I just experienced a case of two direct dependencies of my maven project having two different versions of a particular transitive dependency.
In my particular case I had direct dependencies on the following:
<dependency>
<groupId>org.jclouds.driver</groupId>
<artifactId>jclouds-sshj</artifactId>
<version>${jclouds.version}</version>
</dependency>
and
<dependency>
<groupId>org.mule.modules</groupId>
<artifactId>mule-module-jersey</artifactId>
<version>${mule.version}</version>
</dependency>
Both of these dependencies had a (deep) transitive dependency on com.sun.jersey:jersey-core, but with different versions for each. Maven didn't fail on this or even warn (or if it did, I never saw it!) that such a thing was happening... and as such I never noticed it until debugging a problem that happened when the version of jersey-core brought in by the jclouds dependency caused some things to break.
Is there a maven plugin or some other tool that exists that will detect this sort of deep transitive dependency overriding and at least warn the user (or fail the maven execution) if it detects such a collision... even if the default maven behavior is to just pick the first version that appears when resolving dependencies?
Use the Dependency Enforcer plugin. It will stop the build when dependencies don't converge properly.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.0.1</version>
<executions>
<execution>
<id>enforce</id>
<configuration>
<rules>
<DependencyConvergence />
</rules>
</configuration>
<goals>
<goal>enforce</goal>
</goals>
</execution>
</executions>
</plugin>