Say I have a complex project with lots of dependencies. The versions of the dependencies are managed by lots of import scope poms. My project has a dependency on artifact group:artifact, which has a dependency on artifact group:transitive-dependency. When I run dependency:tree I see something like this:
+- group:artifact:jar:1.3
+- group:transitive-dependency:jar:1.1 (version managed from 1.3)
The problem is group:artifact:1.3 requires group:transitive-dependency version 1.3 or higher. Sure one of the import poms is forcing the wrong version. But is there any way to know which one is, other than searching through all of them?
You should try the maven-enforcer-plugin and configure it to do DependencyConvergence, e.g.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.2</version>
<executions>
<execution>
<id>enforce</id>
<configuration>
<rules>
<DependencyConvergence/>
</rules>
</configuration>
<goals>
<goal>enforce</goal>
</goals>
</execution>
</executions>
</plugin>
That will show you which top level dependencies have different versions of other dependencies in their dependency trees. You then suppress the dependency variants that you don't want using exclusions.