I ran mvn dependency:tree for a project and I saw output like the following:
[INFO] my:project:jar:1.0.0-SNAPSHOT
[INFO] +- some.other:library:jar:2.0.0:compile
[INFO] |  \- org.slf4j:slf4j-api:jar:1.6.1:compile
[INFO] +- org.slf4j:slf4j-simple:jar:1.6.0:compile
[INFO] |  \- (org.slf4j:slf4j-api:jar:1.6.0:compile - omitted for conflict with 1.6.1)
This is a bad state to be in because my project depends directly on slf4j 1.6.0 and some library that we depend on transitively depends on slf4j 1.6.1. These two versions happen to be binary compatible so the build passes without any warnings. Is there a way to get Maven to be more strict about its dependency resolution so that I could configure a new build that would fail in this scenario? In this case, the solution would be to just update our dependency to the newer version of slf4j.
The maven-enforcer-plugin has a dependencyConvergence configuration which does what I want. Coincidentally, the example from the documentation uses slf4j.
Configure it like this:
<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-enforcer-plugin</artifactId>
    <version>1.0</version>
    <executions>
        <execution>
            <id>enforce</id>
            <configuration>
                <rules> 
                    <DependencyConvergence />
                </rules>
            </configuration>
            <goals> 
                <goal>enforce</goal>
            </goals>
        </execution>
    </executions>
</plugin>
This combination of dependencies will cause a build to fail:
  <dependencies>
    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-jdk14</artifactId>
      <version>1.6.1</version>
    </dependency>
    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-nop</artifactId>
      <version>1.6.0</version>
    </dependency>
  </dependencies>  
With this being logged during compilation:
[ERROR]
Dependency convergence error for org.slf4j:slf4j-api:1.6.1 paths to dependency are:
+-org.myorg:my-project:1.0.0-SNAPSHOT
  +-org.slf4j:slf4j-jdk14:1.6.1
    +-org.slf4j:slf4j-api:1.6.1
and
+-org.myorg:my-project:1.0.0-SNAPSHOT
  +-org.slf4j:slf4j-nop:1.6.0
    +-org.slf4j:slf4j-api:1.6.0
Though dated, I think this SO discussion is related.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With