问题
I'll explain the question with my real situation.
I use logback 1.0.1 for logging, and it includes SLF4J 1.6.4 as a dependency. I also use the SLF4J API bridges for legacy logging API's (java.util.logging, log4j and commons-logging), which are not explicit dependencies. These must also (preferrably) be version 1.6.4.
Trying to make my pom.xml as neat and error-free as possible, I'd like to enforce that these API bridges be the same version as SLF4J. The only way I know is to manually define them as dependencies in my pom.xml using version 1.6.4. If I ever update logback and the required SLF4J version is raised, I'd need to remember to change the bridge API's to the proper version.
Can I somehow hook the legacy API's version to the version of the transitive dependency SLF4J?
Current pom.xml:
<properties>
<org.slf4j.version>1.6.4</org.slf4j.version>
</properties>
<dependencies>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.0.1</version>
<!-- requires SLF4J 1.6.4 -->
</dependency>
<!-- ... -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>${org.slf4j.version}</version>
<!-- here, how to bind this version value to SLF4J's version? -->
<scope>runtime</scope>
</dependency>
<!-- the other two bridge API's go here -->
</dependencies>
回答1:
Not in a very beautiful way :/
There is the maven enforcer plugin: http://maven.apache.org/enforcer/enforcer-rules/
so you can ban the transitive dependencies and include the version you want: http://maven.apache.org/enforcer/enforcer-rules/bannedDependencies.html
If you use a property for the good version you dont need to mess around in the enforcer plugin version.
回答2:
Dependency Convergence may help you. Thank you @wemu!
I have a same? problem.
You can clone https://gist.github.com/f35db1ac6dc8b6f45393.git
<dependencies>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.1.3</version>
<scope>runtime</scope> <!-- depends on slf4j-api:1.7.7 -->
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>${unified.slf4j-api.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${unified.slf4j-api.version}</version>
</dependency>
</dependencies>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<unified.slf4j-api.version>1.7.7</unified.slf4j-api.version>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.4.1</version>
<executions>
<execution>
<id>enforce</id>
<configuration>
<rules>
<dependencyConvergence/>
</rules>
</configuration>
<goals>
<goal>enforce</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
At this point, things just work.
$ mvn -Dverbose=true dependency:tree verify
...
[INFO] test:enforcer-dependency-convergence-test:jar:0.1-SNAPSHOT
[INFO] +- ch.qos.logback:logback-classic:jar:1.1.3:runtime
[INFO] | +- ch.qos.logback:logback-core:jar:1.1.3:runtime
[INFO] | \- (org.slf4j:slf4j-api:jar:1.7.7:runtime - omitted for duplicate)
[INFO] +- org.slf4j:log4j-over-slf4j:jar:1.7.7:runtime
[INFO] | \- (org.slf4j:slf4j-api:jar:1.7.7:runtime - omitted for duplicate)
[INFO] \- org.slf4j:slf4j-api:jar:1.7.7:compile
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (default) @ enforcer-dependency-convergence-test ---
[INFO]
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
...
$
Now let's change the slf4j-api
's version.
$ mvn -Dunified.slf4j-api.version=1.7.13 -Dverbose=true dependency:tree verify
...
[INFO] test:enforcer-dependency-convergence-test:jar:0.1-SNAPSHOT
[INFO] test:enforcer-dependency-convergence-test:jar:0.1-SNAPSHOT
[INFO] +- ch.qos.logback:logback-classic:jar:1.1.3:runtime
[INFO] | +- ch.qos.logback:logback-core:jar:1.1.3:runtime
[INFO] | \- (org.slf4j:slf4j-api:jar:1.7.7:runtime - omitted for conflict with 1.7.13)
[INFO] +- org.slf4j:log4j-over-slf4j:jar:1.7.13:runtime
[INFO] | \- (org.slf4j:slf4j-api:jar:1.7.13:runtime - omitted for conflict with 1.7.7)
[INFO] \- org.slf4j:slf4j-api:jar:1.7.13:compile
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (default) @ enforcer-dependency-convergence-test ---
[WARNING]
Dependency convergence error for org.slf4j:slf4j-api:1.7.7 paths to dependency are:
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
+-ch.qos.logback:logback-classic:1.1.3
+-org.slf4j:slf4j-api:1.7.7
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
+-org.slf4j:log4j-over-slf4j:1.7.13
+-org.slf4j:slf4j-api:1.7.13
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
+-org.slf4j:slf4j-api:1.7.13
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message:
Failed while enforcing releasability the error(s) are [
Dependency convergence error for org.slf4j:slf4j-api:1.7.7 paths to dependency are:
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
+-ch.qos.logback:logback-classic:1.1.3
+-org.slf4j:slf4j-api:1.7.7
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
+-org.slf4j:log4j-over-slf4j:1.7.13
+-org.slf4j:slf4j-api:1.7.13
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
+-org.slf4j:slf4j-api:1.7.13
]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
...
$
回答3:
Just don't directly depend on slf4j in your top level pom.
来源:https://stackoverflow.com/questions/33813496/can-i-refer-one-of-transitive-dependencys-version-in-pom-xml