maven程序集拉錯了依賴關係

Question

我在使用程序集插件時遇到了意外的依賴版本（1.5.8），但是沒有其他地方。在我的POM我：

<dependency> 
     <groupId>org.slf4j</groupId> 
     <artifactId>slf4j-log4j12</artifactId> 
     <version>1.6.0</version> 
    </dependency> 

當我運行dependency:tree或dependency:list，我看到了正確的版本，只有正確的版本。當我檢查Eclipse時，我只看到正確的版本。

在我assembly.xml我：

<dependencySets> 
    <dependencySet> 
     <outputDirectory>lib</outputDirectory> 
    </dependencySet> 
</dependencySets> 

在出現的拉鍊，我得到SLF4J-log4j12-1.5.8.jar。不知道這是從哪裏來的。任何幫助？

使用maven 3.0.4。

Answer 1

這是由於一個 '壞' 的組裝插件版本（2.2-β-5）。我的pom.xml沒有指定插件版本。當我明確地將它標記爲2.4（或者當您閱讀本文時爲最新版本！）時，該插件拉出了正確的依賴關係。

教訓教訓 - 如果你在構建以下警告：

[WARNING] 'build.plugins.plugin.version' for org.apache.maven.plugins:maven-whatever-plugin is missing 
It is highly recommended to fix these problems because they threaten the stability of your build. 

..修復它！

Answer 2

1. 你可以嘗試從您的Maven倉庫刪除壞JAR（SLF4J-log4j12-1.5.8.jar），並添加正確的有（SLF4J-log4j12-1.6.0.jar）。然後用--offline開關運行你的版本。在Maven嘗試獲取錯誤的JAR的時刻，構建將失敗，maven將向您展示它試圖獲得它的傳遞依賴關係。然後你從1晶體管依賴這種排除：

   <exclusions> 
       <exclusion> 
       <artifactId>slf4j-api</artifactId> 
       <groupId>slf4j-log4j12</groupId> 
       </exclusion> 
   </exclusions> 
   

2. 檢查，如果你拿到了正確的groupId的JAR。有些人爲 愚蠢和邪惡 創建了可能會混淆maven的特殊用途的共同JAR的重複項。在特殊情況下，請檢查您是否沒有獲得org.jboss.resteasy:slf4j-log4j12。你可以使用Maven的實施者 - 插件，這樣的禁止不必要的依賴：

   <plugin> 
       <groupId>org.apache.maven.plugins</groupId> 
       <artifactId>maven-enforcer-plugin</artifactId> 
       <version>1.0</version> 
       <executions> 
       <execution> 
        <id>enforce-banned-dependencies</id> 
        <goals> 
        <goal>enforce</goal> 
        </goals> 
        <configuration> 
        <rules> 
         <bannedDependencies> 
         <excludes> 
          <exclude>org.slf4j:slf4j-log4j12:1.5.8</exclude> <!-- Wrong version, dude! --> 
          <exclude>commons-logging:*</exclude> <!-- Worst, stupidest, lamest logging framework ever! --> 
          <exclude>org.jboss.resteasy:slf4j-simple</exclude> <!-- Evil JAR duplication. --> 
          <exclude>org.jboss.resteasy:slf4j-api</exclude> <!-- Evil JAR duplication. --> 
          <exclude>org.jboss.resteasy:slf4j-log4j12</exclude> <!-- Evil JAR duplication. --> 
          <exclude>org.jboss.resteasy:jackson-core-asl</exclude> <!-- Evil JAR duplication. --> 
          <exclude>org.jboss.resteasy:jackson-mapper-asl</exclude> <!-- Evil JAR duplication. --> 
          <exclude>org.jboss.resteasy:jackson-core-lgpl</exclude> <!-- Evil JAR duplication. --> 
          <exclude>org.jboss.resteasy:jackson-mapper-lgpl</exclude> <!-- Evil JAR duplication. --> 
          <exclude>org.codehaus.jackson:jackson-core-lgpl</exclude> <!-- Two distinct packages for the exact same thing always creates conflicts. We want the ASL one. --> 
          <exclude>org.codehaus.jackson:jackson-mapper-lgpl</exclude> <!-- Two distinct packages for the exact same thing always creates conflicts. We want the ASL one. --> 
          <exclude>velocity-tools:velocity-tools</exclude> <!-- Was renamed. --> 
          <exclude>velocity:velocity</exclude> <!-- Was renamed. --> 
          <exclude>struts:struts</exclude> <!-- Was renamed. --> 
          <exclude>javassist:javassist</exclude> <!-- Was renamed. --> 
          <exclude>axis:*</exclude> <!-- Was renamed to org.apache.axis:* and wsdl4j:wsdl4j . --> 
          <exclude>commons-beanutils:commons-beanutils-core</exclude> <!-- Redundant package. --> 
          <exclude>xpp3:xpp3_min</exclude> <!-- Redundant package. --> 
          <exclude>xml-apis:xml-apis:2.0.0</exclude> <!-- Bad package, for some strange reason 2.0.x is inferior to 1.4.x. --> 
          <exclude>xml-apis:xml-apis:2.0.2</exclude> <!-- Bad package, for some strange reason 2.0.x is inferior to 1.4.x. --> 
          <exclude>quartz:quartz</exclude> <!-- Was renamed. --> 
         </excludes> 
         </bannedDependencies> 
        </rules> 
        </configuration> 
       </execution> 
       </executions> 
   </plugin>