I'm looking for a way to find dependency conflicts in 3rd party libraries. I'm aware of mvn dependency:tree
, its -Dverbose
and -Dincludes
options. This works well but has a couple of drawbacks:
pom.xml
file with the 3rd party dependency. This is a somewhat roundabout way and tedious for quickly looking through the dependencies of a couple of libraries.dependency:tree
downloads all dependencies, which can be slow and consume a lot of bandwidth for large dependency graphs. dependency:tree -Dverbose
does show conflicts but it is quite verbose as it also shows all non conflicting dependencies. The CLI of the Coursier dependency resolver can do this. Eg to find dependency conflicts in com.bynder:bynder-java-sdk:2.2.8
you can use Coursier's resolve
command with the --conflict
flag:
$ cs resolve --conflicts com.bynder:bynder-java-sdk:2.2.8
org.jetbrains.kotlin:kotlin-stdlib-common:1.4.10 was selected, but
com.squareup.okio:okio:2.8.0 wanted version 1.4.0
io.reactivex.rxjava2:rxjava:2.2.20 was selected, but
com.squareup.retrofit2:adapter-rxjava2:2.9.0 wanted version 2.0.0
com.squareup.okhttp3:okhttp:4.9.0 was selected, but
com.squareup.retrofit2:retrofit:2.9.0 wanted version 3.14.9
org.jetbrains.kotlin:kotlin-stdlib:1.4.10 was selected, but
com.squareup.okio:okio:2.8.0 wanted version 1.4.0
This outputs a list of conflicts and nothing more. No artifacts are downloaded besides its metadata and the whole process is very quick.
To further explore where the conflict on eg com.squareup.okhttp3:okhttp
is coming from, you can run
$ cs resolve com.bynder:bynder-java-sdk:2.2.8 --what-depends-on com.squareup.okhttp3:okhttp
Result:
└─ com.squareup.okhttp3:okhttp:4.9.0
├─ com.squareup.okhttp3:logging-interceptor:4.9.0
│ └─ com.bynder:bynder-java-sdk:2.2.8
└─ com.squareup.retrofit2:retrofit:2.9.0 com.squareup.okhttp3:okhttp:3.14.9 -> 4.9.0
├─ com.bynder:bynder-java-sdk:2.2.8
├─ com.squareup.retrofit2:adapter-rxjava2:2.9.0
│ └─ com.bynder:bynder-java-sdk:2.2.8
└─ com.squareup.retrofit2:converter-gson:2.9.0
└─ com.bynder:bynder-java-sdk:2.2.8
The output is an inverse dependency tree showing all subtrees that depend on com.squareup.okhttp3:okhttp
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.