Maven 2 - define dependency version from transitive dependency version

*爱你&永不变心* 提交于 2020-01-07 09:12:20

问题


I'll explain the question with my real situation.

I use logback 1.0.1 for logging, and it includes SLF4J 1.6.4 as a dependency. I also use the SLF4J API bridges for legacy logging API's (java.util.logging, log4j and commons-logging), which are not explicit dependencies. These must also (preferrably) be version 1.6.4.

Trying to make my pom.xml as neat and error-free as possible, I'd like to enforce that these API bridges be the same version as SLF4J. The only way I know is to manually define them as dependencies in my pom.xml using version 1.6.4. If I ever update logback and the required SLF4J version is raised, I'd need to remember to change the bridge API's to the proper version.

Can I somehow hook the legacy API's version to the version of the transitive dependency SLF4J?

Current pom.xml:

    <properties>
    <org.slf4j.version>1.6.4</org.slf4j.version>
</properties>

<dependencies>
    <dependency>
        <groupId>ch.qos.logback</groupId>
        <artifactId>logback-classic</artifactId>
        <version>1.0.1</version>
        <!-- requires SLF4J 1.6.4 -->
    </dependency>
    <!-- ... -->
    <dependency>
        <groupId>org.slf4j</groupId>
        <artifactId>log4j-over-slf4j</artifactId>
        <version>${org.slf4j.version}</version>
        <!-- here, how to bind this version value to SLF4J's version? -->
        <scope>runtime</scope>
    </dependency>
    <!-- the other two bridge API's go here -->
</dependencies>

回答1:


Not in a very beautiful way :/

There is the maven enforcer plugin: http://maven.apache.org/enforcer/enforcer-rules/

so you can ban the transitive dependencies and include the version you want: http://maven.apache.org/enforcer/enforcer-rules/bannedDependencies.html

If you use a property for the good version you dont need to mess around in the enforcer plugin version.




回答2:


Dependency Convergence may help you. Thank you @wemu!

I have a same? problem.

You can clone https://gist.github.com/f35db1ac6dc8b6f45393.git

<dependencies>
  <dependency>
    <groupId>ch.qos.logback</groupId>
    <artifactId>logback-classic</artifactId>
    <version>1.1.3</version>
    <scope>runtime</scope> <!-- depends on slf4j-api:1.7.7 -->
  </dependency>
  <dependency>
    <groupId>org.slf4j</groupId>
    <artifactId>log4j-over-slf4j</artifactId>
    <version>${unified.slf4j-api.version}</version>
    <scope>runtime</scope>
  </dependency>
  <dependency>
    <groupId>org.slf4j</groupId>
    <artifactId>slf4j-api</artifactId>
    <version>${unified.slf4j-api.version}</version>
  </dependency>
</dependencies>
<properties>
  <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  <unified.slf4j-api.version>1.7.7</unified.slf4j-api.version>
</properties>
<build>
  <plugins>
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
       <artifactId>maven-enforcer-plugin</artifactId>
       <version>1.4.1</version>
       <executions>
         <execution>
           <id>enforce</id>
           <configuration>
             <rules>
               <dependencyConvergence/>
             </rules>
           </configuration>
           <goals>
             <goal>enforce</goal>
           </goals>
         </execution>
       </executions>
     </plugin>
  </plugins>
</build>

At this point, things just work.

$ mvn -Dverbose=true dependency:tree verify
...
[INFO] test:enforcer-dependency-convergence-test:jar:0.1-SNAPSHOT
[INFO] +- ch.qos.logback:logback-classic:jar:1.1.3:runtime
[INFO] |  +- ch.qos.logback:logback-core:jar:1.1.3:runtime
[INFO] |  \- (org.slf4j:slf4j-api:jar:1.7.7:runtime - omitted for duplicate)
[INFO] +- org.slf4j:log4j-over-slf4j:jar:1.7.7:runtime
[INFO] |  \- (org.slf4j:slf4j-api:jar:1.7.7:runtime - omitted for duplicate)
[INFO] \- org.slf4j:slf4j-api:jar:1.7.7:compile
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (default) @ enforcer-dependency-convergence-test ---
[INFO]
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
...

$

Now let's change the slf4j-api's version.

$ mvn -Dunified.slf4j-api.version=1.7.13 -Dverbose=true dependency:tree verify
...
[INFO] test:enforcer-dependency-convergence-test:jar:0.1-SNAPSHOT
[INFO] test:enforcer-dependency-convergence-test:jar:0.1-SNAPSHOT
[INFO] +- ch.qos.logback:logback-classic:jar:1.1.3:runtime
[INFO] |  +- ch.qos.logback:logback-core:jar:1.1.3:runtime
[INFO] |  \- (org.slf4j:slf4j-api:jar:1.7.7:runtime - omitted for conflict with 1.7.13)
[INFO] +- org.slf4j:log4j-over-slf4j:jar:1.7.13:runtime
[INFO] |  \- (org.slf4j:slf4j-api:jar:1.7.13:runtime - omitted for conflict with 1.7.7)
[INFO] \- org.slf4j:slf4j-api:jar:1.7.13:compile
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (default) @ enforcer-dependency-convergence-test ---
[WARNING]
Dependency convergence error for org.slf4j:slf4j-api:1.7.7 paths to dependency are:
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
  +-ch.qos.logback:logback-classic:1.1.3
    +-org.slf4j:slf4j-api:1.7.7
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
  +-org.slf4j:log4j-over-slf4j:1.7.13
    +-org.slf4j:slf4j-api:1.7.13
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
  +-org.slf4j:slf4j-api:1.7.13

[WARNING] Rule 0: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message:
Failed while enforcing releasability the error(s) are [
Dependency convergence error for org.slf4j:slf4j-api:1.7.7 paths to dependency are:
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
  +-ch.qos.logback:logback-classic:1.1.3
    +-org.slf4j:slf4j-api:1.7.7
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
  +-org.slf4j:log4j-over-slf4j:1.7.13
    +-org.slf4j:slf4j-api:1.7.13
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
  +-org.slf4j:slf4j-api:1.7.13
]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
...

$



回答3:


Just don't directly depend on slf4j in your top level pom.



来源:https://stackoverflow.com/questions/33813496/can-i-refer-one-of-transitive-dependencys-version-in-pom-xml

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!