Are conflicting transitive dependencies a serious issue in Maven?

Question

I have a project X which shows quite a lot of conflicting dependencies in the dependency hierarchy (as displayed in Eclipse's dependency hierarchy view). I see lots of things like:

clojure: 1.3.0 (omitted for conflict with 1.4.0) [compile]

This usually occurs because two of the libraries used by X specify two different versions of some other library - i.e. the conflicts are occuring because of shared transitive dependencies. In quite a few cases the conflicts are in 3rd party libraries I can't directly control.

Fortunately everything builds and runs fine right now, but I'm worried if this situation might cause problems in the future.

Is this a problem I should be worried about and if so, what should I be doing about it?

Answer 1

Yes, such conflicts can be serious.

You don't know if there is an incompatible change in a dependency when comparing versions one with another (There shouldn't be when comparing minor versions, but who knows exactly?). Or maybe some dependency depends on a buggy behavior of another dependency. What if this bug has been fixed? That one module depending on the bug will fail to execute properly.

You should exclude conflicting dependencies (more likely excluding lower versions). For each exclusion you enter, you have to check, if there are incompatible changes between the excluded version and the version that is now in use. If that is the case you have to check dependencies that depend on that module, if they are affected by such changes.