问题
Say I have a complex project with lots of dependencies. The versions of the dependencies are managed by lots of import scope poms. My project has a dependency on artifact group:artifact, which has a dependency on artifact group:transitive-dependency. When I run dependency:tree I see something like this:
+- group:artifact:jar:1.3
+- group:transitive-dependency:jar:1.1 (version managed from 1.3)
The problem is group:artifact:1.3 requires group:transitive-dependency version 1.3 or higher. Sure one of the import poms is forcing the wrong version. But is there any way to know which one is, other than searching through all of them?
回答1:
You should try the maven-enforcer-plugin and configure it to do DependencyConvergence, e.g.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.2</version>
<executions>
<execution>
<id>enforce</id>
<configuration>
<rules>
<DependencyConvergence/>
</rules>
</configuration>
<goals>
<goal>enforce</goal>
</goals>
</execution>
</executions>
</plugin>
That will show you which top level dependencies have different versions of other dependencies in their dependency trees. You then suppress the dependency variants that you don't want using exclusions.
回答2:
This happens when 2 or more parent Poms conflicting with a same artifact.
For Eg,
[INFO] | \- com.rbs.gbm.risk:framework-core:jar:1.6.6:compile
[INFO] | +- com.rbos.gbm.risk:log4jextensions:jar:2.3:compile (version managed from 2.2)
[INFO] | +- oro:oro:jar:2.0.8:compile
In my case, framework-core has log4jextentsions 2.2 mentioned. and my Super pom says log4jextentsions 2.3. Somehow the framework-core convinced maven to use log4jextentsions 2.2.
Later when I update framework-core pom to use 2.3,
[INFO] | \- com.rbs.gbm.risk:framework-core:jar:1.6.6:compile
[INFO] | +- com.rbos.gbm.risk:log4jextensions:jar:2.3:compile
[INFO] | +- oro:oro:jar:2.0.8:compile
来源:https://stackoverflow.com/questions/14319018/tracking-managed-dependency-versions-in-maven