Search code examples
maventransitive-dependency

How transitive dependency work for second level dependency

I have following dependency tree.

[INFO] +- net.sf.jasperreports:jasperreports:jar:6.5.1:compile
[INFO] |  +- org.eclipse.jdt.core.compiler:ecj:jar:4.4.2:compile
[INFO] |  +- org.codehaus.castor:castor-xml:jar:1.3.3:compile
[INFO] |  |  +- org.codehaus.castor:castor-core:jar:1.3.3:compile
[INFO] |  |  +- commons-lang:commons-lang:jar:2.6:compile

When I add dependency "commons-lang" as top level dependency in the pom file it automatically removes the transitive dependency for common-lang even without exclude it from pom file.

[INFO] +- net.sf.jasperreports:jasperreports:jar:6.5.1:compile
[INFO] |  +- org.eclipse.jdt.core.compiler:ecj:jar:4.4.2:compile
[INFO] |  +- org.codehaus.castor:castor-xml:jar:1.3.3:compile
[INFO] |  |  +- org.codehaus.castor:castor-core:jar:1.3.3:compile
[INFO] |  |  +- javax.inject:javax.inject:jar:1:compile

What is expected is it should exclude common-lang when we exclude it from jasperreports.

Solution

  • Dependency Mediation is the rule which you are talking about. It is one of the rule which maven follows to manage transitive dependencies.

    It will put commons-lang in the dependency tree according to its nearest definition in the pom.

    You can read about all the rules here :
    https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html

    So to quote them :

    Dependency mediation - this determines what version of an artifact will be chosen when multiple versions are encountered as dependencies. Maven picks the "nearest definition". That is, it uses the version of the closest dependency to your project in the tree of dependencies. You can always guarantee a version by declaring it explicitly in your project's POM.

    And the dependency of commons-lang is never removed, its place in the transitive tree has changed. Now it has become a Level 1 dependency.

    [INFO] +- commons-lang:commons-lang:jar:2.6:compile
[INFO] \- net.sf.jasperreports:jasperreports:jar:6.5.1:compile
[INFO]    +- org.eclipse.jdt.core.compiler:ecj:jar:4.4.2:compile
[INFO]    +- org.codehaus.castor:castor-xml:jar:1.3.3:compile
[INFO]    |  +- org.codehaus.castor:castor-core:jar:1.3.3:compile
[INFO]    |  +- javax.inject:javax.inject:jar:1:compile
[INFO]    |  +- stax:stax:jar:1.2.0:compile
[INFO]    |  |  \- stax:stax-api:jar:1.0.1:compile
[INFO]    |  \- javax.xml.stream:stax-api:jar:1.0-2:compile
[INFO]    +- com.fasterxml.jackson.core:jackson-core:jar:2.1.4:compile