I have a maven project, called Data_Types. This is a dependency in a different project called ApiUse as such
Data_Types pom.xml
<artifactId>Data_Types</artifactId>
<version>0.1.10.1</version>
<name>DataTypes</name>
ApiUse pom.xml
....
<artifactId>ApiUse</artifactId>
<version>0.0.12.1</version>
...
<dependency>
<groupId>xxx</groupId>
<artifactId>Data_Types</artifactId>
<version>[0,)</version>
</dependency>
when I use the eclipse "Dependency Hierarchy" I get it just fine to the latest version
The problem arises when I import that second project to a third one.
For some reason even thought I am getting the proper latest version of ApiUse, the it is loading an older version of Data_Types instead of the latest one.
If I change the declaration from [0,) to 0.1.10.1 It loads it just fine. It makes no sense to me. Any ideas? Thanks
EDIT
as you can see from the screen shot, on this particular case the old version is not used, because the same dependency is imported from a different class, and maven is using that other version (which happens to be the latest one, but this is not always the case). In any case this old version should not be imported in the first place. My problem is not that this version is omitted. It shouldn't be there in the first place. I have noticed that even though the latest version is loaded, some methods are loaded from the old version. It sounds stupid, I know, but thats what I have noticed
Your 2nd screenshot says the the dependency Data_Types:0.0.1 was omitted for conflict. This means that it is also provided from another dependency.
You can use mvn dependency:tree or your IDE features to find out where it comes from.
Supposing you don't have control over all the dependencies, you can use a <dependencyManagement> section in your 3rd project to "force" a specific version of Data_Types.
Also note that it's often not recommended to use non-fixed versions like [0,) although it's opinion-based.
Related
I want to update this package's version, but I didn't find this package in my pom file under root directory
How can I update this package's version? Do I need to do it directly in the pom file under the Maven package?
This is my dependency tree, and I want to upgrade to 1.31
If you don’t use it directly, then it is coming from one of your dependencies. You can check which one using
mvn dependency:tree
With IntelliJ IDEA, you can also open the Maven view, then right-click the project and select “Analyze Dependencies…” to get the same information.
Ideally, you should keep it as a transitive dependency, otherwise you will have to take care of its upgrade every time you upgrade the library that actually depends on it. Moreover, there can be issues if you upgrade only the transitive dependency and not the intermediate one (e.g. for Spring).
The best solution would thus be to upgrade that intermediate dependency, assuming that they have released a new version of it (SnakeYAML 1.29 being affected by CVE-2022-25857, there are good chances).
Only if you can’t do that, you should add the dependency in the <dependencyManagement> section of your pom.xml, but don’t forget tot maintain it from now on (and remove it once the intermediate dependency is upgraded).
If you can't find it in your pom then it means it's a transitive dependency pulled in by one of your other dependencies. You can just redefine this as a normal dependency in your pom and it will override the version to be whatever you like.
When I execute in my Maven project the Versions Maven Plugin plugin with the command:
mvn versions:use-latest-versions
The pom.xml is updated with updated dependencies as it is supposed to do.
The problem is that some libraries are updated to version as new as the do not contains some of the packages used in previous versions so the compiler says package not found. Does anybody know how to avoid automatically? I mean, update to the latest version which have the packages and classes I am using in my code.
In my opinion, there is no easy way to determine which version update is "save".
Even if you would check that all classes you compile against still exist, method signatures might have changed. And even if all the method signatures stay the same, the behaviour might have changed, leading to runtime exception etc.
The only reasonable way I know to check a version update is to run a compile and run all test cases. Doing this for all combinations of possible version updates is possible but it will take a lot of time.
The plugin is not going to analyse your code and adjust the dependencies version accordingly.
The objective of the goal use-latest-versions is to upgrade your project to the latest release of your project dependencies, and as a result of you may have compilation and deployment problems.
Once you identified the problems you need to fix all the problems so that your whole project is upgraded to the latest releases of your dependencies.
The problem is that some libraries are updated to version as new as
the do not contains some of the packages used in previous versions so
the compiler says package not found. Does anybody know how to avoid
automatically? I mean, update to the latest version which have the
packages and classes I am using in my code.
