I am using maven enforcer plugin but I found this strange case of dependency convergence:
Dependency convergence error for commons-collections:commons-collections:3.2.1 paths to dependency are:
+-ProjectA:B:0.1
+-commons-validator:commons-validator:1.6
+-commons-beanutils:commons-beanutils:1.9.2
+-commons-collections:commons-collections:3.2.1
and
+-ProjectA:B:0.1
+-commons-validator:commons-validator:1.6
+-commons-collections:commons-collections:3.2.2
And this is the dependency declaration:
<dependency>
<groupId>commons-validator</groupId>
<artifactId>commons-validator</artifactId>
<version>1.6</version>
</dependency>
you can see that the same artifact uses different versions of the same dependency. How can this happen? also the only way to suppress the warning is by including the latest version of that dependency as a direct dependency in my pom.
Am I missing something?
From the dependency tree you see that commons-validator:commons-validator:1.6 directly depends on commons-collections:commons-collections:3.2.2, but has also a transitive dependency on commons-collections:commons-collections:3.2.1. Nothing unusual about that.
To resolve this you need to choose a version. Just follow the advice of khmarbaise and add an entry to the <dependencyManagement> section of your POM.