Menu
As I don't trust Maven to pick the "best" version for me in dependency mediation, I would like to fail the build if there is a version conflict that is not explicitly fixed in the pom (usually by using dependencyManagement).
The dependencyConvergence rule of the enforcer plugin seemed to be what I was looking for, but unfortunately, it cannot handle *-exludes (https://issues.apache.org/jira/browse/MENFORCER-195), so I cannot really use it.
Is there any other way to stop Maven from applying the "nearest dependency wins rule" but make the owner of the pom decide which version to use?
914
Dependency mediation - this determines what version of an artifact will be chosen when multiple versions are encountered as dependencies. Maven picks the "nearest definition". That is, it uses the version of the closest dependency to your project in the tree of dependencies.
Multiple transitive dependencies can be excluded by using the <exclusion> tag for each of the dependency you want to exclude and placing all these exclusion tags inside the <exclusions> tag in pom. xml. You will need to mention the group id and artifact id of the dependency you wish to exclude in the exclusion tag.
Exclusions are set on a specific dependency in your POM, and are targeted at a specific groupId and artifactId. When you build your project, that artifact will not be added to your project's classpath by way of the dependency in which the exclusion was declared.
Each dependency that we include in our project might link to other artifacts. Maven can automatically bring in these artifacts, also called transitive dependencies. Version collision happens when multiple dependencies link to the same artifact, but use different versions.
One of the transitive dependency management strategies is to exclude the dependency in maven. Whenever transitive dependencies come into the picture, there may be version mismatch issues between the dependencies of the artifacts or mismatch in versions of our project artifact and the deployment platform’s artifact.
Note also the proposed extension from a user in an rpm environment: Extending Maven 2.0 Dependencies Need to be able to declare minimum, maximum allowed versions of a dependency (both min and max may be optional), and allow "holes" for known incompatible versions.
This may result to create problems such as unused dependencies, duplicate dependencies, version conflicts…etc. These result execution failure of the project. Maven provides a set of commands to resolve these kinds of issues. Let's find out more about these commands as part of this article.
This command help to find out what are the used, declared, and undeclared dependencies in your project. This is a superb command for cleanup your pom. Let's check out how the mvn dependency:analyze command works for the above pom.xml. In the above project, I used only the dependency commons-lang3 in the code.
You can use Maven Enforcer Plugin and fail the build if dependencyConvergence is violated. Give it a shot and see if it does what you want.
Update: Sorry, I just noticed that you tried and are having a problem with excludes. Have you tried to build the plugin with the pull request from the linked ticket and see if it fixes the problem for you?
59
You can define explicitly which version Maven should use by using dependency version ranges.
Basically you just need to surround your version with round brackets (exclusive quantifier) or square brackets (inclusive quantifier).
For example:
<version>[4.2]</version>
would mean: use exactly version 4.2 and nothing else.
Or:
<version>[4.2,)</version>
would mean: use version 4.2 or higher.
Or:
<version>(,4.2]</version>
would mean: use a version below or exactly 4.2.
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
