stackoom
  简体   繁体   中英

How to find dependency conflicts in 3rd party libraries

 原文  2021-02-18 11:24:13       java/ dependencies/ maven-3/ coursier

Question

I'm looking for a way to find dependency conflicts in 3rd party libraries. I'm aware of mvn dependency:tree , its -Dverbose and -Dincludes options. This works well but has a couple of drawbacks:

  • I need to set up a pom.xml file with the 3rd party dependency. This is a somewhat roundabout way and tedious for quickly looking through the dependencies of a couple of libraries.
  • dependency:tree downloads all dependencies, which can be slow and consume a lot of bandwidth for large dependency graphs.
  • dependency:tree -Dverbose does show conflicts but it is quite verbose as it also shows all non conflicting dependencies.

1 answers

solution1
 0  2021-02-18 11:24:13

The CLI of the Coursier dependency resolver can do this. Eg to find dependency conflicts in com.bynder:bynder-java-sdk:2.2.8 you can use Coursier's resolve command with the --conflict flag:

$ cs resolve --conflicts   com.bynder:bynder-java-sdk:2.2.8 

org.jetbrains.kotlin:kotlin-stdlib-common:1.4.10 was selected, but
  com.squareup.okio:okio:2.8.0 wanted version 1.4.0

io.reactivex.rxjava2:rxjava:2.2.20 was selected, but
  com.squareup.retrofit2:adapter-rxjava2:2.9.0 wanted version 2.0.0

com.squareup.okhttp3:okhttp:4.9.0 was selected, but
  com.squareup.retrofit2:retrofit:2.9.0 wanted version 3.14.9

org.jetbrains.kotlin:kotlin-stdlib:1.4.10 was selected, but
  com.squareup.okio:okio:2.8.0 wanted version 1.4.0

This outputs a list of conflicts and nothing more. No artifacts are downloaded besides its metadata and the whole process is very quick.

To further explore where the conflict on eg com.squareup.okhttp3:okhttp is coming from, you can run

$ cs resolve com.bynder:bynder-java-sdk:2.2.8 --what-depends-on com.squareup.okhttp3:okhttp
  Result:
└─ com.squareup.okhttp3:okhttp:4.9.0
   ├─ com.squareup.okhttp3:logging-interceptor:4.9.0
   │  └─ com.bynder:bynder-java-sdk:2.2.8
   └─ com.squareup.retrofit2:retrofit:2.9.0 com.squareup.okhttp3:okhttp:3.14.9 -> 4.9.0
      ├─ com.bynder:bynder-java-sdk:2.2.8
      ├─ com.squareup.retrofit2:adapter-rxjava2:2.9.0
      │  └─ com.bynder:bynder-java-sdk:2.2.8
      └─ com.squareup.retrofit2:converter-gson:2.9.0
         └─ com.bynder:bynder-java-sdk:2.2.8

The output is an inverse dependency tree showing all subtrees that depend on com.squareup.okhttp3:okhttp .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to find out 3rd party libraries version? “Find Usages” in 3rd party libraries How to import 3rd party libraries Install 3rd Party Libraries with Transitive Dependencies / Dependency Tree? RoboVM 3rd party libraries Dependency on 3rd party at runtime? Spring Boot app "bean name for bean class conflicts with existing" - how to exclude package/Class from 3rd party library/dependency? xpages: how to use 3rd party java libraries How to use 3rd party libraries which are not Serializable with Spark How to add 3rd party libraries into Eclipse RCP?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM