I have added a dependency in my parent pom under dependecymanagement.
ParentPom
<dependecyManagement>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>some version</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencyManagement>
In my child pom I am simply inherting the dependecy without version
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</dependency>
When I do dependency tree on my child pom its still showing commons-logging in tree which is excluded in parent pom .
mvn dependency:tree -Dverbose -Dincludes=commons-logging:commons-logging
This is the dependecy tree from child.
[INFO] \- org.springframework:spring-core:jar:parent version .RELEASE:compile
[INFO] \- commons-logging:commons-logging:jar:some version:compile
Though version no is getting inherited why not excluded dependency is getting inherited from parent pom is what I am looking for.
Am I assuming anything wrong? or is that how maven behaves?
Valid solutions would be appreciated.
TIA
Related
The problem I encountered is this, here is the definition in my POM file.\
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.0.0.RELEASE</version>
</dependency>
In this dependency, It's having a sub-dependency which is starter-tomcat
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<version>2.0.0.RELEASE</version>
<scope>compile</scope>
</dependency>
But In my maven tree
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:2.0.0.RELEASE:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.3.6.RELEASE:compile
By the way this project have a parent, In parent There is a 2.3.6 starter-webdependency.
I want to know why the sub-dependency starter-tomcat in the web-starter I referenced 2.0.0 is not the 2.0.0 I see, but 2.3.6 in the parent dependency.
I got it.
There are two ways to solve this question
exclude your sub-dependency and add a new version dependency.
use to control this denpendency
I'm adding the following dependencies to my maven project:
<dependency>
<groupId>io.kubernetes</groupId>
<artifactId>client-java</artifactId>
<version>10.0.0</version>
</dependency>
<dependency>
<groupId>io.kubernetes</groupId>
<artifactId>client-java-extended</artifactId>
<version>10.0.0</version>
</dependency>
However, after adding this, StringUtils.defaultsIfBlank disappears and my code fails to compile. I've tried adding the following exclusions to these dependencies:
<exclusions>
<exclusion>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</exclusion>
</exclusions>
I found that the StringUtils class that goes into the classpath is coming from io.sundr:sundr-codegen:0.22.0 which is a dependency from Kube and is packed as an uber jar. this seems odd, how do I make the StringUtils in my direct dependency to take precendence?
You can see which version of commons-lang is being pulled in by using the dependency:tree goal. It sounds like perhaps one of these dependencies you list above is transitively bringing in a different version of commons-lang than you are implicitly requiring.
I'm using multiple spring based maven repositories in a web project, and I'm having problems with the dependencies used by child POM.
I have a parent POM like this:
<dependencyManagement>
<dependencies>
<!-- SPRING -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.3.0.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- SPRING SECURITY -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-bom</artifactId>
<version>4.1.0.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- SPRING BOOT -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>1.3.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- SPRING WS -->
<dependency>
<groupId>org.springframework.ws</groupId>
<artifactId>spring-ws-core</artifactId>
<version>2.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.ws</groupId>
<artifactId>spring-ws-security</artifactId>
<version>2.2.3.RELEASE</version>
</dependency>
<!-- OTHER DEPENDENCIES OMITTED -->
</dependencies>
</dependencyManagement>
And a child POM like this:
<dependencies>
<dependency>
<groupId>org.springframework.ws</groupId>
<artifactId>spring-ws-security</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</dependency>
<!-- OTHER DEPENDENCIES OMITTED -->
</dependencies>
As far as my understanding of maven exclusion goes, this should avoid the overriding of the parent POM version, but due to the fact that spring-ws-security depends on a lower version of spring-core (4.0.9) whose method have been changed I can't deploy the app on a tomcat local server because of a NoSuchMethodError Exception, which can be also triggered when the app is actually deployed but the dependences to the old spring-core version remains.
How can I avoid this overriding of dependencies?
Or is there some way of using both dependencies (which as far as I've searched is not secure)?
Links visited already:
Similar problem, but from child to parent,
Exclusions example
Just a few mentions, I've visited others as well but forgot the links.
