Neo4j transitive dependecies

87 views
Skip to first unread message

Davide D'Alto

unread,
Oct 20, 2014, 1:28:49 PM10/20/14
to ne...@googlegroups.com
Hi all,
when I include the artifact org.neo4j:neo4j in the project,
several other dependencies get added twice with different versions.

This seems caused by the following dependencies: neo4j-cypher-compiler-1.9 and neo4j-cypher-compiler-2.0.

For example I have:
org.neo4j:neo4j-lucene-index:2.0.3 and 2.1.5
net.sf.opencsv:opencsv:2.3 and 2.0
org.scala-lang:scala-library 2.10.4 and 2.10.3

and so on ...

Wouldn't be possible to uniform the dependencies and select just one version or at least make the cypher compiler libraries optional?
On exception at start up is thrown if I remove them.

Thanks,
Davide

Anders Nawroth

unread,
Oct 20, 2014, 6:20:51 PM10/20/14
to ne...@googlegroups.com
How did you add org.neo4j:neo4j to the project?
Any duplicates or conflicts should be resolved automatically, at least when using Maven.
The neo4j-cypher-compiler-* modules are special -- they add support for the syntax from previous versions and are not duplicates.

This is the final dependency tree I get, and there's no duplicates left in it:

org.neo4j:neo4j:jar:2.1.5
+- org.neo4j:neo4j-kernel:jar:2.1.5:compile
|  +- org.neo4j:neo4j-primitive-collections:jar:2.1.5:compile
|  \- org.apache.geronimo.specs:geronimo-jta_1.1_spec:jar:1.1.1:compile
+- org.neo4j:neo4j-lucene-index:jar:2.1.5:compile
|  \- org.apache.lucene:lucene-core:jar:3.6.2:compile
+- org.neo4j:neo4j-graph-algo:jar:2.1.5:compile
+- org.neo4j:neo4j-udc:jar:2.1.5:compile
+- org.neo4j:neo4j-graph-matching:jar:2.1.5:compile
+- org.neo4j:neo4j-cypher:jar:2.1.5:compile
|  +- org.neo4j:neo4j-cypher-commons:jar:2.1.5:compile
|  +- org.neo4j:neo4j-cypher-compiler-1.9:jar:2.0.3:compile
|  +- org.neo4j:neo4j-cypher-compiler-2.0:jar:2.0.3:compile
|  |  +- org.parboiled:parboiled-scala_2.10:jar:1.1.6:compile
|  |  |  \- org.parboiled:parboiled-core:jar:1.1.6:compile
|  |  \- net.sf.opencsv:opencsv:jar:2.0:compile
|  +- org.neo4j:neo4j-cypher-compiler-2.1:jar:2.1.5:compile
|  +- com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:jar:1.3.1:compile
|  \- org.scala-lang:scala-library:jar:2.10.4:compile
+- org.neo4j:neo4j-jmx:jar:2.1.5:compile
\- com.sun.tools:tools:jar:1.7:system

I don't know if the additional cypher-compiler libs could be made optional, I've never looked into how they are loaded.

/anders


--
You received this message because you are subscribed to the Google Groups "Neo4j" group.
To unsubscribe from this group and stop receiving emails from it, send an email to neo4j+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Davide D'Alto

unread,
Oct 21, 2014, 5:19:18 AM10/21/14
to ne...@googlegroups.com
Right,
I didn't explain my problem properly, sorry.

In our project we are using the maven enforcer plugin (http://maven.apache.org/enforcer/maven-enforcer-plugin/) to check when two dependencies refer to different version of the same library.
With Neo4j this rule fails.

Maven will try to solve this conflict quietly, but you can see them running

mvn dependency:tree -Dverbose=true

These are the conflicts caused by "org.neo4j:neo4j-cypher-compiler-1.9:jar:2.0.3" and "org.neo4j:neo4j-cypher-compiler-2.0:jar:2.0.3":

[INFO] |  |  |  +- (org.neo4j:neo4j-kernel:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  +- (org.neo4j:neo4j-lucene-index:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  +- (org.neo4j:neo4j-graph-matching:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  +- (org.neo4j:neo4j-graph-algo:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  \- (org.scala-lang:scala-library:jar:2.10.3:compile - omitted for conflict with 2.10.4)
[INFO] |  |  |  \- (org.scala-lang:scala-library:jar:2.10.3:compile - omitted for conflict with 2.10.4)
[INFO] |  |  |  +- (net.sf.opencsv:opencsv:jar:2.3:compile - omitted for conflict with 2.0)

Is there any particular reason to use different versions of the same library?


