How to ensure proper transitive dependencies

[Leon Rosenberg <ro...@gmail.com>]

Hello,

I have following question, I don't quite understand how to solve
properly. I have 3 projects, A,B and C.
A depends on B and C, and B depends on C.

A requires at least C version 1.06. However, after a while C got a new
feature which is now used in B. So in my situation A contains:
B version 2.0
C version 1.0.6

pom of B (2.0) contains
C version 1.0.14

When I build A, I'd expect 1.0.14 of C to be included through the
dependency to B. However, the resulting war contains 1.0.6, which
cause B 2.0 to malfunction, because it expects 1.0.14 of C.
How can I resolve this issue, without manually version of C in the pom of A?

regards
Leon

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Re: How to ensure proper transitive dependencies

[Jörg Schaible <Jo...@scalaris.com>]

Hi Leon,

Leon Rosenberg wrote:

> On Thu, Feb 2, 2012 at 6:10 PM, Jörg Schaible
> <Jo...@scalaris.com> wrote:
>> Leon Rosenberg wrote:
>>
>>> Hello,
>>>
>>> I have following question, I don't quite understand how to solve
>>> properly. I have 3 projects, A,B and C.
>>> A depends on B and C, and B depends on C.
>>>
>>> A requires at least C version 1.06. However, after a while C got a new
>>> feature which is now used in B. So in my situation A contains:
>>> B version 2.0
>>> C version 1.0.6
>>>
>>> pom of B (2.0) contains
>>> C version 1.0.14
>>>
>>> When I build A, I'd expect 1.0.14 of C to be included through the
>>> dependency to B. However, the resulting war contains 1.0.6, which
>>> cause B 2.0 to malfunction, because it expects 1.0.14 of C.
>>> How can I resolve this issue, without manually version of C in the pom
>>> of A?
>>
>> 3rd option:
>> Use a common parent and define the required versions of your dependencies
>> there in a dependencyManagement section.
>>
>> - Jörg
> 
> Thought about that, but since A,B,C are all own projects, and this
> situation is also common for further 10 projects, I would have to
> change the version of parent in all single project poms every week or
> so.... I think this will not solve the problem, but create a new one
> instead.

No, use the parent as an artifact on its own. Just because in your example 
e.g. B uses an old parent version (let's say 3), it does not mean that A and 
C can use a newer version (e.g. 5-SNAPSHOT).

- Jörg


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Re: How to ensure proper transitive dependencies

[Ansgar Konermann <an...@googlemail.com>]

Am 02.02.2012 21:16 schrieb "Leon Rosenberg" <ro...@gmail.com>:
>
> On Thu, Feb 2, 2012 at 6:10 PM, Jörg Schaible
> <Jo...@scalaris.com> wrote:
> > Leon Rosenberg wrote:
> >
> >> Hello,
> >>
> >> I have following question, I don't quite understand how to solve
> >> properly. I have 3 projects, A,B and C.
> >> A depends on B and C, and B depends on C.
> >>
> >> A requires at least C version 1.06. However, after a while C got a new
> >> feature which is now used in B. So in my situation A contains:
> >> B version 2.0
> >> C version 1.0.6
> >>
> >> pom of B (2.0) contains
> >> C version 1.0.14
> >>
> >> When I build A, I'd expect 1.0.14 of C to be included through the
> >> dependency to B. However, the resulting war contains 1.0.6, which
> >> cause B 2.0 to malfunction, because it expects 1.0.14 of C.

Adding maven-enforcer-plugin with rule dependencyConvergence will tell you
about this problem during A's build.

> >> How can I resolve this issue, without manually version of C in the pom
of
> >> A?
> >
> > 3rd option:
> > Use a common parent and define the required versions of your
dependencies
> > there in a dependencyManagement section.
> >
> > - Jörg
>
> Thought about that, but since A,B,C are all own projects, and this
> situation is also common for further 10 projects, I would have to
> change the version of parent in all single project poms every week or
> so.... I think this will not solve the problem, but create a new one
> instead.

maven-version-plugin:update-parent is your friend. You could run it
regularly on your ci server.