Edit: spring-ws dependencies use spring 4.0.9 which is overriding the 4.3.0 version (the one I need to use) I've defined in the parent POM.
+- org.springframework.ws:spring-ws-core:jar:2.2.3.RELEASE:compile
[INFO] | | | +- org.springframework:spring-oxm:jar:4.3.0.RELEASE:compile (version managed from 4.0.9.RELEASE)
[INFO] | | | +- org.springframework:spring-web:jar:4.3.0.RELEASE:compile (version managed from 4.0.9.RELEASE)
[INFO] | | | \- org.springframework:spring-webmvc:jar:4.3.0.RELEASE:compile (version managed from 4.0.9.RELEASE)
You can simply do explicit override in your child pom by mentioning the version 4.0.9, like below.
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>4.0.9</version>
</dependency>
As quoted below, this version will affect the child-of-child pom, if any.
Forcing a version
A version will always be honoured if it is declared
in the current POM with a particular version - however, it should be
noted that this will also affect other poms downstream if it is itself
depended on using transitive dependencies.
I have a project that needs to depend on a ZIP file which is produced by another project. That 'other project' is not under my control. The ZIP file is required for correctly building my project. It is not required for execution of my project. I need Maven to download the ZIP file for me.
I currently create a dependency on the ZIP artifact like this:
<dependency>
<groupId>org.foo</groupId>
<artifactId>zeus</artifactId>
<version>1.1</version>
<type>zip</type>
<scope>test</scope>
</dependency>
My problem is the scope. If I use anything but test it brings with it a lot of transitive dependencies from 'other project' which screws up my own project. Using test as the scope actually does the job but it shows in my IDE as a Test-dependency. So I feel I'm doing something wrong. This is not a test-dependency!
I've looked through the available Maven scopes ('compile', 'provided', etc) and I just cannot seem to find one that matches my use case. Am I doing something wrong?
You can just exclude all transitive dependencies with wildcard:
<dependency>
<groupId>org.foo</groupId>
<artifactId>zeus</artifactId>
<version>1.1</version>
<type>zip</type>
<scope>compile</scope>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
(source Exclude all transitive dependencies of a single dependency)
You have to declare all transitive dependencies as exclusions:
<dependency>
<groupId>org.foo</groupId>
<artifactId>zeus</artifactId>
<version>1.1</version>
<type>zip</type>
<scope>compile</scope>
<exclusions>
<exclusion>
<groupId>org.foo</groupId>
<artifactId>transitive-dep-1</artifactId>
</exclusion>
<exclusion>
<groupId>org.foo</groupId>
<artifactId>transitive-dep-2</artifactId>
</exclusion>
<!-- add all transitive deps. -->
</exclusions>
</dependency>
I got a strange error in my pom.xml. Maven (I'm using Maven 2) is signaling Missing artifact javax.jws:jsr181:jar:1.0, even if I get the corresponding dependency in my pom.xml:
<dependency>
<groupId>javax.jws</groupId>
<artifactId>jsr181</artifactId>
<version>1.0</version>
</dependency>
What could possibly be the cause of this error?
Ok, I found the solution to the problem. I think the way to find it could be interesting, too.
When I look on mvnrepository.com, the pom file on the repository pointed on an URL on bea.com, which is not available anymore. So I had to change to the maintenance release, like Brian Agnew suggested. And of course, update some other dependencies in my pom.xml, which needed the obsolete version in their own dependencies. Maven comes with a cost...
<!-- https://mvnrepository.com/artifact/javax.jws/jsr181-api -->
<dependency>
<groupId>javax.jws</groupId>
<artifactId>jsr181-api</artifactId>
<version>1.0-MR1</version>
</dependency>
<dependency>
<groupId>javax.xml.ws</groupId>
<artifactId>jaxws-api</artifactId>
<version>2.1-1</version>
<exclusions>
<exclusion>
<groupId>javax.jws</groupId>
<artifactId>jsr181</artifactId>
</exclusion>
</exclusions>
</dependency>
Looking at my repository, I think you want:
<dependency>
<groupId>sun-jaxws</groupId>
<artifactId>jsr181-api</artifactId>
<version>1.0</version>
</dependency>