Well, depMgt is "flattened" (so if depMgt import of POM imports another POM and ...), and if you use verbose with effective, you will see the source of flattened things, at least....
T On Thu, Nov 9, 2023 at 9:18 PM Garret Wilson <gar...@globalmentor.com> wrote: > On 11/9/2023 5:10 PM, Tamás Cservenák wrote: > > Howdy, > > > > Did you try to take a peek at effective POM? > > Hi. The effective POM doesn't show me anything helpful—and I don't know > that I expected it to. The effective POM simple resolves the inheritance > tree, right? I don't know if that would have any relationship to > transitive dependency management. > > > But also,https://issues.apache.org/jira/browse/MPH-183 > > So that seems to be a suggestion someone made to make the effective POM > show something about dependency management, but was never > finished/integrated? > > Garret > > > On Thu, Nov 9, 2023 at 9:04 PM Garret Wilson<gar...@globalmentor.com> > > wrote: > > > >> In my Maven project (an aggregate project with child projects) I issue > >> the following command for the Versions Maven Plugin: > >> > >> mvn versions:display-dependency-updates > >> > >> There are a couple of outdated dependencies I'm not sure where are > >> coming from: > >> > >> [INFO] The following dependencies in Dependency Management have newer > >> versions: > >> [INFO] biz.aQute.bnd:biz.aQute.bnd.annotation ................ 6.4.1 > >> -> 7.0.0 > >> [INFO] org.mockito:mockito-inline ............................ 4.8.1 > >> -> 5.2.0 > >> > >> Unfortunately, try as I might, I can't find which library references > >> these. I've tried the following with the Maven Dependency Plugin, both > >> in the root project and in child projects: > >> > >> mvn dependency:tree > >> > >> None of the output mentions `biz.aQute.bnd:biz.aQute.bnd.annotation` or > >> `org.mockito:mockito-inline`. > >> > >> The two suspects are: > >> > >> * `com.amazonaws:aws-lambda-java-log4j2:1.6.0` or > >> `org.apache.logging.log4j:log4j-bom:2.21.1` (for > >> `biz.aQute.bnd:biz.aQute.bnd.annotation`) > >> * `com.fasterxml.jackson:jackson-bom:2.15.3` (for > >> `org.mockito:mockito-inline`) > >> > >> But those are just suspicions based upon the additional dependency > >> management I have in the subprojects where those outdated dependencies > >> show up. > >> > >> Is there any command I can use to find out which dependency is bringing > >> in the outdated dependencies listed by the Versions Maven Plugin? > >> > >> Thanks, > >> > >> Garret > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail:users-unsubscr...@maven.apache.org > >> For additional commands, e-mail:users-h...@maven.apache.org > >> > >>
