Neo4j transitive dependecies

[Davide D'Alto]

Hi all,
when I include the artifact org.neo4j:neo4j in the project,
several other dependencies get added twice with different versions.

This seems caused by the following dependencies: neo4j-cypher-compiler-1.9 and neo4j-cypher-compiler-2.0.

For example I have:
org.neo4j:neo4j-lucene-index:2.0.3 and 2.1.5
net.sf.opencsv:opencsv:2.3 and 2.0
org.scala-lang:scala-library 2.10.4 and 2.10.3

and so on ...

Wouldn't be possible to uniform the dependencies and select just one version or at least make the cypher compiler libraries optional?
On exception at start up is thrown if I remove them.

Thanks,
Davide

[Anders Nawroth]

How did you add org.neo4j:neo4j to the project?

Any duplicates or conflicts should be resolved automatically, at least when using Maven.

The neo4j-cypher-compiler-* modules are special -- they add support for the syntax from previous versions and are not duplicates.

This is the final dependency tree I get, and there's no duplicates left in it:

org.neo4j:neo4j:jar:2.1.5

+- org.neo4j:neo4j-kernel:jar:2.1.5:compile

|  +- org.neo4j:neo4j-primitive-collections:jar:2.1.5:compile

|  \- org.apache.geronimo.specs:geronimo-jta_1.1_spec:jar:1.1.1:compile

+- org.neo4j:neo4j-lucene-index:jar:2.1.5:compile

|  \- org.apache.lucene:lucene-core:jar:3.6.2:compile

+- org.neo4j:neo4j-graph-algo:jar:2.1.5:compile

+- org.neo4j:neo4j-udc:jar:2.1.5:compile

+- org.neo4j:neo4j-graph-matching:jar:2.1.5:compile

+- org.neo4j:neo4j-cypher:jar:2.1.5:compile

|  +- org.neo4j:neo4j-cypher-commons:jar:2.1.5:compile

|  +- org.neo4j:neo4j-cypher-compiler-1.9:jar:2.0.3:compile

|  +- org.neo4j:neo4j-cypher-compiler-2.0:jar:2.0.3:compile

|  |  +- org.parboiled:parboiled-scala_2.10:jar:1.1.6:compile

|  |  |  \- org.parboiled:parboiled-core:jar:1.1.6:compile

|  |  \- net.sf.opencsv:opencsv:jar:2.0:compile

|  +- org.neo4j:neo4j-cypher-compiler-2.1:jar:2.1.5:compile

|  +- com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:jar:1.3.1:compile

|  \- org.scala-lang:scala-library:jar:2.10.4:compile

+- org.neo4j:neo4j-jmx:jar:2.1.5:compile

\- com.sun.tools:tools:jar:1.7:system

I don't know if the additional cypher-compiler libs could be made optional, I've never looked into how they are loaded.

/anders

--
You received this message because you are subscribed to the Google Groups "Neo4j" group.
To unsubscribe from this group and stop receiving emails from it, send an email to neo4j+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Davide D'Alto]

Right,
I didn't explain my problem properly, sorry.

In our project we are using the maven enforcer plugin (http://maven.apache.org/enforcer/maven-enforcer-plugin/) to check when two dependencies refer to different version of the same library.

With Neo4j this rule fails.

Maven will try to solve this conflict quietly, but you can see them running

mvn dependency:tree -Dverbose=true

These are the conflicts caused by "org.neo4j:neo4j-cypher-compiler-1.9:jar:2.0.3" and "org.neo4j:neo4j-cypher-compiler-2.0:jar:2.0.3":

[INFO] |  |  |  +- (org.neo4j:neo4j-kernel:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  +- (org.neo4j:neo4j-lucene-index:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  +- (org.neo4j:neo4j-graph-matching:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  +- (org.neo4j:neo4j-graph-algo:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  \- (org.scala-lang:scala-library:jar:2.10.3:compile - omitted for conflict with 2.10.4)
[INFO] |  |  |  \- (org.scala-lang:scala-library:jar:2.10.3:compile - omitted for conflict with 2.10.4)
[INFO] |  |  |  +- (net.sf.opencsv:opencsv:jar:2.3:compile - omitted for conflict with 2.0)

Is there any particular reason to use different versions of the same library?

--
You received this message because you are subscribed to a topic in the Google Groups "Neo4j" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/neo4j/fDLiKEnKnAM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to neo4j+un...@googlegroups.com.

[Craig Taverner]

Hi,

My understanding is that these are not two versions of the same library but the same version of two different libraries:

• org.neo4j:neo4j-cypher-compiler-1.9:jar:2.0.3
• org.neo4j:neo4j-cypher-compiler-2.0:jar:2.0.3
  

The version of both is 2.0.3, the same. The libraries however have different names (one is named 1.9 and one is named 2.0). Hence two different libraries. Both part of Neo4j 2.0.3. This means, as Anders said, that Neo4j 2.0.3 contains two levels of support for cypher.

However, we do see in several places in your output that you have mention of Neo4j 2.0.3 and Neo4j 2.1.5. Isn't this as simple as you having upgraded from 2.0.3 to 2.1.5, and the older version is still in the local maven repository, and maven is correctly omitting it as a duplicate? Perhaps if you deleted .m2/repository and re-ran maven, the conflicts would be cleared up?

