Hi David, On Saturday , 29. July 2023, 01:29:14 CEST David Karr wrote: > In general, I know how to override transient artifact versions. You add an > "exclusion" for the artifact on the dependency that is including that > dependency, and then you manually add that dependency in the same pom where > you added the exclusion.
Well, no. You do have to use exclusions only, if group or artifact is different, but not for the version. For all artifacts you want to maintain the version yourself, you add a managementDependencies section to your current POM or even better to a common parent POM where you maintain versions for a couple of (sub-)projects. > In my case, the version I want is defined in a > bom in our parent pom, so I don't have to specify the version in that > dependency. > > This works fine, if I do this exclusion and inclusion in the overall "child > pom". > > However, I maintain the parent pom and platform, and there will be dozens > of "child poms" that will need to do this. I would much rather do this > "fixup" in the poms for the libraries in our platform. Those poms specify > the dependencies whose versions I need to control. This is exactly the right lace for a common dependencyManagement section. > I've been struggling with trying to do this, along with trying to > understand the output of "mvn dependency:tree" and the apparently > functionally similar output in the "Dependency Hierarchy" view in Eclipse > using the m2e plugin. I'd not rely on that, since AFAICS Eclipse (resp. m2e) will do its own thing resolving Maven deps. > Although I can loosely see the hierarchical output > from these, I find determining the actual details of where dependencies are > coming from is very mystifying. > > To get down to actual details, my problem is that I'm ending up with > different versions of "jackson-core" and "jackson-databind". I need to > ensure that I have the same versions of both. I am getting v2.14.1 of > jackson-databind and v2.13.5 of jackson-core. We are specifying v2.13.5 in > our parent pom, but somehow something in the tree is giving us v2.14.1 of > jackson-databind. The only thing that might affect your own definitions in a dependencyManagement section are imports of other POMs (typically called BOMs) in this section, since their dependencies will behave as if they where defined in your dependencyManagement section also. Currently I am not sure if your own definitions take precedence if you define those before or after importing a bom, but that you can easily check with the dependency:tree So simply add the two jackson artifacts with the required version to your own depMgmnt section. [snip] > > I'm very confused. > > I think I remember seeing discussions in the dev list about improving the > output of dependency:tree to be clearer, I don't know if there's been any > progress on that. Regards, Jörg --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org