maven - Maven依赖冲突：快照没有优先级

Question

当依赖关系树中存在冲突（相同的工件但版本不同）时，AFAIK，Maven 将通过选择依赖关系的最高版本来解决冲突，并忽略“旧”版本。

但是，当较新的版本是 SNAPSHOT 时，显然它将选择较旧的稳定版本而不是 SNAPSHOT。

在我的情况下：some-artifact: 0.5.0-SNAPSHOTS（因与 0.4.0 冲突而省略）=> 版本 0.4.0 被选为想要的 0.5.0-SNAPSHOT。

我假设这个功能是按设计的，但我不明白为什么。接下来，是否有办法告诉 Maven 将 SNAPSHOT 置于稳定版本之上？

Answer 1

Your assumption about Maven's always selecting the highest version isn't accurate. Artifacts are chosen based on a number of factors including depth of the dependency in the tree, order in the tree, whether the dependency is a snapshot or a release, and dependency management, which pretty much overrides everything else.

Unfortunately, I don't know of any one, definitive source of information on Maven's dependency resolution algorithms. You'll find bits and pieces of it scattered all over. A few handy references:

• Introduction to the Dependency Mechanism gives an overview of the topic with a good, if short, section on Transitive Dependencies and how they're selected from a dependency tree.
• The Sonatype Maven book has a more thorough section on Project Dependencies in general that will add a lot to your knowledge about the subject.
• An earlier section of that same book discusses Project Versions, which is strongly related to this problem and has a good section on SNAPSHOT versions, though not as much as I could wish on how they play into dependency resolution.
• Project Relationships talks about the coordinate system and how project inheritance affects what dependencies get included.
• Finally, the POM Reference is a good jumping-off point for almost anything to do with the pom. There's at least a brief description of every pom element that can help you understand enough to be able to begin searching for more info effectively.

As for some practical advice, the output of mvn dependency:tree is highly useful in discovering why a particular version of a dependency was chosen. It'll often even tell you something like "foo:bar:1.2 (was 1.1)". Once you figure out where the errant version is coming from, there are a number of ways to ensure a specific dependency version is used for a project:

• Exclude wrongly-versioned dependencies from other dependencies that are causing them to be included in the build.
• Add an explicit top-level dependency to your pom instead of relying on a transitive dependency.
• List the dependency in the dependencyManagement section of your pom (scroll down a bit from this link) to force the dependency to have the specified characteristics, regardless of what level of transitive dependency it is. Use this option with care, as dependencyManagement is viral, in that other projects depending on your project will be "infected" with your dependency management. There's also a good section on dependency management in the pom reference.

Answer 2

如果 0.4.0 版本通过 POM 中的另一个依赖项作为传递依赖项引入，那么您应该能够排除它。该dependency:tree目标应该可以帮助您了解这是否正在发生。

Answer 3

Maven 旨在支持发布版本而不是快照版本。我不确定为什么在同一个 POM 中有两个依赖项并且无法通过删除一个来解决冲突，所以我假设其中一个依赖项是从父 pom 继承的。在这种情况下，您可以将继承的依赖项设置为<optional>true</optional>，我认为它应该允许子 POM 覆盖它，即使版本较低。

如果这不起作用的坏/hacky解决方案 - 编辑您的本地存储库，使其不会意识到 0.5.0 版本是快照（或者如果您有能力，甚至编辑您的私人关系存储库）