I deploy my maven project to maven private server. After introducing dependencies in other projects, the version of okhttp3 changed from 4.7.2 to 3.14.9
[The maven dependency of the deployed project:mdm-auth-spring-boot-starter][1]
[1]: https://i.stack.imgur.com/JQJe6.png
[Another project introduces mdm-auth-spring-boot-starter][2]
[2]: https://i.stack.imgur.com/YVFnI.png
Why the version of okhttp3 has changed? My system is Win 10, JDK version 1.8.181, maven version 3.6.3
Reinstalling the system, JDK and maven, can not solve this problem.
The spring-boot-starter-parent:2.3.1-RELEASE that you extend manages the version of com.squareup.okhttp3:okhttp to 3.14.9 via spring-boot-dependencies:
<okhttp3.version>3.14.9</okhttp3.version>
...
<dependencyManagement>
<dependencies>
...
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>${okhttp3.version}</version>
</dependency>
...
</dependencies>
</dependencyManagement>
This is documented under dependency management:
Each release of Spring Boot provides a curated list of dependencies that it supports. In practice, you do not need to provide a version for any of these dependencies in your build configuration, as Spring Boot manages that for you.
You'll need to either accept that, and work with that version, or set the okhttp3.version property in your project for the okhtttp version that you'd like to build with.
The problem might be in transitive dependencies (some other dependency has a dependeny to okhttp3 3.14.9 and it can overriede 4.7.2 )
You can try to execute mvn dependency:tree -Dverbose=true
https://maven.apache.org/plugins/maven-dependency-plugin/examples/resolving-conflicts-using-the-dependency-tree.html
and find, which versions of okhttp3 you have, and see which other dependency brought 3.14.9 version.
Related
I have a multi module maven project with a parent POM which defines a few common dependencies as part of the dependency management as follows:
<dependency>
<groupId>com.example</groupId>
<artifactId>example-commons-core</artifactId>
<version>(1.2,)</version>
</dependency>
<dependency>
<groupId>com.example</groupId>
<artifactId>example-commons-logging</artifactId>
<version>(1.3,)</version>
</dependency>
I have added this version format to avoid permanently update versions in the POM, when a new version of the core library is created.
My problem is that by each maven build, maven will check up all repositories for new version for each dependency I got following log entries:
Downloading from snapshots: https://example.com/repository/snapshots/com.example/example-commons-core/maven-metadata.xml
Downloading from release: https://example.com/repository/release/com.example/example-commons-core/maven-metadata.xml
Downloading from 3rdparty: https://example.com/repository/3rdparty/com.example/example-commons-core/maven-metadata.xml
Downloading from central: https://repo1.maven.org/maven2/com.example/example-commons-core/maven-metadata.xml
My question is can I do the checks for example monthly?
How to avoid that maven tries to check my own dependencies on maven central repository?
The modern way to solve the problem is to avoid version ranges but use the versions maven plugin (like versions:use-latest-releases).
I am migrating everything to spring-boot version 1.4.3.RELEASE.
Before the migration I was already using spring-data-solr version 2.1.0.RELEASE.
After introduction of spring boot i started noticing some errors, missing methods etc...
So i did some digging and found that within spring boot dependencies, spring-data-releasetrain uses older version of spring-data-solr than the version that is mandatory for me.
I have attempted to redeclare dependency with the version in my pom.xml, with no luck.
What is odd is that when i check my build path under the maven dependencies, the dependency is right for spring-data-solr version 2.1.0.RELEASE. So this does not cause any compile time issues, this happens only at run time...
I was wondering whether i can just exclude spring-data-solr and reimport my own? or is there better way to manage that?
Yes you can exclude the unwanted versions and reimport your own.
But this makes only sense, if your version of spring-data-solr is compatible with the spring-boot version you are using, at compile-time as well as at run-time.
The easiest way to do this, is to declare the desired version in the dependencyManagement section of your pom. See introduction-to-dependency-mechanism
dependency management takes precedence over dependency mediation for transitive dependencies
Which means, the version you declare in dependency management should override the versions from transitive dependencies.
