[
https://issues.apache.org/jira/browse/PHOENIX-5573?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16976677#comment-16976677
]
Kevin Risden commented on PHOENIX-5573:
---------------------------------------
There are 2 options for dealing with conflicting Maven dependencies. Either
exclude the conflicting ones from each dependency or add a dependency
management section in top level pom that fixes the version for the dependencies
that conflict to one version.
Excluding - Pros/Cons
Pros
* ties excluding to the actual offending dependency
* easy to see what dependencies have conflicts
Cons
* requires going to each dependency individually
* potentially removes a necessary transitive dependency (if other dependencies
change then you would lose having this dependency around)
Dependency management - Pros/Cons
Pros
* top level pom management of dependencies
* dependency management all in one place
Cons
* pom now references dependencies that aren’t directly used
* upgrading dependencies means need to keep transitive dependencies up to date
So to summarize - there are two not perfect options for fixing the enforcer
reported issues. I personally used dependency management in top level pom for
Knox. Since I was more worried about excluding jars needed (if dependencies
changed later. However, I don’t know how I’ll ever be able to remove those
dependencies from the top level pom.
> Ensure that all Maven dependencies converge
> -------------------------------------------
>
> Key: PHOENIX-5573
> URL: https://issues.apache.org/jira/browse/PHOENIX-5573
> Project: Phoenix
> Issue Type: Improvement
> Reporter: Kevin Risden
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> PHOENIX-5572 identified a case where this is broken today. I suggested
> https://maven.apache.org/enforcer/enforcer-rules/dependencyConvergence.html
> which can help ensure that dependencies are one version.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
