eclipse – M2Eclipse – Subversive …
2604 Days ago
Apache Maven 3 Cookbook
&160; First a big thanks to Packt Publishing for having sent me this book to review! I did enjoy going through this book, while I did not learn a lot of new stuff (I am using Apache Maven daily since 2006!), I found it to be concise and would recommend it anytime to any of my colleagues. But let’s go through my review of this cookbook of over 50 recipes towards optimal Java Software Engineering with Maven 3: Apache Maven
2746 Days ago
Apache Maven 3 Cookbook Review
Thanks to Packt Publishing for having sent me this book to review. I will publish a review in the next coming days Grasp the fundamentals and extend Apache Maven 3 to meet your needs Implement engineering practices in your application development process with Apache Maven Collaboration techniques for Agile teams with Apache Maven Use Apache Maven with Java, Enterprise Frameworks, and various other cutting-edge technologies Develop for Google Web Toolkit, Google App Engine, and Android Platforms using Apache Maven You …
2792 Days ago