Maven parent POM vs BOM dependency management
Let's say I have a maven parent POM root which defines foo:bar:1.0.0 in dependency management. I have another parent POM parent which uses root as parent (just to add another layer to the example). Lastly I have a bill of materials bom which uses root as its parent but redefines foo:bar:2.0.0 in its dependency management.
In my project app I inherit from parent and then I import the BOM in the dependency management section of app
root (foo:bar:1.0.0) <- parent <- app+bom
^
|
bom (foo:bar:2.0.0)
Which dependency management section wins? Which version of foo:bar do I get?
I know that if I were to directly include foo:bar in the dependency management section of app, it would override that inherited from the parent. But is importing a BOM in the dependency management section equivalent to directly including it in the dependency management section, and sufficient to override that of the parent? Or does the inherited foo:bar from the parent's dependency management take precedence?
Answer
According to the maven precedence rules, the version from the root will win and therefore you will get foo:bar:1.0.0, which you will be able to see if you look at the effective POM. I think that this makes a BOM project less effective since you cannot use it to override the version from the parent and have to declare the version in the app or in the parent.
The Precedence
So, there are multiple ways of deciding the versions, which means there is an order of precedence.
- Versions provided in the direct declaration in POM take the highest precedence.
- Version provided in parent pom takes second precedence.
- Version from imported pom takes third place
- Lastly, whatever we get from dependency mediation