Why does the use of dependencyManagement in maven usually not lead to problems?

Question

I understand that dependencyManagement in Maven gives you great benefits in terms of avoiding different versions of dependencies in sub-poms and in using one (and only one) version of a dependency.

At the same time, I am struggling to understand why overriding transitive dependencies by dependencyManagement is a safe thing to do. Let's say that we have a dependency D which is set to version 2.0 with dependencyManagement. Another dependency - C - also uses D, although it depends on D in version 1.0. With dependencyManagement, I am setting this transitive dependency up to 2.0. Isn't this dangerous? After all, C relies on the API and the implementation of version 1.0 - what if breaking changes have been made between the versions 1.0 and 2.0 of D?

Answer 1

It works because D 2.0 is backward compatible. So D 2.0 provides all APIs, functionalities as D 1.0, and thus C can use it.

If D 2.0 is not backward compatible, then you have a conflict. You might need to upgrade C, or find a lower version of D that all your dependencies can happily rely on.

You can use mvn dependency:tree to resolve conflicts as mentioned here

Answer 2

It is not a safe thing to do.

It can lead to the problems you describe.

But as you cannot have more than one version of a dependency (at least, not without shading), you need to pick one or let Maven decide. The latter is in most cases more dangerous than picking a reasonable version yourself.