Hi Robert, You're assuming later versions are backward compatible. That's a dangerous assumption. If there are conflicting transitive dependencies in your dependency tree, you should sort them out. Would you rather have a ClassNotFoundException at runtime, or a build error? If L requires version 1.0.0 of Z then that is the artifact it requires. By using 2.0.0 you're essentially substituting a different artifact in its place.
I'm not clear on the internals, but when you download a JAR, you get the corresponding pom (often also in the JAR itself). It's not unreasonable for Maven to require the dependency before it knows what the transitive dependencies are. How else would it know? So why are you removing old dependencies? It sounds like a naive attempt at gaining some efficiency. If you don't care to use excludes, you could alternatively setup your own Maven repository and upload the JAR to it with a simplified pom (one with reduced or no dependencies) Regards, Delany On Wed, 12 Jan 2022 at 16:18, Roberto Simoni <rsimoni....@gmail.com> wrote: > Thanks Delany, but just for my knowledge, why maven is not able to > determine that because you are using the newer library, you can avoid > failure? > Is it because maven has to download all dependencies before applying the > resolution of the most recent version? > Can we then say that "removing old dependencies" should be avoided in order > to allow maven to work properly? > Regards > R > > Il giorno mar 11 gen 2022 alle ore 19:30 Delany < > delany.middle...@gmail.com> > ha scritto: > > > Hi Robert. Further down that page you can read about exclusions. > > So you can make X depend on L but with an exclusion: > > > > <dependency> > > <artifactId>Z</artifactId> > > <version>2.0.0</version> > > </dependency> > > <dependency> > > <artifactId>L</artifactId> > > <exclusions> > > <exclusion> > > <artifactId>Z</artifactId> > > </exclusion> > > </exclusions> > > </dependency> > > > > Delany > > > > > > On Tue, 11 Jan 2022 at 19:40, Roberto Simoni <rsimoni....@gmail.com> > > wrote: > > > > > Hi everyone, I have a question for you. > > > In my company, a team decided to remove periodically versions of a > > > library/application-framework. > > > So what happens is that every n months we have to update all softwares > to > > > the newer versions. > > > > > > There is an aspect that I do not understand and I'd like to ask you my > > > question making an example. > > > Imagine that the library where versions are removed is called Z. > > > You have a project X depending on a library L that is using Z, but > also X > > > is using Z. > > > In X we update the version of Z to 2.0.0 > > > In X, the version of L is still using Z 1.0.0 which is removed. > > > > > > I though that you could build X anyway, because the most recent version > > of > > > Z (while building X) is the 2.0.0, instead it fails because it tries to > > > resolve Z 1.0.0 while compiling X when it finds that X is using Z 1.0.0 > > > > > > Is there any reason behind this decision? > > > Looking at the this page > > > < > > > > > > https://maven.apache.org/pom.html#dependency-version-requirement-specification > > > > > > > page, I though that it was not required to update every lib if it find > a > > > most recent version of it. > > > > > > Regards > > > R > > > > > >