Best regards,

Ansgar

>
> Leon
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>

RE: How to ensure proper transitive dependencies

["Thiessen, Todd (Todd)" <tt...@avaya.com>]

Define what version of what transitive dependencies you want to use in the dep management section of the war project.

> -----Original Message-----
> From: Leon Rosenberg [mailto:rosenberg.leon@gmail.com]
> Sent: Thursday, February 02, 2012 3:16 PM
> To: Maven Users List
> Subject: Re: How to ensure proper transitive dependencies
> 
> On Thu, Feb 2, 2012 at 6:10 PM, Jörg Schaible
> <Jo...@scalaris.com> wrote:
> > Leon Rosenberg wrote:
> >
> >> Hello,
> >>
> >> I have following question, I don't quite understand how to solve
> >> properly. I have 3 projects, A,B and C.
> >> A depends on B and C, and B depends on C.
> >>
> >> A requires at least C version 1.06. However, after a while C got a
> new
> >> feature which is now used in B. So in my situation A contains:
> >> B version 2.0
> >> C version 1.0.6
> >>
> >> pom of B (2.0) contains
> >> C version 1.0.14
> >>
> >> When I build A, I'd expect 1.0.14 of C to be included through the
> >> dependency to B. However, the resulting war contains 1.0.6, which
> >> cause B 2.0 to malfunction, because it expects 1.0.14 of C.
> >> How can I resolve this issue, without manually version of C in the
> pom of
> >> A?
> >
> > 3rd option:
> > Use a common parent and define the required versions of your
> dependencies
> > there in a dependencyManagement section.
> >
> > - Jörg
> 
> Thought about that, but since A,B,C are all own projects, and this
> situation is also common for further 10 projects, I would have to
> change the version of parent in all single project poms every week or
> so.... I think this will not solve the problem, but create a new one
> instead.
> 
> Leon
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Re: How to ensure proper transitive dependencies

[Leon Rosenberg <ro...@gmail.com>]

On Thu, Feb 2, 2012 at 6:10 PM, Jörg Schaible
<Jo...@scalaris.com> wrote:
> Leon Rosenberg wrote:
>
>> Hello,
>>
>> I have following question, I don't quite understand how to solve
>> properly. I have 3 projects, A,B and C.
>> A depends on B and C, and B depends on C.
>>
>> A requires at least C version 1.06. However, after a while C got a new
>> feature which is now used in B. So in my situation A contains:
>> B version 2.0
>> C version 1.0.6
>>
>> pom of B (2.0) contains
>> C version 1.0.14
>>
>> When I build A, I'd expect 1.0.14 of C to be included through the
>> dependency to B. However, the resulting war contains 1.0.6, which
>> cause B 2.0 to malfunction, because it expects 1.0.14 of C.
>> How can I resolve this issue, without manually version of C in the pom of
>> A?
>
> 3rd option:
> Use a common parent and define the required versions of your dependencies
> there in a dependencyManagement section.
>
> - Jörg

Thought about that, but since A,B,C are all own projects, and this
situation is also common for further 10 projects, I would have to
change the version of parent in all single project poms every week or
so.... I think this will not solve the problem, but create a new one
instead.

Leon

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Re: How to ensure proper transitive dependencies

[Jörg Schaible <Jo...@scalaris.com>]

Leon Rosenberg wrote:

> Hello,
> 
> I have following question, I don't quite understand how to solve
> properly. I have 3 projects, A,B and C.
> A depends on B and C, and B depends on C.
> 
> A requires at least C version 1.06. However, after a while C got a new
> feature which is now used in B. So in my situation A contains:
> B version 2.0
> C version 1.0.6
> 
> pom of B (2.0) contains
> C version 1.0.14
> 
> When I build A, I'd expect 1.0.14 of C to be included through the
> dependency to B. However, the resulting war contains 1.0.6, which
> cause B 2.0 to malfunction, because it expects 1.0.14 of C.
> How can I resolve this issue, without manually version of C in the pom of
> A?

