in two different maven projects, we include the same dependency: hibernate-validator
7.0.1.Final
like this:
<dependency>
<groupId>org.hibernate.validator</groupId>
<artifactId>hibernate-validator</artifactId>
<version>7.0.1.Final</version>
</dependency>
Running mvn dependency:list
gives the following results.
Project A:
[INFO] - org.hibernate.validator:hibernate-validator:jar:7.0.1.Final:compile
[INFO] | - jakarta.validation:jakarta.validation-api:jar:2.0.2:compile
[INFO] | - org.jboss.logging:jboss-logging:jar:3.4.2.Final:compile
[INFO] | \- com.fasterxml:classmate:jar:1.5.1:compile
Running mvn dependency:list-repositories
for this project gives:
[INFO] Repositories used by this build:
[INFO] id: sonatype-nexus-snapshots
url: https://oss.sonatype.org/content/repositories/snapshots
layout: default
snapshots: [enabled => true, update => daily]
releases: [enabled => false, update => daily]
[INFO] id: spy
url: http://files.couchbase.com/maven2/
layout: default
snapshots: [enabled => false, update => daily]
releases: [enabled => true, update => daily]
[INFO] id: apache.snapshots
url: http://repository.apache.org/snapshots
layout: default
snapshots: [enabled => true, update => daily]
releases: [enabled => false, update => daily]
[INFO] id: apache.snapshots
url: https://repository.apache.org/snapshots
layout: default
snapshots: [enabled => true, update => daily]
releases: [enabled => false, update => daily]
[INFO] id: shibboleth-repo
url: https://build.shibboleth.net/nexus/content/repositories/releases/
layout: default
snapshots: [enabled => true, update => daily]
releases: [enabled => true, update => daily]
[INFO] id: central
url: https://repo.maven.apache.org/maven2
layout: default
snapshots: [enabled => false, update => daily]
releases: [enabled => true, update => daily]
Project B:
[INFO] - org.hibernate.validator:hibernate-validator:jar:7.0.1.Final:compile
[INFO] | - jakarta.validation:jakarta.validation-api:jar:3.0.0:compile
[INFO] | - org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile
[INFO] | \- com.fasterxml:classmate:jar:1.5.1:compile
Running mvn dependency:list-repositories
for this project gives:
[INFO] Repositories Used by this build:
[INFO] id: central
url: https://repo.maven.apache.org/maven2
layout: default
snapshots: [enabled => false, update => daily]
releases: [enabled => true, update => daily]
[INFO] id: project.local
url: file:C:\*****\*****/repo
layout: default
snapshots: [enabled => true, update => daily]
releases: [enabled => true, update => daily]
[INFO] id: apache.snapshots
url: https://repository.apache.org/snapshots
layout: default
snapshots: [enabled => true, update => daily]
releases: [enabled => false, update => daily]
Until now I thought dependencies of a dependency would be always the same, given that the version is the same, but this result makes me doubt that.
Has this to do with other dependencies in the projects? Might this be a result of the projects using different repositories?
CodePudding user response:
Dependencies of the org.hibernate.validator:hibernate-validator:jar:7.0.1.Final can be found on MvnRespository. Compile Dependencies section of this artifact shows that is uses jakarta.validation:jakarta.validation-api:jar:3.0.0 and org.jboss.logging:jboss-logging:jar:3.4.1 (among others).
That means that in project A something actually overrides those transitive dependencies. You could check the following link for more information how it is possible. Basically it looks like the project A pom (or the parent pom of this project) declares dependencies towards jakarta.validation-api and jboss-logging which would then be picked by Maven as it searches for "nearest definition" dependencies.