Ah! So, reading between the lines, you're recommending that I issue this
command:
mvn help:effective-pom -Dverbose=true
I didn't know there was a `verbose` option for the effective POM that
had anything to do with dependency management. Thanks. That gives me
effective dependency management, along with the POM it comes from—even
with line numbers. Nice!
And (drumroll …) it looks like
`biz.aQute.bnd:biz.aQute.bnd.annotation:6.4.1` is coming from
`org.apache.logging:logging-parent:10.1.1`.
And `org.mockito:mockito-inline:4.8.1` was getting in because one of my
own dependencies 😊 hasn't been updated to use my newer root POM, which
manages the versions of testing libraries. hehe It's good to find
out—and now to know /how/ to find out.
Thanks, Tamás.
Garret
On 11/9/2023 5:25 PM, Tamás Cservenák wrote:
Well, depMgt is "flattened" (so if depMgt import of POM imports another POM
and ...), and if you use verbose with effective, you will see the source of
flattened things, at least....
T
On Thu, Nov 9, 2023 at 9:18 PM Garret Wilson<gar...@globalmentor.com>
wrote:
On 11/9/2023 5:10 PM, Tamás Cservenák wrote:
Howdy,
Did you try to take a peek at effective POM?
Hi. The effective POM doesn't show me anything helpful—and I don't know
that I expected it to. The effective POM simple resolves the inheritance
tree, right? I don't know if that would have any relationship to
transitive dependency management.
But also,https://issues.apache.org/jira/browse/MPH-183
So that seems to be a suggestion someone made to make the effective POM
show something about dependency management, but was never
finished/integrated?
Garret
On Thu, Nov 9, 2023 at 9:04 PM Garret Wilson<gar...@globalmentor.com>
wrote:
In my Maven project (an aggregate project with child projects) I issue
the following command for the Versions Maven Plugin:
mvn versions:display-dependency-updates
There are a couple of outdated dependencies I'm not sure where are
coming from:
[INFO] The following dependencies in Dependency Management have newer
versions:
[INFO] biz.aQute.bnd:biz.aQute.bnd.annotation ................ 6.4.1
-> 7.0.0
[INFO] org.mockito:mockito-inline ............................ 4.8.1
-> 5.2.0
Unfortunately, try as I might, I can't find which library references
these. I've tried the following with the Maven Dependency Plugin, both
in the root project and in child projects:
mvn dependency:tree
None of the output mentions `biz.aQute.bnd:biz.aQute.bnd.annotation` or
`org.mockito:mockito-inline`.
The two suspects are:
* `com.amazonaws:aws-lambda-java-log4j2:1.6.0` or
`org.apache.logging.log4j:log4j-bom:2.21.1` (for
`biz.aQute.bnd:biz.aQute.bnd.annotation`)
* `com.fasterxml.jackson:jackson-bom:2.15.3` (for
`org.mockito:mockito-inline`)
But those are just suspicions based upon the additional dependency
management I have in the subprojects where those outdated dependencies
show up.
Is there any command I can use to find out which dependency is bringing
in the outdated dependencies listed by the Versions Maven Plugin?
Thanks,
Garret
---------------------------------------------------------------------
To unsubscribe,e-mail:users-unsubscr...@maven.apache.org
For additional commands,e-mail:users-h...@maven.apache.org
