Hi Delany thanks for the answer. No I am not assuming the later versions are backward compatible, but we realised that they were (we had tests giving us this feedback). I was asking that question, because we didn't put any hard requirement for that version as explained here <https://maven.apache.org/pom.html#dependency-version-requirement-specification>, so I was assuming that maven could determine that because there is a new version it could proceed with it.
The reason taken by that team for removing older versions periodically is to force an overall update of all softwares. I understand the reason even if when a version disappears from our nexus we need to stop working on new features, etc... and we need to update all projects... it works for sure, but it is a little bit disruptive xD Regards R Il giorno mer 12 gen 2022 alle ore 15:44 Delany <delany.middle...@gmail.com> ha scritto: > Hi Robert, > > You're assuming later versions are backward compatible. That's a dangerous > assumption. If there are conflicting transitive dependencies in your > dependency tree, you should sort them out. > Would you rather have a ClassNotFoundException at runtime, or a build > error? If L requires version 1.0.0 of Z then that is the artifact it > requires. By using 2.0.0 you're essentially substituting a different > artifact in its place. > > I'm not clear on the internals, but when you download a JAR, you get the > corresponding pom (often also in the JAR itself). It's not unreasonable for > Maven to require the dependency before it knows what the transitive > dependencies are. How else would it know? > > So why are you removing old dependencies? It sounds like a naive attempt at > gaining some efficiency. > If you don't care to use excludes, you could alternatively setup your own > Maven repository and upload the JAR to it with a simplified pom (one with > reduced or no dependencies) > > Regards, > Delany > > On Wed, 12 Jan 2022 at 16:18, Roberto Simoni <rsimoni....@gmail.com> > wrote: > > > Thanks Delany, but just for my knowledge, why maven is not able to > > determine that because you are using the newer library, you can avoid > > failure? > > Is it because maven has to download all dependencies before applying the > > resolution of the most recent version? > > Can we then say that "removing old dependencies" should be avoided in > order > > to allow maven to work properly? > > Regards > > R > > > > Il giorno mar 11 gen 2022 alle ore 19:30 Delany < > > delany.middle...@gmail.com> > > ha scritto: > > > > > Hi Robert. Further down that page you can read about exclusions. > > > So you can make X depend on L but with an exclusion: > > > > > > <dependency> > > > <artifactId>Z</artifactId> > > > <version>2.0.0</version> > > > </dependency> > > > <dependency> > > > <artifactId>L</artifactId> > > > <exclusions> > > > <exclusion> > > > <artifactId>Z</artifactId> > > > </exclusion> > > > </exclusions> > > > </dependency> > > > > > > Delany > > > > > > > > > On Tue, 11 Jan 2022 at 19:40, Roberto Simoni <rsimoni....@gmail.com> > > > wrote: > > > > > > > Hi everyone, I have a question for you. > > > > In my company, a team decided to remove periodically versions of a > > > > library/application-framework. > > > > So what happens is that every n months we have to update all > softwares > > to > > > > the newer versions. > > > > > > > > There is an aspect that I do not understand and I'd like to ask you > my > > > > question making an example. > > > > Imagine that the library where versions are removed is called Z. > > > > You have a project X depending on a library L that is using Z, but > > also X > > > > is using Z. > > > > In X we update the version of Z to 2.0.0 > > > > In X, the version of L is still using Z 1.0.0 which is removed. > > > > > > > > I though that you could build X anyway, because the most recent > version > > > of > > > > Z (while building X) is the 2.0.0, instead it fails because it tries > to > > > > resolve Z 1.0.0 while compiling X when it finds that X is using Z > 1.0.0 > > > > > > > > Is there any reason behind this decision? > > > > Looking at the this page > > > > < > > > > > > > > > > https://maven.apache.org/pom.html#dependency-version-requirement-specification > > > > > > > > > page, I though that it was not required to update every lib if it > find > > a > > > > most recent version of it. > > > > > > > > Regards > > > > R > > > > > > > > > >