I had constellations, where this was not sufficient and I still found the unwanted version in my classpath. If this happens, you have to exclude that unwanted dependency.
In Maven an exclusion looks like this :
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.0.7.RELEASE</version>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
</exclusion>
</exclusions>
</dependency>
In the above code I am excluding spring-beans, so it is not introduced in the unwanted version required by spring-security-oauth2.
You need to do this for all dependencies, that somehow tear in your spring-data-solr in an unwanted version.
Your best friend when doing this is
mvn dependency:tree -Dverbose -Dincludes=org.springframework.data:spring-data-solr
Which shows you exactly, which dependencies your project has to spring-data-solr and why they are there. See Maven for details
So you make mvn dependency:tree, add exclusion and repeat until you have no dependency to the unwanted version anymore.
Than finally you add once the dependency to the desired version.
OK I am trying to use http://jongo.org, in a project I have run mvn install and dropped the jar it returns into my project but when I try and use Jongo I get Caused by: java.lang.NoClassDefFoundError: com/fasterxml/jackson/databind/Module Does Jongo not package these directly?
My question is do I need to then manually include the other jars it depends on aswell into my project root?
Yes, you need add this dependency manually in maven:
Jongo relies upon Jackson 2.4.1, Bson4Jackson 2.4.0 and Mongo Java Driver 2.11+. Its Maven dependency, an OSGI compliant jar, comes with
the first two, you have to provide a dependency to the driver.
Jongo is deployed into OSS Sonatype (Maven repository hosting service
for open source projects). Add the following dependency to your
pom.xml
<dependency>
<groupId>org.jongo</groupId>
<artifactId>jongo</artifactId>
<version>1.2</version> </dependency>
</dependency>
I have configured a Maven build with dependencies to Eclipse plugins, which are collected through a Nexus proxy which points to Maven Central. For example, I need version 2.7.0 of the org.eclipse.emf.common jar in my build. So I added a dependency in the dependency management section of the parent pom with a version like this:
<dependency>
<groupId>org.eclipse.emf</groupId>
<artifactId>org.eclipse.emf.common</artifactId>
<version>2.7.0</version>
</dependency>
However, Eclipse plugins usually suffix their version numbers with date and build number, so the plugin is actually org.eclipse.emf.common_2.7.0-v20110520-1406.jar - and it looks as if Maven fails because it believes that a 2.7.0-something is a smaller version than 2.7.0. When put the full version number in my pom, the builds works.
Now my question is: is there a good and maybe agreed upon way to specify a version 2.7.0 or higher, no matter if there are date or build number suffixed to it?
You can check all available versions using search on maven central:
http://search.maven.org/#search%7Cga%7C1%7Corg.eclipse.emf.common
Specify dependency exists only with date and build number version, so you have to use full version... But there is another dependency (with different group id) that has exact 2.7.0 version.
Just go through all availables artifacts on search.maven.org and pick what you need.
i'm kinda new to maven after coming from a simple yet uncouth ant world.
<dependencies>
<dependency>
<groupId>com.foo.bar.EPT</groupId>
<artifactId>EPTUtils</artifactId>
<version>1.2.9-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
I'm looking for a maven command to specifically update this version to 1.2.14-SNAPSHOT. I've tried
mvn -DallowSnapshots=true versions:use-latest-snapshots -Dincludes=com.foo.bar.*
but that didn't update what i had in my local repo.
Change
<version>1.2.9-SNAPSHOT</version>
to
<version>1.2.14-SNAPSHOT</version>
in the pom.xml of your Maven project. Then build the project.
mvn clean test package
Maven will download the dependency and store it in your local ~/.m2 repository.
Edit: Also see How do I tell Maven to use the latest version of a dependency? for more information about Maven and latest versions.
Edit 2: You can use the Versions Maven Plugin that as goals that can help you with that.