Of course, it is not possible.
Updating dependencies is not a game of chance.
If you need to have the last version of a dependency, you should not worry about if this version breaks or doesn't break your code because you need it.
You update a library because you need to update that version. If you don't need to update your dependencies, don't update your dependencies, but if you need to do that, you should make the work to update your code too if necessary.
Netbeans IDE 8.0.2 created a new maven project.
This is a brand new project so there are no previous installed dependencies
Trying to add spring dependencies but netbeans only show older versions.
For example
When search the repository it should be 4.0.x How do I fix this?
Thank you
Even thought it might be a new project I imagine your .m2 cache still has all the old version. I'm not sure how NetBeans builds that screen, but if it's based on your cache rather than what's on central you won't see the newer versions until maven pulls them in
--EDIT--
To manually add the dependency go to MvnRepository and search for the dependency on Spring you need, then copy-paste the generate pom dependency entry into your pom.xml then update your dependencies.
Only 1024 of 81415 results shown. Consider narrowing your search
The index search returns the results in fairly random order, so even though Netbeans tries to give you a grouped view, there will be holes because some versions were not included in the 1024 results shown.
A limited number of results is shown for performance reasons. AFAIK.
For reason unknown. You need to type
'org.springframwork'
To yield the newest version.
Any thing like the following will not work
'spring',
'springframework'
I'm maintaining an open source java library which has itself some dependencies to third party libraries (e.g. commons-beanutils:commons-beanutils-1.8.3). During development I just added the most recent version of such libraries to my pom. Now I did some changes to my library and realized that those versions are no more recent.
I'm now wondering which strategy is best practice with such dependencies.
My feeling says run mvn versions:use-latest-releases test.
I would recommend using mvn versions:display-dependency-updates and updating relevant libraries by hand.
It is not necessary to always use the latest version of the library.
Usually, should update your dependencies if:
you need a feature of the new version (for major and minor releases)
the update resolves a known bug (that affects you)
the update fixes a security problem.
resolves an incompatibility with another dependency
Otherwise, consider staying on your current version.
You might, temporarily consider using version ranges commons-beanutils:commons-beanutils:[1.8.0,1.9.0) to always use the latest bugfix version. Note however, that this results in non-reproducable builds and must be changed before releasing your project.
Is it any way to run Maven as if you were in another date?
My problem is I have a pom that worked with a large amount of "RELEASE" versions a month ago, but now some changes in the packages makes my project unable to run (support for some features has been discontinued). Unfortunately this dependencies are quite a lot and I don't know the version they were at that time, is there any way to run maven and tell to download the packages that were "RELEASE" version as of a specified date?
I'm editing because I feel I explained my problem poorly.
Assume I have the following dependency in my pom.xml
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>RELEASE</version>
</dependency>
If I run "mvn something" today it will fetch commons-io 2.4 but if I were to run two years ago it would have fetched commons-io 2.2
I'd like to run maven and tell him to fetch the package being the RELEASE version at some time in the past.
No, it's not possible to resolve versions "as if" at a particular time in the past, and for this reason it is almost always preferable to use explicit versions rather than LATEST or RELEASE.
If you have a specific date in mind, you can check Central (e.g., for commons-io) and see the latest version deployed before that date. You would then need to edit your pom to use that version.
Central has an API (e.g, those same commons-io results as JSON) which would allow you to automate this.
This might not be possible with maven,to revert the pom file as per a specific date,i think to overcome this type of problems and to have more advantages we use SVN , GIT .
Maven is just a build tool,its not like or provide any of the function for version control or can keep track for the changes in dependencies.
I don't know maven well and I'm not sure this will work, but it might give you some ideas:
1: Back up your pom.xml file (so you can recover if the following doesn't work)
2: Remove all dependancy tags in the pom.xml file.
3: Insert just the major dependancy tags for major jar files (example: hibernate or spring) (and no others) and specify their (old) versions in the tag.
4: Compile.
5: I believe maven will download the appropriate versions of any supporting jar files (such as commons-io) that those versions of hibernate and spring needs.
6: Repeat step 3 through 5 for any other major jar files after going to their web pages and seeing what version was in existance in the past that you need.