3rd option:
Use a common parent and define the required versions of your dependencies 
there in a dependencyManagement section.

- Jörg


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Re: How to ensure proper transitive dependencies

[Leon Rosenberg <ro...@gmail.com>]

Hello Stephen,

thanks for your reply, more inlined.

On Thu, Feb 2, 2012 at 5:29 PM, Stephen Connolly
<st...@gmail.com> wrote:
> On 2 February 2012 16:17, Leon Rosenberg <ro...@gmail.com> wrote:
>> Hello,
>>
>> I have following question, I don't quite understand how to solve
>> properly. I have 3 projects, A,B and C.
>> A depends on B and C, and B depends on C.
>>
>> A requires at least C version 1.06. However, after a while C got a new
>> feature which is now used in B. So in my situation A contains:
>> B version 2.0
>> C version 1.0.6
>>
>> pom of B (2.0) contains
>> C version 1.0.14
>>
>> When I build A, I'd expect 1.0.14 of C to be included through the
>> dependency to B. However, the resulting war contains 1.0.6, which
>> cause B 2.0 to malfunction, because it expects 1.0.14 of C.
>> How can I resolve this issue, without manually version of C in the pom of A?
>
> two solutions immediately present themselves:
>
> 1. Remove C as a dependency from A (transitive will pull it in)

yes, this will probably work, but wouldn't it be silly to have
dependencies not clearly stated?
We had a similar issue a while ago, project X used project Y, which
relied on struts, which relied on commons-validator.
Than we updated the dependency to Y to 2.0 instead of 1.x something.
What we didn't know, is that the dependency to struts was removed (or
set as provided) in project Y.
Now our code in project X, which was using EmailValidator from from
commons-validator stopped building, and we spent a lot of time trying
to track the change that broke the build.


> or
> 2. Make B depend on C [1.0.14,)
>
> Note for option #2, most people consider version ranges evil, as they
> can cause non-reproducible builds and only really work when people use
> the major.minor.patch 3 segment version numbers without qualifiers.

I think, since we control both, B and C, option 2 seems like a lesser
evil.But we will have to test it!

>
> I'd go with option 1.
>
> If B ever decides to remove its dep on C, then your build of A will
> immediately break to tell you ;-)

Thats true ;-) Unfortunately its not always easy to find a cause.

>
>>
>> regards
>> Leon
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
>> For additional commands, e-mail: users-help@maven.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Re: How to ensure proper transitive dependencies

[Stephen Connolly <st...@gmail.com>]

On 2 February 2012 16:17, Leon Rosenberg <ro...@gmail.com> wrote:
> Hello,
>
> I have following question, I don't quite understand how to solve
> properly. I have 3 projects, A,B and C.
> A depends on B and C, and B depends on C.
>
> A requires at least C version 1.06. However, after a while C got a new
> feature which is now used in B. So in my situation A contains:
> B version 2.0
> C version 1.0.6
>
> pom of B (2.0) contains
> C version 1.0.14
>
> When I build A, I'd expect 1.0.14 of C to be included through the
> dependency to B. However, the resulting war contains 1.0.6, which
> cause B 2.0 to malfunction, because it expects 1.0.14 of C.
> How can I resolve this issue, without manually version of C in the pom of A?

two solutions immediately present themselves:

1. Remove C as a dependency from A (transitive will pull it in)
or
2. Make B depend on C [1.0.14,)

Note for option #2, most people consider version ranges evil, as they
can cause non-reproducible builds and only really work when people use
the major.minor.patch 3 segment version numbers without qualifiers.

I'd go with option 1.

If B ever decides to remove its dep on C, then your build of A will
immediately break to tell you ;-)

>
> regards
> Leon
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org