Regards, Craig

[Davide D'Alto]

Hi Craig,

the problem for me is that they have a transitive dependency with a different version of some libraries, like scala-library for example:

org.neo4j:neo4j-cypher-compiler-1.9:jar:2.0.3 requires org.scala-lang:scala-library:jar:2.10.3:compile

while

org.neo4j:neo4j-cypher:jar:2.1.5:compile requires org.scala-lang:scala-library:jar:2.10.4:compile

Basically, I'm wondering if there is a particular reason for them to require different versions of the same library since it seems that using the most up to date is ok for both

[Davide D'Alto]

> However, we do see in several places in your output that you have mention of Neo4j 2.0.3 and Neo4j 2.1.5. Isn't this as simple as you having upgraded from 2.0.3 to 2.1.5, and the older version is still in the local maven repository, and maven is correctly omitting it as a duplicate? Perhaps if you deleted .m2/repository and re-ran maven, the conflicts would be cleared up?

Nope, this is the dependencies tree of org.neo4j:neo4j:jar:2.1.5:

[INFO] +- org.neo4j:neo4j:jar:2.1.5:compile
[INFO] |  +- org.neo4j:neo4j-kernel:jar:2.1.5:compile
[INFO] |  |  +- org.neo4j:neo4j-primitive-collections:jar:2.1.5:compile
[INFO] |  |  \- org.apache.geronimo.specs:geronimo-jta_1.1_spec:jar:1.1.1:compile
[INFO] |  +- org.neo4j:neo4j-lucene-index:jar:2.1.5:compile
[INFO] |  |  +- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for duplicate)
[INFO] |  |  \- org.apache.lucene:lucene-core:jar:3.6.2:compile
[INFO] |  +- org.neo4j:neo4j-graph-algo:jar:2.1.5:compile
[INFO] |  |  \- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for duplicate)
[INFO] |  +- org.neo4j:neo4j-udc:jar:2.1.5:compile
[INFO] |  |  \- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for duplicate)
[INFO] |  +- org.neo4j:neo4j-graph-matching:jar:2.1.5:compile
[INFO] |  |  \- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for duplicate)
[INFO] |  +- org.neo4j:neo4j-cypher:jar:2.1.5:compile
[INFO] |  |  +- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for duplicate)
[INFO] |  |  +- (org.neo4j:neo4j-lucene-index:jar:2.1.5:compile - omitted for duplicate)
[INFO] |  |  +- (org.neo4j:neo4j-graph-matching:jar:2.1.5:compile - omitted for duplicate)
[INFO] |  |  +- (org.neo4j:neo4j-graph-algo:jar:2.1.5:compile - omitted for duplicate)
[INFO] |  |  +- org.neo4j:neo4j-cypher-commons:jar:2.1.5:compile
[INFO] |  |  |  +- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for duplicate)
[INFO] |  |  |  +- (com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:jar:1.3.1:compile - omitted for duplicate)
[INFO] |  |  |  \- (org.scala-lang:scala-library:jar:2.10.4:compile - omitted for duplicate)
[INFO] |  |  +- org.neo4j:neo4j-cypher-compiler-1.9:jar:2.0.3:compile

[INFO] |  |  |  +- (org.neo4j:neo4j-kernel:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  +- (org.neo4j:neo4j-lucene-index:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  +- (org.neo4j:neo4j-graph-matching:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  +- (org.neo4j:neo4j-graph-algo:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  \- (org.scala-lang:scala-library:jar:2.10.3:compile - omitted for conflict with 2.10.4)

[INFO] |  |  +- org.neo4j:neo4j-cypher-compiler-2.0:jar:2.0.3:compile
[INFO] |  |  |  +- org.parboiled:parboiled-scala_2.10:jar:1.1.6:compile
[INFO] |  |  |  |  \- (org.parboiled:parboiled-core:jar:1.1.6:compile - omitted for duplicate)
[INFO] |  |  |  +- net.sf.opencsv:opencsv:jar:2.0:compile

[INFO] |  |  |  \- (org.scala-lang:scala-library:jar:2.10.3:compile - omitted for conflict with 2.10.4)

[INFO] |  |  +- org.neo4j:neo4j-cypher-compiler-2.1:jar:2.1.5:compile
[INFO] |  |  |  +- (org.parboiled:parboiled-scala_2.10:jar:1.1.6:compile - omitted for duplicate)

[INFO] |  |  |  +- (net.sf.opencsv:opencsv:jar:2.3:compile - omitted for conflict with 2.0)

[INFO] |  |  |  \- (org.scala-lang:scala-library:jar:2.10.4:compile - omitted for duplicate)
[INFO] |  |  +- com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:jar:1.3.1:compile
[INFO] |  |  \- org.scala-lang:scala-library:jar:2.10.4:compile
[INFO] |  \- org.neo4j:neo4j-jmx:jar:2.1.5:compile

If I'm not wrong  neo4j-graph-algo, for example, get included with two different versions 2.0.3 and 2.1.5

[Anders Nawroth]

Have you tried excluding the conflicting transitive dependencies and adding them back with the correct version?

/anders

[Davide D'Alto]

> Have you tried excluding the conflicting transitive dependencies and adding them back with the correct version?

That's what I've done so far.

I have two problems with this solution:

1) I have to do some additional work (this affect only my use case so it might be not that important)

2) I don't know if the dependency has been tested with the particular version of the library I'm going to use

Using a BOM or applying this change in the pom of org.neo4j:neo4 would solve the problem, I guess.

By the way, I would be happy to create a patch for this.

Davide

[Anders Nawroth]

I think you are right, we should exclude the transitive dependencies and add back the correct versions. 

This looks like the correct place to do it:

https://github.com/neo4j/neo4j/blob/master/community/cypher/cypher/pom.xml#L96

/anders

[Davide D'Alto]

Thanks Anders,

I'll create a patch for it.

Cheers,

Davide

[Anders Nawroth]

I forgot to look at the different branches, seems we should target 2.1-maint:

https://github.com/neo4j/neo4j/blob/2.1-maint/community/cypher/cypher/pom.xml#L103

/anders