0

The dumbster:dumbster:1.6 that we using (from Maven Central) declares a dependency to javax.mail:mail:1.3.2. Unfortunately, Maven Central contains jars for javax.mail:mail only starting from version 1.4. Everything works fine if I add a dependency to both dumbster:dumbster:1.6 and javax.mail:mail:1.4.1.

But I would like to avoid to tell all our developers that dumbster does not work transitively but needs an extra mail.jar. Is there any way to avoid this?

I have the impression that this problem is more general: Jars from Maven Central which point outside Maven Central may cause problems.

J Fabian Meier
  • 33,516
  • 10
  • 64
  • 142

1 Answers1

1

First this dumbster dep is a little bit old and yes you are right..it is a problem or better was a problem. Long a ago the rules for central have been changed so you can't put pom's (jar's) into Central which reference jars / deps which are not in Central.

The usual solution is to define such a dependency within a corporate pom file which declares it within dependencyManagement and exclude the transitive dependency and add a newer version.

<dependencyManagement>
  <dependencies>
    <dependency>
      <groupId>dumbster</groupId>
      <artifactId>dumbster</artifactId>
      <version>1.6</version>
      <exclusions>
        <exclusion>
          <groupId>javax.mail</groupId>
          <artifactId>mail</artifactId>
        </exclusion>
      </exclusions>
    </dependency>
    <dependency>
      <groupId>javax.mail</groupId>
      <artifactId>mail</artifactId>
      <version>1.4.1</version>
    </dependency>
  </dependencies>
</dependencyManagement>

By using the above your developers will be forced to define javax.mail smiply by adding the following. If they forgot to add javax.mail there build will fail.

<dependencies>
  <dependency>
    <groupId>dumbster</groupId>
    <artifactId>dumbster</artifactId>
  </dependency>
  <dependency>
    <groupId>javax.mail</groupId>
    <artifactId>mail</artifactId>
  </dependency>
</dependencies>

You can also force the usage of the right version by using the maven-enforcer-plugin.

khmarbaise
  • 92,914
  • 28
  • 189
  • 235