Remove Duplicate Dependencies with Maven – 用Maven删除重复的依赖关系

最后修改: 2021年 12月 21日

中文/混合/英文(键盘快捷键:t)

1. Overview

1.概述

In this tutorial, we’ll learn how to detect duplicate dependencies in pom.xml using Maven commands. We’ll also see how to fail a build if duplicate dependencies are present using the Maven Enforcer Plugin.

在本教程中,我们将学习如何使用Maven命令检测pom.xml中的重复依赖项。我们还将看到如何使用Maven Enforcer插件在存在重复依赖的情况下使构建失败。

2. Why Detect Duplicate Dependencies?

2.为什么要检测重复的依赖关系?

The risk with having duplicate dependencies in pom.xml is that the latest version of the targeted library may not be applied to our project’s build path. For example, let’s consider the following pom.xml:

pom.xml中存在重复依赖的风险是,目标库的最新版本可能不会应用于我们项目的构建路径。例如,让我们考虑下面的pom.xml

<project>
  [...]
  <dependencies>
    <dependency>
      <groupId>org.apache.commons</groupId>
      <artifactId>commons-lang3</artifactId>
      <version>3.12.0</version>
    </dependency>
    <dependency>
      <groupId>org.apache.commons</groupId>
      <artifactId>commons-lang3</artifactId>
      <version>3.11</version>
    </dependency>
  </dependencies>
   [...]
</project>

As we can see, there are two dependencies for the same library, commons-lang3, though the version is different in both these dependencies.

我们可以看到,同一个库有两个依赖关系,commons-lang3,尽管这两个依赖关系的版本不同。

Next, let’s see how to use Maven commands to detect these duplicate dependencies.

接下来,让我们看看如何使用Maven命令来检测这些重复的依赖关系。

3. The Dependency Tree Command

3.依赖关系树命令

Let’s run the command mvn dependency:tree from our terminal and see the output.

让我们从终端运行mvn dependency:tree的命令,看看输出。

$ mvn dependency:tree
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.baeldung:maven-duplicate-dependencies:jar:0
.0.1-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: org.apache.commons:commons-lang3:jar -
> version 3.12.0 vs 3.11 @ line 14, column 15
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] -------------< com.baeldung:maven-duplicate-dependencies >--------------
[INFO] Building maven-duplicate-dependencies 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ maven-duplicate-dependencies ---
[WARNING] The artifact xml-apis:xml-apis:jar:2.0.2 has been relocated to xml-apis:xml-apis:jar:1.0.b2
[INFO] com.baeldung:maven-duplicate-dependencies:jar:0.0.1-SNAPSHOT
[INFO] \- org.apache.commons:commons-lang3:jar:3.11:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  1.136 s
[INFO] Finished at: 2021-12-20T09:45:20+05:30
[INFO] ------------------------------------------------------------------------

Here, we get a warning about the presence of duplicate dependencies in pom.xml. We also notice that version 3.11 of commons-lang3.jar is added to the project, even though a higher version, 3.12.0, is present. It happened because Maven picked the dependency that appeared later in the pom.xml.

在这里,我们得到了一个关于pom.xml中存在重复依赖的警告。我们还注意到,3.11版的commons-lang3.jar被添加到项目中,尽管更高版本的3.12.0已经存在。这是因为Maven选择了后来出现在pom.xml中的依赖。

4. The Dependency analyze-duplicate Command

4.依赖性分析-重复命令

Now let’s run the command mvn dependency:analyze-duplicate and check the output.

现在让我们运行命令mvn dependency:analyze-duplicate并检查输出。

$ mvn dependency:analyze-duplicate
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.baeldung:maven-duplicate-dependencies:jar:0
.0.1-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: org.apache.commons:commons-lang3:jar -
> version 3.12.0 vs 3.11 @ line 14, column 15
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] -------------< com.baeldung:maven-duplicate-dependencies >--------------
[INFO] Building maven-duplicate-dependencies 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:analyze-duplicate (default-cli) @ maven-duplicate-dependencies ---
[WARNING] The artifact xml-apis:xml-apis:jar:2.0.2 has been relocated to xml-apis:xml-apis:jar:1.0.b2
[INFO] List of duplicate dependencies defined in <dependencies/> in your pom.xml:
        o org.apache.commons:commons-lang3:jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.835 s
[INFO] Finished at: 2021-12-20T09:54:02+05:30
[INFO] ------------------------------------------------------------------------

Here, we notice that both the WARNING and the INFO log statements mention the presence of duplicate dependencies.

在这里,我们注意到WARNINGINFO日志语句都提到存在重复的依赖关系。

5. Failing a Build if Duplicate Dependencies Are Present

5.如果存在重复的依赖,则构建失败

In the above examples, we saw how to detect duplicate dependencies, but the BUILD is still successful. This may lead to an incorrect version of the jar being used.

在上面的例子中,我们看到了如何检测重复的依赖关系,但BUILD仍然成功。这可能导致使用不正确的jar版本。

Using Maven Enforcer Plugin, we can ensure that a build is unsuccessful if duplicate dependencies are present.

使用Maven Enforcer插件,我们可以确保在出现重复依赖的情况下,构建不成功。

For this, we need to add this Maven plugin to our pom.xml and add the rule banDuplicatePomDependencyVersions:

为此,我们需要将这个Maven插件添加到我们的pom.xml中,并添加规则banDuplicatePomDependencyVersions

<project>
  [...]
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>3.0.0</version>
        <executions>
          <execution>
            <id>no-duplicate-declared-dependencies</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <banDuplicatePomDependencyVersions/>
              </rules>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  [...]
</project>

Now, the rule binds our Maven build:

现在,该规则约束了我们的Maven构建。

$ mvn verify
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.baeldung:maven-duplicate-dependencies:jar:0
.0.1-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: org.apache.commons:commons-lang3:jar -
> version 3.12.0 vs 3.11 @ line 14, column 14
[WARNING]
[INFO] -------------< com.baeldung:maven-duplicate-dependencies >--------------
[INFO] Building maven-duplicate-dependencies 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.0.0:enforce (no-duplicate-declared-dependencies) @ maven-duplicate-dependencies ---
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.BanDuplicatePomDependencyVersions failed with message:
Found 1 duplicate dependency declaration in this project:
 - dependencies.dependency[org.apache.commons:commons-lang3:jar] ( 2 times )

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.537 s
[INFO] Finished at: 2021-12-20T09:55:46+05:30
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0:enforce (no-duplicate-declared-dependencies) on project maven-duplicate-dependencie
s: Some Enforcer rules have failed. Look above for specific messages explaining why the rule failed.

6. Removing Duplicate Dependencies

6.删除重复的依赖关系

Once we have identified our duplicate dependencies, the simplest way to remove them is to delete them from pom.xml and keep only those unique dependencies that are used by our project.

一旦我们确定了我们的重复依赖,删除它们的最简单方法是从pom.xml 中删除它们,只保留那些被我们项目使用的唯一依赖。

7. Conclusion

7.结语

In this article, we learned how to detect duplicate dependencies in Maven using the mvn dependency:tree and mvn dependency:analyze-duplicate commands. We also saw how the Maven Enforcer Plugin could be used to fail a build that contains duplicate dependencies by applying an inbuilt rule.

在本文中,我们学习了如何使用mvn dependency:treemvn dependency:analyze-duplicate命令检测Maven中的重复依赖。我们还看到了如何使用Maven Enforcer插件,通过应用内置规则使包含重复依赖的构建失败。