为什么在Maven中使用dependencyManagement通常不会导致问题?

huangapple go评论111阅读模式
英文:

Why does the use of dependencyManagement in maven usually not lead to problems?

问题

我了解在Maven中,dependencyManagement可以在避免子项目中出现不同版本的依赖以及只使用一个(且仅有一个)版本的依赖方面带来很大的好处。

与此同时,我很难理解为什么通过dependencyManagement来覆盖传递依赖是安全的做法。
假设我们有一个依赖D,在dependencyManagement中设置为版本2.0。
另一个依赖 - C - 也使用了D,尽管它依赖于版本1.0的D
通过dependencyManagement,我将这个传递性依赖设置为了2.0。
这不是很危险吗?毕竟,C 依赖于版本1.0的API和实现 - 如果在版本1.0和2.0之间进行了破坏性更改,会怎么样呢?

英文:

I understand that dependencyManagement in Maven gives you great benefits in terms of avoiding different versions of dependencies in sub-poms and in using one (and only one) version of a dependency.

At the same time, I am struggling to understand why overriding transitive dependencies by dependencyManagement is a safe thing to do.
Let's say that we have a dependency D which is set to version 2.0 with dependencyManagement.
Another dependency - C - also uses D, although it depends on D in version 1.0.
With dependencyManagement, I am setting this transitive dependency up to 2.0.
Isn't this dangerous? After all, C relies on the API and the implementation of version 1.0 - what if breaking changes have been made between the versions 1.0 and 2.0 of D?

答案1

得分: 1

这是一个不安全的操作。

这可能会导致你所描述的问题。

但是由于你不能拥有多个版本的依赖项(至少不能没有阴影),你需要选择一个版本或让Maven来决定。后者在大多数情况下比自己选择一个合理的版本更加危险。

英文:

It is not a safe thing to do.

It can lead to the problems you describe.

But as you cannot have more than one version of a dependency (at least, not without shading), you need to pick one or let Maven decide. The latter is in most cases more dangerous than picking a reasonable version yourself.

答案2

得分: 1

它之所以可行,是因为 D 2.0 具备向后兼容性。
因此 D 2.0 提供了与 D 1.0 相同的所有 API 和功能,因此 C 可以使用它。

如果 D 2.0 具备向后兼容性,那么就会出现冲突。您可能需要升级 C,或者找到一个较低版本的 D,使得您的所有依赖项都可以愉快地依赖于它。

您可以使用 mvn dependency:tree 来解决冲突,如 这里所述

英文:

It works because D 2.0 is backward compatible.
So D 2.0 provides all APIs, functionalities as D 1.0, and thus C can use it.

If D 2.0 is not backward compatible, then you have a conflict. You might need to upgrade C, or find a lower version of D that all your dependencies can happily rely on.

You can use mvn dependency:tree to resolve conflicts as mentioned here

huangapple
  • 本文由 发表于 2020年10月16日 23:04:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/64391731.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定