Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Interpreting "omitted for conflict" in maven 2 dependency tree

This is a dependency tree generated by Maven 2.2.1 with mvn -o dependency:tree -Dverbose -Dincludes=log4j

[INFO] [dependency:tree {execution: default-cli}] [INFO] com.openboxes.renderingservice:common:jar:1.0 [INFO] +- org.springframework:spring:jar:2.0.4:compile [INFO] |  \- commons-logging:commons-logging:jar:1.1:compile [INFO] |     \- log4j:log4j:jar:1.2.12:compile [INFO] \- it.mycompany.portal:server:jar:1.5-SNAPSHOT:compile [INFO]    \- org.slf4j:slf4j-log4j12:jar:1.1.0:compile [INFO]       \- (log4j:log4j:jar:1.2.13:compile - omitted for conflict with 1.2.12) 

As you can see log4j v1.2.12 is preferred over v1.2.13.

I know that "Maven resolves version conflicts with a nearest-wins strategy" (see http://maven.apache.org/plugins/maven-dependency-plugin/examples/resolving-conflicts-using-the-dependency-tree.html) but these two dependencies seem to be at the same distance (two nesting levels, am I wrong?) so I expect that the most recent one is used.

Can someone explain this result?

Yes, log4j is not explicitly declared in this POM (and I think it should be), but I would like to better understand the way Maven works.

Thx

like image 483
Pino Avatar asked Oct 12 '11 15:10

Pino


People also ask

How do you analyze a dependency tree in Maven?

Find it using maven infrastructure. Go to https://search.maven.org/ and enter your groupId and artifactId. Or you can go to https://repo1.maven.org/maven2/ and navigate first using plugins groupId, later using artifactId and finally using its version.

How does maven solve dependency conflict?

Enforcer can help developers solve dependency conflicts in Maven by analyzing all libraries declared in the POM file. The plugin uses a lot of different rules, but we are only interested in one: dependencyConvergence – ensures all dependencies converge to the same version.

How do I exclude a specific version of a dependency in Maven?

Multiple transitive dependencies can be excluded by using the <exclusion> tag for each of the dependency you want to exclude and placing all these exclusion tags inside the <exclusions> tag in pom. xml. You will need to mention the group id and artifact id of the dependency you wish to exclude in the exclusion tag.


1 Answers

I've found the answer by myself at http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html: "if two dependency versions are at the same depth in the dependency tree, until Maven 2.0.8 it was not defined which one would win, but since Maven 2.0.9 it's the order in the declaration that counts: the first declaration wins".

It seems a very questionable strategy to me. :-\

like image 69
Pino Avatar answered Sep 28 '22 05:09

Pino