maven dependency pulling a wrong dependency

DarthVader picture DarthVader · Nov 29, 2012 · Viewed 13.7k times · Source

I have a dependency as follows:

    <dependency>
        <groupId>org.apache.httpcomponents</groupId>
        <artifactId>httpclient</artifactId>
        <version>4.2</version>
        <scope>compile</scope>
    </dependency>

This is pulling down another dependency httpcore.4.1.4 which throws a ClassDefNotFound, when i deploy httpcore.4.2 everything works.

I added both of the dependencies as follows:

    <dependency>
        <groupId>org.apache.httpcomponents</groupId>
        <artifactId>httpclient</artifactId>
        <version>4.2</version>
        <scope>compile</scope>
    </dependency>

    <dependency>
        <groupId>org.apache.httpcomponents</groupId>
        <artifactId>httpcore</artifactId>
        <version>4.2</version>
        <scope>compile</scope>
    </dependency>

and still facing the same issue ie: mvn brings down httpcore.4.1.2 not httpcore.4.2

how can i resolve this?

EDIT:

added;

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpcore</artifactId>
            <version>4.2</version>
            <scope>compile</scope>
        </dependency>
    </dependencies>
    </dependencyManagement>

Answer

Tobb picture Tobb · Nov 29, 2012

You might have a transitive dependency, one your other dependencies depend on the version you don't want.

To get an overview of all dependencies, direct and transitive, try:

mvn dependency:tree

If you find a crash between different versions of the same dependency, the first thing you should do is figure out whether the crash is critical (do you need both?) If not, upgrade so that the lowest dependency version will become equal to the highest. If it is a transitive dependency consider upgrading the version of this.

If you just want to lock on to a specific version of the dependency, you have some choices:

Exclude the transitive dependency:

<dependency>
  <groupId>com.something</groupId>
  <artifactId>something</artifactId>
  <exclusions>
    <exclusion>
      <groupId>com.somethingElse</groupId>
      <artifactId>somethingElse</artifactId>
    </exclusion>
  </exclusions>
</dependency>

Include a specific version:

<dependency>
  <groupId>com.somethingElse</groupId>
  <artifactId>somethingElse</artifactId>
  <version>2.0</version>
</dependency>

Any dependency version added explicitly in your pom will override the version of any transitive dependency of the same groupId/artifactId.

Although being a bit of a puzzle, you should try to get compatible versions of your dependencies, that being version with the same version transitive dependencies.