On Thu, Nov 23, 2023 at 3:10 PM sebb <seb...@gmail.com> wrote: > > On Thu, 23 Nov 2023 at 13:05, Gary Gregory <garydgreg...@gmail.com> wrote: > > Generally a user can override the default version stated in the component pom. > Indeed this happens automatically in Maven if another jar declares a > dependency on a later version with the same Maven coordinates.
Um, no, though this is a common misconception. Gradle, I think, works like that but Maven does not. In Maven the chosen dependency version is the first one encountered in a breadth-first search of the dependency tree. Older versions can and often are picked in preference to newer versions. It is possible for a client project to override transitive dependencies, but you need to be careful. Using a BOM is one of the easier ways to manage these problems: https://jlbp.dev/JLBP-15 -- Elliotte Rusty Harold elh...@ibiblio.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
