Geek Answers Handbook

Maven - Transitive Dependencies

I am trying to use the best methods when defining data in pom.xml, so I started to study Spring source code, and I saw:

<project xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <modelVersion>4.0.0</modelVersion&gt <groupId&gtorg.springframework</groupId&gt <artifactId&gtspring-aop</artifactId&gt <packaging&gtjar</packaging&gt <version&gt3.1.1.RELEASE</version&gt ..... <dependency> <groupId&gtorg.springframework</groupId&gt <artifactId&gtspring-beans</artifactId&gt <version&gt${project.version}</version&gt <scope&gtcompile</scope&gt </dependency&gt --- <dependency&gt <groupId&gtlog4j</groupId&gt <artifactId>log4j</artifactId&gt <scope&gttest</scope&gt </dependency&gt -----

But spring - beans also has a dependency on log4j.

Could you tell me, for best practices, to what extent should you rely on transitive dependencies?

I ask this because my first thought was not to update the log4j dependency since spring - beans already declared it.

+4
source share
2 answers

Declare dependencies that you directly rely on, whether they provide classes that you directly import and use, or something that provides a service that you use directly, such as Log4J. Transit dependencies should only provide dependencies that are necessary at runtime, but which you do not use on your own.

+9
source

There are two parts to this:

Log4j declares a "test" for the scope, and it will not be part of the final output (jar / war ...). Therefore, when spring - beans depend on log4j for their scope test, this does not mean that there is a transitive dependency for projects using spring - beans in provided or executable programs (areas).

Dependency - this allows you to include only dependencies that are suitable for the current stage of the assembly .... test: This area indicates that the dependency is not required for normal use of the application and is available only for the compilation and test execution phases. (Apache)

The second part, which:

If the dependency version is not specified, then it relies on a "different" pom to manage the dependency. Thus, dependency is transitive and controlled by others. Dependency Management

Dependency management - this allows project authors to directly specify the version of artifacts that will be used when they appear in transitive dependencies or in dependencies where the version is not specified. (Apache)

Maven Apache Transitive Dependency

+1
source

More articles:


All Articles