dependencyManagement in parent ignored

I have a project, P1, that creates a jar. That project has a parent POM, P1-PARENT. P1-Parent includes the following:

<dependencyManagement>
    <!-- Kafka uses Zookeeper 3.3.4, but Curator requires 3.4.5. To resolve
         we specify 3.4.5 so all projects using either Kafka or Curator will
         get the later version which is compatible with both projects. -->
    <dependency>
      <groupId>org.apache.zookeeper</groupId>
      <artifactId>zookeeper</artifactId>
      <version>3.4.5</version>
    </dependency>
    <dependency>
      <groupId>org.apache.kafka</groupId>
      <artifactId>kafka_2.10</artifactId>
      <version>0.8.0</version>
    </dependency>
    <dependency>
      <groupId>org.apache.curator</groupId>
      <artifactId>curator-client</artifactId>
      <version>2.2.0-incubating</version>
    </dependency>
    <!-- A bunch of other irrelevant stuff here -->
</dependencyManagement>

This works - the output of "mvn dependency:tree" includes:

[INFO] +- org.apache.kafka:kafka_2.10:jar:0.8.0:compile
[INFO] |  +- org.apache.zookeeper:zookeeper:jar:3.4.5:compile (version managed from 3.3.4)

Note that this is the only dependency on zookeeper (verified via "mvn dependency:tree | grep zoo".

I have several other projects that also inherit from P1-PARENT and everything works fine, they all pull in ZooKeeper 3.4.5. However, A coworker of mine recently starting using P1 in one of their projects. Their project doesn't inherit from P1-PARENT. The transitive dependency they get from P1 is ZooKeeper 3.3.4, not 3.4.5. We have verified, via "mvn dependency:tree", that they get zookeeper.3.3.4 as a transitive dependency of Kafka (e.g. the output looks identical to what I've pasted above, but the version is 3.3.4 and it doesn't include the "(version managed ..." bit). Also, like my projects, the only dependency they have on ZooKeeper (transitive or otherwise) is through P1 (verified by dependency:tree and grep). The question is, why. When they include P1, shouldn't maven look at P1's parent POM when determining the transitive dependencies of P1?

I'm using Maven 3.0.5. They're using versions 3.0.3 and 3.1.1 and see the problem with both of those versions.

回答1:

Maven doesn't resolve the version transitive dependency issue in this case.

This issue can be used by using maven bom concept.

Check the maven documentation for bom in the below link http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Management

Here is another blog which explains usage of bom's http://howtodoinjava.com/maven/maven-bom-bill-of-materials-dependency/

In your case to solve this issue, you need to add a dependency of your parent pom in the dependencyManagement section of other project where you are facing the issue.

回答2:

When using Maven3, ensure you're using the right version of the maven-dependency-plugin by calling it by its fully qualified name: org.apache.maven.plugins:maven-dependency-plugin:2.8:tree. IIRC up to 2.6 gave a wrong tree. In such cases the advice was: run your project as 'mvn validate -X' to see the tree as resolved by Aether, the dependency management framework for Maven.