0

I understand that dependencyManagement in Maven gives you great benefits in terms of avoiding different versions of dependencies in sub-poms and in using one (and only one) version of a dependency.

At the same time, I am struggling to understand why overriding transitive dependencies by dependencyManagement is a safe thing to do. Let's say that we have a dependency D which is set to version 2.0 with dependencyManagement. Another dependency - C - also uses D, although it depends on D in version 1.0. With dependencyManagement, I am setting this transitive dependency up to 2.0. Isn't this dangerous? After all, C relies on the API and the implementation of version 1.0 - what if breaking changes have been made between the versions 1.0 and 2.0 of D?

user3058865
  • 460
  • 1
  • 4
  • 10
  • 1
    What you described is a very possible problem and i personally had the joy fixing maven dependencies on some of our projects because they had conflict which lead to "NoSuchMethodException" being thrown. But its not an everyday occurrence – OH GOD SPIDERS Oct 16 '20 at 15:19

2 Answers2

1

It is not a safe thing to do.

It can lead to the problems you describe.

But as you cannot have more than one version of a dependency (at least, not without shading), you need to pick one or let Maven decide. The latter is in most cases more dangerous than picking a reasonable version yourself.

J Fabian Meier
  • 33,516
  • 10
  • 64
  • 142
1

It works because D 2.0 is backward compatible. So D 2.0 provides all APIs, functionalities as D 1.0, and thus C can use it.

If D 2.0 is not backward compatible, then you have a conflict. You might need to upgrade C, or find a lower version of D that all your dependencies can happily rely on.

You can use mvn dependency:tree to resolve conflicts as mentioned here

Rocherlee
  • 2,536
  • 1
  • 20
  • 27