{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 在下西门庆 的问题《Tracking managed dependency versions in Maven》','https://www.manongdao.com/q-1353512.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Say I have a complex project with lots of dependencies. The versions of the dependencies are managed by lots of import scope poms. My project has a dependency on artifact group:artifact, which has a dependency on artifact group:transitive-dependency. When I run dependency:tree I see something like this:
+- group:artifact:jar:1.3
+- group:transitive-dependency:jar:1.1 (version managed from 1.3)
The problem is group:artifact:1.3 requires group:transitive-dependency version 1.3 or higher. Sure one of the import poms is forcing the wrong version. But is there any way to know which one is, other than searching through all of them?
You should try the maven-enforcer-plugin and configure it to do DependencyConvergence, e.g.
That will show you which top level dependencies have different versions of other dependencies in their dependency trees. You then suppress the dependency variants that you don't want using exclusions.
This happens when 2 or more parent Poms conflicting with a same artifact.
E.g.:
In my case, framework-core has log4jextentsions 2.2 mentioned. And my super-pom says log4jextentsions 2.3. Somehow the framework-core convinced maven to use log4jextentsions 2.2.
Later when I update framework-core pom to use 2.3: