I think you are right, we should exclude the transitive dependencies and add back the correct versions.
This looks like the correct place to do it: https://github.com/neo4j/neo4j/blob/master/community/cypher/cypher/pom.xml#L96 /anders On Tue, Oct 21, 2014 at 5:35 PM, Davide D'Alto <[email protected]> wrote: > > Have you tried excluding the conflicting transitive dependencies and > adding them back with the correct version? > > That's what I've done so far. > > I have two problems with this solution: > 1) I have to do some additional work (this affect only my use case so it > might be not that important) > 2) I don't know if the dependency has been tested with the particular > version of the library I'm going to use > > Using a BOM or applying this change in the pom of org.neo4j:neo4 would > solve the problem, I guess. > > By the way, I would be happy to create a patch for this. > > Davide > > On Tue, Oct 21, 2014 at 4:03 PM, Anders Nawroth <[email protected]> > wrote: > >> Have you tried excluding the conflicting transitive dependencies and >> adding them back with the correct version? >> >> /anders >> >> >> On Tuesday, October 21, 2014 12:11:18 PM UTC+2, Davide D'Alto wrote: >> >>> > However, we do see in several places in your output that you have >>> mention of Neo4j 2.0.3 and Neo4j 2.1.5. Isn't this as simple as you having >>> upgraded from 2.0.3 to 2.1.5, and the older version is still in the local >>> maven repository, and maven is correctly omitting it as a duplicate? >>> Perhaps if you deleted .m2/repository and re-ran maven, the conflicts would >>> be cleared up? >>> >>> Nope, this is the dependencies tree of org.neo4j:neo4j:jar:2.1.5: >>> >>> [INFO] +*- org.neo4j:neo4j:jar:2.1.5:compile* >>> [INFO] | +- org.neo4j:neo4j-kernel:jar:2.1.5:compile >>> [INFO] | | +- org.neo4j:neo4j-primitive-collections:jar:2.1.5:compile >>> [INFO] | | \- org.apache.geronimo.specs:geronimo-jta_1.1_spec:jar:1.1. >>> 1:compile >>> [INFO] | +- org.neo4j:neo4j-lucene-index:jar:2.1.5:compile >>> [INFO] | | +- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for >>> duplicate) >>> [INFO] | | \- org.apache.lucene:lucene-core:jar:3.6.2:compile >>> [INFO] | +- *org.neo4j:neo4j-graph-algo:jar:2.1.5:compile* >>> [INFO] | | \- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for >>> duplicate) >>> [INFO] | +- org.neo4j:neo4j-udc:jar:2.1.5:compile >>> [INFO] | | \- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for >>> duplicate) >>> [INFO] | +- org.neo4j:neo4j-graph-matching:jar:2.1.5:compile >>> [INFO] | | \- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for >>> duplicate) >>> [INFO] | *+- org.neo4j:neo4j-cypher:jar:2.1.5:compile* >>> [INFO] | | +- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for >>> duplicate) >>> [INFO] | | +- (org.neo4j:neo4j-lucene-index:jar:2.1.5:compile - >>> omitted for duplicate) >>> [INFO] | | +- (org.neo4j:neo4j-graph-matching:jar:2.1.5:compile - >>> omitted for duplicate) >>> [INFO] | | +- (org.neo4j:neo4j-graph-algo:jar:2.1.5:compile - omitted >>> for duplicate) >>> [INFO] | | *+*- org.neo4j:neo4j-cypher-commons:jar:2.1.5:compile >>> [INFO] | | | +- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted >>> for duplicate) >>> [INFO] | | | +- (com.googlecode.concurrentlinkedhashmap: >>> concurrentlinkedhashmap-lru:jar:1.3.1:compile - omitted for duplicate) >>> [INFO] | | | \- (org.scala-lang:scala-library:jar:2.10.4:compile - >>> omitted for duplicate) >>> [INFO] | | * +- org.neo4j:neo4j-cypher-compiler-1.9:jar:2.0.3:compile* >>> [INFO] | | | +- (org.neo4j:neo4j-kernel:jar:2.0.3:compile - omitted >>> for conflict with 2.1.5) >>> [INFO] | | | +- (org.neo4j:neo4j-lucene-index:jar:2.0.3:compile - >>> omitted for conflict with 2.1.5) >>> [INFO] | | | +- (org.neo4j:neo4j-graph-matching:jar:2.0.3:compile - >>> omitted for conflict with 2.1.5) >>> [INFO] | | | +- *(org.neo4j:neo4j-graph-algo:jar:2.0.3:compile - >>> omitted for conflict with 2.1.5)* >>> [INFO] | | | \- (org.scala-lang:scala-library:jar:2.10.3:compile - >>> omitted for conflict with 2.10.4) >>> [INFO] | | +- org.neo4j:neo4j-cypher-compiler-2.0:jar:2.0.3:compile >>> [INFO] | | | +- org.parboiled:parboiled-scala_2.10:jar:1.1.6:compile >>> [INFO] | | | | \- (org.parboiled:parboiled-core:jar:1.1.6:compile - >>> omitted for duplicate) >>> [INFO] | | | +- net.sf.opencsv:opencsv:jar:2.0:compile >>> [INFO] | | | \- (org.scala-lang:scala-library:jar:2.10.3:compile - >>> omitted for conflict with 2.10.4) >>> [INFO] | | +- org.neo4j:neo4j-cypher-compiler-2.1:jar:2.1.5:compile >>> [INFO] | | | +- (org.parboiled:parboiled-scala_2.10:jar:1.1.6:compile >>> - omitted for duplicate) >>> [INFO] | | | +- (net.sf.opencsv:opencsv:jar:2.3:compile - omitted >>> for conflict with 2.0) >>> [INFO] | | | \- (org.scala-lang:scala-library:jar:2.10.4:compile - >>> omitted for duplicate) >>> [INFO] | | +- com.googlecode.concurrentlinkedhashmap: >>> concurrentlinkedhashmap-lru:jar:1.3.1:compile >>> [INFO] | | \- org.scala-lang:scala-library:jar:2.10.4:compile >>> [INFO] | \- org.neo4j:neo4j-jmx:jar:2.1.5:compile >>> >>> If I'm not wrong neo4j-graph-algo, for example, get included with two >>> different versions 2.0.3 and 2.1.5 >>> >>> >>> >>> On Tue, Oct 21, 2014 at 10:46 AM, Davide D'Alto <[email protected]> >>> wrote: >>> >>>> Hi Craig, >>>> the problem for me is that they have a transitive dependency with a >>>> different version of some libraries, like scala-library for example: >>>> >>>> org.neo4j:neo4j-cypher-compiler-1.9:jar:2.0.3 requires >>>> org.scala-lang:scala-library:jar:2.10.3:compile >>>> >>>> while >>>> >>>> org.neo4j:neo4j-cypher:jar:2.1.5:compile requires >>>> org.scala-lang:scala-library:jar:2.10.4:compile >>>> >>>> Basically, I'm wondering if there is a particular reason for them to >>>> require different versions of the same library since it seems that using >>>> the most up to date is ok for both >>>> >>>> >>>> On Tue, Oct 21, 2014 at 10:31 AM, Craig Taverner <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> My understanding is that these are not two versions of the same >>>>> library but the same version of two different libraries: >>>>> >>>>> - org.neo4j:neo4j-cypher-compiler-*1.9*:jar:*2.0.3* >>>>> - org.neo4j:neo4j-cypher-compiler-*2.0*:jar:*2.0.3* >>>>> >>>>> The version of both is *2.0.3*, the same. The libraries however have >>>>> different *names* (one is named 1.9 and one is named 2.0). Hence two >>>>> different libraries. Both part of Neo4j 2.0.3. This means, as Anders said, >>>>> that Neo4j 2.0.3 contains two levels of support for cypher. >>>>> >>>>> However, we do see in several places in your output that you have >>>>> mention of Neo4j 2.0.3 and Neo4j 2.1.5. Isn't this as simple as you having >>>>> upgraded from 2.0.3 to 2.1.5, and the older version is still in the local >>>>> maven repository, and maven is correctly omitting it as a duplicate? >>>>> Perhaps if you deleted .m2/repository and re-ran maven, the conflicts >>>>> would >>>>> be cleared up? >>>>> >>>>> Regards, Craig >>>>> >>>>> On Tue, Oct 21, 2014 at 11:18 AM, Davide D'Alto <[email protected]> >>>>> wrote: >>>>> >>>>>> Right, >>>>>> I didn't explain my problem properly, sorry. >>>>>> >>>>>> In our project we are using the maven enforcer plugin ( >>>>>> http://maven.apache.org/enforcer/maven-enforcer-plugin/) to check >>>>>> when two dependencies refer to different version of the same library. >>>>>> With Neo4j this rule fails. >>>>>> >>>>>> Maven will try to solve this conflict quietly, but you can see them >>>>>> running >>>>>> >>>>>> mvn dependency:tree -Dverbose=true >>>>>> >>>>>> These are the conflicts caused by >>>>>> "org.neo4j:neo4j-cypher-compiler-1.9:jar:2.0.3" >>>>>> and "org.neo4j:neo4j-cypher-compiler-2.0:jar:2.0.3": >>>>>> >>>>>> [INFO] | | | +- (org.neo4j:neo4j-kernel:jar:2.0.3:compile - >>>>>> omitted for conflict with 2.1.5) >>>>>> [INFO] | | | +- (org.neo4j:neo4j-lucene-index:jar:2.0.3:compile - >>>>>> omitted for conflict with 2.1.5) >>>>>> [INFO] | | | +- (org.neo4j:neo4j-graph-matching:jar:2.0.3:compile >>>>>> - omitted for conflict with 2.1.5) >>>>>> [INFO] | | | +- (org.neo4j:neo4j-graph-algo:jar:2.0.3:compile - >>>>>> omitted for conflict with 2.1.5) >>>>>> [INFO] | | | \- (org.scala-lang:scala-library:jar:2.10.3:compile >>>>>> - omitted for conflict with 2.10.4) >>>>>> [INFO] | | | \- (org.scala-lang:scala-library:jar:2.10.3:compile >>>>>> - omitted for conflict with 2.10.4) >>>>>> [INFO] | | | +- (net.sf.opencsv:opencsv:jar:2.3:compile - omitted >>>>>> for conflict with 2.0) >>>>>> >>>>>> Is there any particular reason to use different versions of the same >>>>>> library? >>>>>> >>>>>> >>>>>> On Mon, Oct 20, 2014 at 11:20 PM, Anders Nawroth < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> How did you add org.neo4j:neo4j to the project? >>>>>>> Any duplicates or conflicts should be resolved automatically, at >>>>>>> least when using Maven. >>>>>>> The neo4j-cypher-compiler-* modules are special -- they add support >>>>>>> for the syntax from previous versions and are not duplicates. >>>>>>> >>>>>>> This is the final dependency tree I get, and there's no duplicates >>>>>>> left in it: >>>>>>> >>>>>>> org.neo4j:neo4j:jar:2.1.5 >>>>>>> +- org.neo4j:neo4j-kernel:jar:2.1.5:compile >>>>>>> | +- org.neo4j:neo4j-primitive-collections:jar:2.1.5:compile >>>>>>> | \- org.apache.geronimo.specs:geronimo-jta_1.1_spec:jar:1.1. >>>>>>> 1:compile >>>>>>> +- org.neo4j:neo4j-lucene-index:jar:2.1.5:compile >>>>>>> | \- org.apache.lucene:lucene-core:jar:3.6.2:compile >>>>>>> +- org.neo4j:neo4j-graph-algo:jar:2.1.5:compile >>>>>>> +- org.neo4j:neo4j-udc:jar:2.1.5:compile >>>>>>> +- org.neo4j:neo4j-graph-matching:jar:2.1.5:compile >>>>>>> +- org.neo4j:neo4j-cypher:jar:2.1.5:compile >>>>>>> | +- org.neo4j:neo4j-cypher-commons:jar:2.1.5:compile >>>>>>> | +- org.neo4j:neo4j-cypher-compiler-1.9:jar:2.0.3:compile >>>>>>> | +- org.neo4j:neo4j-cypher-compiler-2.0:jar:2.0.3:compile >>>>>>> | | +- org.parboiled:parboiled-scala_2.10:jar:1.1.6:compile >>>>>>> | | | \- org.parboiled:parboiled-core:jar:1.1.6:compile >>>>>>> | | \- net.sf.opencsv:opencsv:jar:2.0:compile >>>>>>> | +- org.neo4j:neo4j-cypher-compiler-2.1:jar:2.1.5:compile >>>>>>> | +- com.googlecode.concurrentlinkedhashmap: >>>>>>> concurrentlinkedhashmap-lru:jar:1.3.1:compile >>>>>>> | \- org.scala-lang:scala-library:jar:2.10.4:compile >>>>>>> +- org.neo4j:neo4j-jmx:jar:2.1.5:compile >>>>>>> \- com.sun.tools:tools:jar:1.7:system >>>>>>> >>>>>>> I don't know if the additional cypher-compiler libs could be made >>>>>>> optional, I've never looked into how they are loaded. >>>>>>> >>>>>>> /anders >>>>>>> >>>>>>> >>>>>>> On Mon, Oct 20, 2014 at 7:28 PM, Davide D'Alto <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi all, >>>>>>>> when I include the artifact org.neo4j:neo4j in the project, >>>>>>>> several other dependencies get added twice with different versions. >>>>>>>> >>>>>>>> This seems caused by the following dependencies: >>>>>>>> neo4j-cypher-compiler-1.9 and neo4j-cypher-compiler-2.0. >>>>>>>> >>>>>>>> For example I have: >>>>>>>> org.neo4j:neo4j-lucene-index:2.0.3 and 2.1.5 >>>>>>>> net.sf.opencsv:opencsv:2.3 and 2.0 >>>>>>>> org.scala-lang:scala-library 2.10.4 and 2.10.3 >>>>>>>> >>>>>>>> and so on ... >>>>>>>> >>>>>>>> Wouldn't be possible to uniform the dependencies and select just >>>>>>>> one version or at least make the cypher compiler libraries optional? >>>>>>>> On exception at start up is thrown if I remove them. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Davide >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "Neo4j" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to a topic in >>>>>>> the Google Groups "Neo4j" group. >>>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>>>>> topic/neo4j/fDLiKEnKnAM/unsubscribe. >>>>>>> To unsubscribe from this group and all its topics, send an email to >>>>>>> [email protected]. >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Neo4j" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to a topic in the >>>>> Google Groups "Neo4j" group. >>>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>>> topic/neo4j/fDLiKEnKnAM/unsubscribe. >>>>> To unsubscribe from this group and all its topics, send an email to >>>>> [email protected]. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >>> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Neo4j" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/neo4j/fDLiKEnKnAM/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Neo4j" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/neo4j/fDLiKEnKnAM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Neo4j" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
