Maven - Detect Multiple Versions of the Same Dependency

Question

I just experienced a case of two direct dependencies of my maven project having two different versions of a particular transitive dependency.

In my particular case I had

Answer 1

@Clement P has provided you with a perfectly good answer. Note however that it might be insufficient for multi-module projects.

The depedndencyconvergence goal of the enforcer plugin knows how to detect transitive dependency collisions, but a collision may hide itself in a different manner.

Suppose you have a multi-module project. Root is A and it has 2 sub modules, B1 and B2.

B1 declares a dependency on artifact a:b:c: 1.1, while B2 declares a dependency on artifact a:b:c: 2.0

In this case, if both modules are built and deployed with their dependencies- you will have a collision, but it is a kind the enforcer plugin does not know how to detect. Since project A doesn't (can't) depend on its sub modules.

In order to overcome this problem in our organization, we used the dependency:list plugin and analyzed its output manually.

Rough description of the process:The output of running this goal is a list of all transitive dependencies of all the projects in the project hierarchy. We than parse the output, sort the dependencies and search only for those artifacts that differ only by version id. This requires some scripting in your CI env but it is the only way for now to get the overall picture.