--
You received this message because you are subscribed to a topic in the Google Groups "Neo4j" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/neo4j/fDLiKEnKnAM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to neo4j+un...@googlegroups.com.

Craig Taverner

unread,
Oct 21, 2014, 5:31:22 AM10/21/14
to ne...@googlegroups.com
Hi,

My understanding is that these are not two versions of the same library but the same version of two different libraries:
  • org.neo4j:neo4j-cypher-compiler-1.9:jar:2.0.3
  • org.neo4j:neo4j-cypher-compiler-2.0:jar:2.0.3
The version of both is 2.0.3, the same. The libraries however have different names (one is named 1.9 and one is named 2.0). Hence two different libraries. Both part of Neo4j 2.0.3. This means, as Anders said, that Neo4j 2.0.3 contains two levels of support for cypher.

However, we do see in several places in your output that you have mention of Neo4j 2.0.3 and Neo4j 2.1.5. Isn't this as simple as you having upgraded from 2.0.3 to 2.1.5, and the older version is still in the local maven repository, and maven is correctly omitting it as a duplicate? Perhaps if you deleted .m2/repository and re-ran maven, the conflicts would be cleared up?

Regards, Craig

Davide D'Alto

unread,
Oct 21, 2014, 5:46:42 AM10/21/14
to ne...@googlegroups.com
Hi Craig,
the problem for me is that they have a transitive dependency with a different version of some libraries, like scala-library for example:

org.neo4j:neo4j-cypher-compiler-1.9:jar:2.0.3 requires org.scala-lang:scala-library:jar:2.10.3:compile

while

org.neo4j:neo4j-cypher:jar:2.1.5:compile requires org.scala-lang:scala-library:jar:2.10.4:compile

Basically, I'm wondering if there is a particular reason for them to require different versions of the same library since it seems that using the most up to date is ok for both

Davide D'Alto

unread,
Oct 21, 2014, 6:11:18 AM10/21/14
to ne...@googlegroups.com
> However, we do see in several places in your output that you have mention of Neo4j 2.0.3 and Neo4j 2.1.5. Isn't this as simple as you having upgraded from 2.0.3 to 2.1.5, and the older version is still in the local maven repository, and maven is correctly omitting it as a duplicate? Perhaps if you deleted .m2/repository and re-ran maven, the conflicts would be cleared up?

Nope, this is the dependencies tree of org.neo4j:neo4j:jar:2.1.5:

[INFO] +- org.neo4j:neo4j:jar:2.1.5:compile
[INFO] |  +- org.neo4j:neo4j-kernel:jar:2.1.5:compile
[INFO] |  |  +- org.neo4j:neo4j-primitive-collections:jar:2.1.5:compile
[INFO] |  |  \- org.apache.geronimo.specs:geronimo-jta_1.1_spec:jar:1.1.1:compile
[INFO] |  +- org.neo4j:neo4j-lucene-index:jar:2.1.5:compile
[INFO] |  |  +- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for duplicate)
[INFO] |  |  \- org.apache.lucene:lucene-core:jar:3.6.2:compile
[INFO] |  +- org.neo4j:neo4j-graph-algo:jar:2.1.5:compile
[INFO] |  |  \- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for duplicate)
[INFO] |  +- org.neo4j:neo4j-udc:jar:2.1.5:compile
[INFO] |  |  \- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for duplicate)
[INFO] |  +- org.neo4j:neo4j-graph-matching:jar:2.1.5:compile
[INFO] |  |  \- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for duplicate)
[INFO] |  +- org.neo4j:neo4j-cypher:jar:2.1.5:compile
[INFO] |  |  +- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for duplicate)
[INFO] | 
|  +- (org.neo4j:neo4j-lucene-index:jar:2.1.5:compile - omitted for duplicate)
[INFO] | 
|  +- (org.neo4j:neo4j-graph-matching:jar:2.1.5:compile - omitted for duplicate)
[INFO] | 
|  +- (org.neo4j:neo4j-graph-algo:jar:2.1.5:compile - omitted for duplicate)
[INFO] | 
|  +- org.neo4j:neo4j-cypher-commons:jar:2.1.5:compile
[INFO] | 
|  |  +- (org.neo4j:neo4j-kernel:jar:2.1.5:compile - omitted for duplicate)
[INFO] | 
|  |  +- (com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:jar:1.3.1:compile - omitted for duplicate)
[INFO] | 
|  |  \- (org.scala-lang:scala-library:jar:2.10.4:compile - omitted for duplicate)
[INFO] |  |  +- org.neo4j:neo4j-cypher-compiler-1.9:jar:2.0.3:compile

