In this article, I have explained the concept of transitive dependencies in Maven with Examples. This article is part of a series on topic Maven Complete Understanding. If you are really interested to learn Maven in depth from basic to advanced. Please go through all the articles of this series. You can start from here.
Table of Contents:
- Types of Dependency
- Understanding Transitive Dependency With Example
- Exclude a Transitive Dependency Of Specific Version
- Exclude All Transitive Dependencies Of A Particular Dependency
Types of Dependency
There are two types of Maven dependencies:
- Direct dependency: These are the dependencies which we need to define in the POM.xml file (maven configuration file) of our project inside the tag.
- Transitive dependency: These dependencies are required by our direct dependencies. We don’t need to explicitly define these dependencies. Maven automatically downloads and includes these dependencies in our project.
Understanding Transitive Dependency With Example
Let’s assume that below image is the dependency graph for our project. So, here we are building jar for A, which is our project. In the POM.xml file of project A, we have defined B and C as dependencies in the tag. So, B and C are direct dependencies.
B is using some code of C jar and E is using some code of D jar. So, C and D are the dependencies required by B and E respectively. Here, C and D will be called as transitive dependencies and we don’t need to define these inside our pom.xml file of project A. Maven itself will take care of these transitive dependencies and it will download the required versions of these itself.
Now, let’s discuss a use case where D.jar is required by both C and E libraries but with the different jar versions. Now, which version Maven will use while building A. In such scenarios of conflicting versions, Maven chooses the version which is nearest to the root in the dependency tree. So, in the below tree, D.jar 1.0 is nearer than D.jar 2.0, since it is comparing A -> B -> C -> D2.0 (distance is 4) and a -> E -> D1.0 (distance is 3). So, maven will choose here 1.0 version.
Alternate Scenario
In case, we want to use 2.0 version instead of 1.0 version, we can specify the 2.0 version jar in the pom.xml file itself. That will make D.jar distance as 1 like shown in the below image. Now, maven will use 2.0 version of D.jar while building A project.
You can get the list of all your project’s direct and transitive dependencies by running following command:mvn dependency:tree
Exclude a Transitive Dependency Of Specific Version
As you already know that Maven will download all the transitive dependencies implicitly and automatically will be included in our project. But sometimes, this functionality of Maven becomes nightmare for us as a developer. Let’s understand how?
Sometimes it might be possible that some transitive dependencies are not compatible with our jdk version because those transitive dependencies are very out-dated and since we haven’t defined them explicitly as direct dependency in our pom.xml so we don’t either have option to change the version of that transitive dependency to the latest one.
There might be another scenario, where these transitive dependencies jar are not compatible with some other jars or may be they have some security vulnerability which we don’t want at all. But, since Maven will download those automatically even though we are not directly using those anywhere in our project.
Ques: What is the solution of this problem then?
Ans: Maven provides us a tag called using which we can exclude a particular transitive dependency which we don’t want Maven to download and neither we are using anywhere in our project.
Now let’s see, how to use this tag:
Let’s say in our project we are using code only from commons-text and not from commons-lang transitive dependency.
So, we can exclude the commons-lang dependency from the commons-text dependency like I have shown in the following xml snippet:<project> ... <dependencies> ... <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-text</artifactId> <version>1.1</version> <exclusions> <exclusion> <groupId>org.apache.commons</groupId> <artifactId>commons-lang3</artifactId> </exclusion> </exclusions> </dependency> </dependencies> ... </project>
Here, you can clearly see that we have used <exclusions> tag first , then inside that we have used <exclusion> tag. In which we have defined the exact dependency (groupId & artifactId) which we want to exclude. If we want to exclude some other dependency of commons-text along with commons-lang3 then we can mention that also inside the same <exclusions> tag itself by defining one more <exclusion> tag parallel to this one. So, there can be multiple <exclusion> tags inside one <exclusions> tag.
Exclude All Transitive Dependencies Of A Particular Dependency
Sometimes, there is a need to exclude all the dependencies of a particular dependency then we can use the asterisk(*) in the groupId and artifactId like shown below.<project> ... <dependencies> ... <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-text</artifactId> <version>1.1</version> <exclusions> <exclusion> <groupId>*</groupId> <artifactId>*</artifactId> </exclusion> </exclusions> </dependency> </dependencies> ... </project>
This will exclude all the dependencies defined inside pom file of commons-text library.
I hope you would have learned something new from this article. This article is part of Complete Maven Understanding Series. So, to learn Maven from Basic to Advanced you can go through all the articles>>.
Still, if you have any feedback/suggestion/concern, please write us.