Best IT Recipes

Maven: how to redefine a dependency added by a library

Here is my common problem:

My project P depends on A, which depends on B, which depends on C, which depends on version 1.0.1 D.

The problem is with version 1.0.1 of D and I want to force another module to be used. I do not know how to declare this in my POM projects, since I did not add the dependency on D directly. He is C, who declared a dependency on D.

Important: in this case, not only the version is changed, but also the group and artifact. Thus, it is not just a matter of overriding the dependency version, but rather excluding the module and including another.

In the specific case, D is StAX, 1.0.1 has a bug . According to the notes in this error, "the problems were resolved by replacing stax-api-1.0.1 (maven GroupId = stax) with stax-api-1.0-2 (maven GroupId = javax.xml.stream)", so I am trying this to do.

So D = stax: stax-api: jar: 1.0.1 and C = org.apache.xmlbeans: xmlbeans: jar: 2.3.0

I am using maven 2.0.9 in case that matters.

Dependency output mvn: tree "

mvn dependency:tree [..snip..] [INFO] +- org.apache.poi:poi-ooxml:jar:3.6:compile [INFO] | +- org.apache.poi:poi-ooxml-schemas:jar:3.6:compile [INFO] | | +- org.apache.xmlbeans:xmlbeans:jar:2.3.0:compile [INFO] | | | \- stax:stax-api:jar:1.0.1:compile

In my POM project, I have the following dependency on "A":

 <dependency> <groupId>org.apache.poi</groupId> <artifactId>poi</artifactId> <version>3.6</version> </dependency> <dependency> <groupId>org.apache.poi</groupId> <artifactId>poi-ooxml</artifactId> <version>3.6</version> </dependency>

Thanks in advance.

+72
maven-2 dependencies
Oct 14 '10 at 20:18
source share
4 answers

Just specify the version in the current folder. The version specified here will override another.

Coercion version
A version will always be executed if it is declared in the current POM with a specific version, however, it should be noted that this will also affect other poms downstream if it itself depends on the use of transitive dependencies.



Resources:

+67
Oct. 14 '10 at 20:26
source share

Alternatively, you can simply eliminate the dependency you don't want. STAX is included in JDK 1.6, so if you are using 1.6, you can just completely eliminate it.

My example below is a bit wrong for you - you only need one of two exceptions, but I'm not quite sure which one. There are other versions of the Stax plugin, in my example below I imported A, which imported B, which imported C and D, each of which (through increasingly transitive dependencies) imported different versions of Stax. Therefore, in my dependency on “A,” I excluded both versions of Stax.

 <dependency> <groupId>a.group</groupId> <artifactId>a.artifact</artifactId> <version>a.version</version> <exclusions> <!-- STAX comes with Java 1.6 --> <exclusion> <artifactId>stax-api</artifactId> <groupId>javax.xml.stream</groupId> </exclusion> <exclusion> <artifactId>stax-api</artifactId> <groupId>stax</groupId> </exclusion> </exclusions> <dependency>
+15
Feb 07 '12 at 1:24
source share

I also had problems redirecting dependencies in a third-party library. I used the scot approach with an exception, but I also added a dependency on the newer version in pom. (I used Maven 3.3.3)

So, for an stAX example, it would look like this:

 <dependency> <groupId>a.group</groupId> <artifactId>a.artifact</artifactId> <version>a.version</version> <exclusions> <!-- STAX comes with Java 1.6 --> <exclusion> <artifactId>stax-api</artifactId> <groupId>javax.xml.stream</groupId> </exclusion> <exclusion> <artifactId>stax-api</artifactId> <groupId>stax</groupId> </exclusion> </exclusions> <dependency> <dependency> <groupId>javax.xml.stream</groupId> <artifactId>stax-api</artifactId> <version>1.0-2</version> </dependency>
+3
May 24 '16 at
source share

What you put inside the </dependencies> root pump will be included by all child modules of the root pump. If all your modules use this dependency, this is the way to go.

However, if only 3 out of 10 of your child modules use some dependency, you do not want this dependency to be included in all of your child modules. In this case, you can simply set the dependency inside </dependencyManagement> . This ensures that any child module that needs a dependency must declare it in its own pom file, but they will use the same version of this dependency as indicated in the </dependencyManagement> .

You can also use </dependencyManagement> to change the version used in transitive dependencies, because the version declared in the topmost pom file will be used. This can be useful if your project A includes an external project B v1.0, which includes another external project C v1.0. Sometimes it happens that a security breach is detected in the C v1.0 project, which was fixed in version 1.1, but the B developers are slowly updating their project to use v1.1 of C. In this case, you can simply declare a dependency on C v1.1 in your project root is inside `, and everything will be fine (assuming that B v1.0 can still compile with C v1.1).

0
May 17 '17 at 9:05 a.m.
source share


More articles:


All Articles