Obtain multiple maven dependency trees

Question

I have a Maven project that depends on numerous other projects, which often have several conflicting dependencies.

Maven will automatically resolve dependency conflicts using its nearest-wins strategy, in which case it will list the chosen version on the result mvn dependency:tree:

[INFO] | - (commons-collections:commons-collections:jar:2.1:compile - omitted for conflict with 2.0)

In this example, should commons-collections:2.1 be chosen, I would have an alternate dependency tree, potentially containing multiple other dependencies.

What I need to know is how this alternate tree would look like should the other version be chosen.

The way I'm currently doing is identifying the top level dependency that has conflicts with other dependencies, and running dependency tree just for it, i.e. by effectively creating multiple new poms with a single dependency just for the purpose of obtain their trees. This works, and I can write a script for that, but it's a manual process. I'm looking for Maven goal or other approach, which would act on my pom making things straightforward.

I've looked at other goals of the Maven dependency plugin such as analyse, but they do not appear to be helpful in this case.

Answer 1

There is no plugin that does exactly that, but there is a plugin that can help deal with the nearest-win maven dependency resolution strategy, and protect against it's occasionally unintended consequences.

It's the maven enforcer plugin, that with it's dependencyConvergence rule basically turns off the maven nearest-win strategy. With that rule applied to a build, if there is a dependency on version 1 of a transitive library, but also a dependency on version 2 of the same library, the build will fail.

This is a fail early mechanism that will allow to detect when the maven nearest dependency mechanism kicks in and silently makes a choice for a library version that we would prefer to do ourselves based on some code/library analysis.

What you can do with this plugin is to fix the current build by choosing the versions you want one by one, and then turn on the dependencyConvergence for future builds. This will ensure that you won't have to do the same analysis and fix in a near future, whe someone else changes the poms and the problem occurs again.