[INFO] |  |  |  +- (org.neo4j:neo4j-kernel:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  +- (org.neo4j:neo4j-lucene-index:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  +- (org.neo4j:neo4j-graph-matching:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  +- (org.neo4j:neo4j-graph-algo:jar:2.0.3:compile - omitted for conflict with 2.1.5)
[INFO] |  |  |  \- (org.scala-lang:scala-library:jar:2.10.3:compile - omitted for conflict with 2.10.4)
[INFO] |  |  +- org.neo4j:neo4j-cypher-compiler-2.0:jar:2.0.3:compile
[INFO] |  |  |  +- org.parboiled:parboiled-scala_2.10:jar:1.1.6:compile
[INFO] |  |  |  |  \- (org.parboiled:parboiled-core:jar:1.1.6:compile - omitted for duplicate)
[INFO] |  |  |  +- net.sf.opencsv:opencsv:jar:2.0:compile

[INFO] |  |  |  \- (org.scala-lang:scala-library:jar:2.10.3:compile - omitted for conflict with 2.10.4)
[INFO] |  |  +- org.neo4j:neo4j-cypher-compiler-2.1:jar:2.1.5:compile
[INFO] |  |  |  +- (org.parboiled:parboiled-scala_2.10:jar:1.1.6:compile - omitted for duplicate)

[INFO] |  |  |  +- (net.sf.opencsv:opencsv:jar:2.3:compile - omitted for conflict with 2.0)
[INFO] |  |  |  \- (org.scala-lang:scala-library:jar:2.10.4:compile - omitted for duplicate)
[INFO] |  |  +- com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:jar:1.3.1:compile
[INFO] |  |  \- org.scala-lang:scala-library:jar:2.10.4:compile
[INFO] |  \- org.neo4j:neo4j-jmx:jar:2.1.5:compile

If I'm not wrong  neo4j-graph-algo, for example, get included with two different versions 2.0.3 and 2.1.5


Anders Nawroth

unread,
Oct 21, 2014, 11:03:51 AM10/21/14
to ne...@googlegroups.com
Have you tried excluding the conflicting transitive dependencies and adding them back with the correct version?

/anders

Davide D'Alto

unread,
Oct 21, 2014, 11:35:51 AM10/21/14
to ne...@googlegroups.com
> Have you tried excluding the conflicting transitive dependencies and adding them back with the correct version?

That's what I've done so far.

I have two problems with this solution:
1) I have to do some additional work (this affect only my use case so it might be not that important)
2) I don't know if the dependency has been tested with the particular version of the library I'm going to use

Using a BOM or applying this change in the pom of org.neo4j:neo4 would solve the problem, I guess.

By the way, I would be happy to create a patch for this.

Davide

Anders Nawroth

unread,
Oct 21, 2014, 11:58:47 AM10/21/14
to ne...@googlegroups.com
I think you are right, we should exclude the transitive dependencies and add back the correct versions. 

This looks like the correct place to do it:

/anders

Davide D'Alto

unread,
Oct 21, 2014, 12:09:49 PM10/21/14
to ne...@googlegroups.com
Thanks Anders,
I'll create a patch for it.

Cheers,
Davide

Anders Nawroth

unread,
Oct 21, 2014, 12:24:29 PM10/21/14
to ne...@googlegroups.com
I forgot to look at the different branches, seems we should target 2.1-maint:

/anders
Reply all
Reply to author
Forward
0 new messages