'which dependency is overriding version of a transitive dependency (Maven)

I'm using the below dependency:

<dependency>
  <groupId>com.azure</groupId>
  <artifactId>azure-identity</artifactId>
  <version>1.4.3</version>
</dependency>

Which requires io.netty » netty-handler version 4.1.72.Final. However, the version is overridden to 4.1.42.Final.

The mvn dependency:tree -X command shows clearly that the version is changed:

[DEBUG]       com.azure:azure-core:jar:1.24.1:compile
[DEBUG]          io.projectreactor:reactor-core:jar:3.3.0.RELEASE:compile (scope managed from compile) (version managed from 3.4.13)
[DEBUG]             org.reactivestreams:reactive-streams:jar:1.0.3:compile (version managed from 1.0.3)
[DEBUG]          io.netty:netty-tcnative-boringssl-static:jar:2.0.26.Final:compile (version managed from 2.0.46.Final)
[DEBUG]       com.azure:azure-core-http-netty:jar:1.11.6:compile
[DEBUG]          io.netty:netty-handler:jar:4.1.42.Final:compile (version managed from 4.1.72.Final)
[DEBUG]             io.netty:netty-common:jar:4.1.42.Final:compile (version managed from 4.1.42.Final)
[DEBUG]             io.netty:netty-transport:jar:4.1.42.Final:compile (version managed from 4.1.42.Final)
[DEBUG]                io.netty:netty-resolver:jar:4.1.42.Final:compile (version managed from 4.1.42.Final)
[DEBUG]             io.netty:netty-codec:jar:4.1.42.Final:compile (version managed from 4.1.42.Final)
[DEBUG]          io.netty:netty-handler-proxy:jar:4.1.42.Final:compile (version managed from 4.1.72.Final)
[DEBUG]             io.netty:netty-codec-socks:jar:4.1.42.Final:compile (version managed from 4.1.42.Final)
[DEBUG]          io.netty:netty-buffer:jar:4.1.42.Final:compile (version managed from 4.1.72.Final)
[DEBUG]          io.netty:netty-codec-http:jar:4.1.42.Final:compile (version managed from 4.1.72.Final)
[DEBUG]          io.netty:netty-codec-http2:jar:4.1.42.Final:compile (version managed from 4.1.72.Final)
[DEBUG]          io.netty:netty-transport-native-unix-common:jar:4.1.42.Final:compile (version managed from 4.1.72.Final)
[DEBUG]          io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.42.Final:compile (version managed from 4.1.72.Final)
[DEBUG]          io.netty:netty-transport-native-kqueue:jar:osx-x86_64:4.1.42.Final:compile (version managed from 4.1.72.Final)
[DEBUG]          io.projectreactor.netty:reactor-netty-http:jar:1.0.14:compile
[DEBUG]             io.netty:netty-resolver-dns:jar:4.1.42.Final:compile (version managed from 4.1.72.Final)
[DEBUG]                io.netty:netty-codec-dns:jar:4.1.42.Final:compile (version managed from 4.1.42.Final)
[DEBUG]             io.netty:netty-resolver-dns-native-macos:jar:osx-x86_64:4.1.72.Final:compile
[DEBUG]                io.netty:netty-resolver-dns-classes-macos:jar:4.1.72.Final:compile
[DEBUG]             io.projectreactor.netty:reactor-netty-core:jar:1.0.14:compile

But I could not find other dependencies that uses io.netty » netty-handler with version 4.1.42.Final in the log.

Is there any way to find which dependency actually using io.netty » netty-handler 4.1.42.Final and overriding version 4.1.72.Final?

javaspring-bootmavenazure-java-sdk


Solution 1:[1]

The version comes from <dependencyManagement>, so probably from inside a BOM (an entry with <scope>import</scope>) that is in your POM or your parent POM.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 J Fabian Meier

Related Questions