gpt4 book ai didi

maven - Maven 执法者是否忽略依赖管理部分?

转载 作者:行者123 更新时间:2023-12-04 19:05:10 31 4
gpt4 key购买 nike

我在父 pom 的导入的 dependencyManagement 部分中指定了一个库版本。我确认我的有效 pom 只有一次出现这种依赖。它在依赖管理部分:

<dependencyManagement>
<dependency>
<groupId>org.javassist</groupId>
<artifactId>javassist</artifactId>
<version>[3.18.1-GA]</version>
</dependency>
</dependencyManagement>

这应该根据它覆盖传递依赖项的版本。安装(并重新安装依赖项以匹配版本边界)后,org.apache.maven.plugins:maven-dependency-plugin:2.8:tree 打印:
org.javassist:javassist:jar:3.18.1-GA:compile (version selected from constraint [3.18.1-GA,3.18.1-GA])

但是(最初,没有重新安装依赖项)enforcer 提示错误的版本:
[WARNING] Rule 1: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message:
Failed while enforcing releasability the error(s) are [
Dependency convergence error for org.javassist:javassist:3.18.2-GA paths to dependency are:
...

并表明第一个传递依赖使用
org.javassist:javassist:3.18.2-GA

这来自依赖,而依赖又依赖于:
<dependencies>
<dependency>
<groupId>org.javassist</groupId>
<artifactId>javassist</artifactId>
<version>3.18.2-GA</version>
</dependency>
</dependencies>

和其他用途
org.javassist:javassist:3.18.1-GA

为什么执行器与依赖树不一致?有什么问题?如果我使用版本限制,它们是否会受到尊重,我可以跳过为此目的使用强制执行器吗?

此外,向相关项目模块添加依赖项不会改变任何内容。

最佳答案

Tl;博士 : dependencyManagement覆盖传递依赖的版本

这个答案的所有功劳归功于安迪丹尼,我偶然发现了他的博客文章:
https://www.fizz-buzz.com/blog/2012/08/02/maven-enforcer-plugin-vs-dependencymanagement
dependencyManagement做两件事——一件众所周知,另一件很少被提及。

  • 为子模块/子项目中的依赖项设置默认版本
  • 覆盖传递依赖的版本

  • 所以执行器插件不会忽略 dependencyManagement .但是无法识别差异,因为传递依赖的版本在它开始工作之前就被改变了。 Andy Denny 在他的博客上对如何进行有一个很好的建议:

    1. I don’t put dependencies in the dependencyManagement section of my top-level POM. I want to be alerted by maven-enforcer-plugin when I’ve got mismatches. Instead, I use version properties, as mentioned in my approach #1 above.
    2. When maven-enforcer-plugin notifies me of discrepancies, I try to see if I can get the artifacts involved to use the same version of the divergent dependency. If all the dependencies involved are in my own artifacts, I try to get them aligned on the same version of the dependency. If some artifacts are mine and some are from 3rd parties, I try to align my dependencies with the 3rd parties, and/or look for other versions of the 3rd party artifacts that have dependency versions that align with each other, and my code.
    3. If after doing the above, I still have unresolveable discrepancies, I choose what I think is the “best fit” version of the problematic artifact and specify that in the dependencyManagement section of the project POM where maven-enforcer-plugin reported the problem (not in my top-level POM). I add a comment to the dependency declaration in that POM noting the issue and the workaround, so that in the future, should I upgrade to a newer version of the dependency, I’ll see the note and can revisit whether the discrepancy can possibly then be resolved.


    这里的权衡是你有一个有效的执行器插件,可以帮助你解决依赖问题,但必须手动完成更多工作。

    关于maven - Maven 执法者是否忽略依赖管理部分?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26970943/

    31 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com