[aidenn0]

> I assume java gets around this by bundling libraries into the deployed .jar file. That this is better than a lock file, but doesn't make sense for scripting languages that don't have a build stage. (You won't have trouble convincing me that every language should have a proper build stage, but you might have trouble convincing the millions of lines of code already written in languages that don't.)

You are wrong; Maven just picks one of lib-x:0.1.4 or lib-x:0.1.5 depending on the ordering of the dependency tree.

[Tadpole9181]

Maven will also silently choose different minor and major versions, destroying your application. Sometimes at compile time, sometimes at runtime.

Java dependency management is unhinged, antiquated garbage to anyone who has used any other ecosystem.

[oftenwrong]

Maven is not Java, though.

[Tadpole9181]

Gradle suffers the same exact issue by default, because it inherits it from Maven (they use the same repository). You need to go out of your way to enable strict versioning policies and lock files.

Maven and Gradle make up the vast majority of all Java projects in the wild today. So, effectively, Maven is Java in terms of dependency management.

[quacker]

> Gradle suffers the same exact issue by default, because it inherits it from Maven

It's not the exact same issue because Gradle and Maven have different conflict resolution:

Maven dependency conflict resolution works with a shortest path, which is impacted by declaration ordering. Gradle does full conflict resolution, selecting the highest version of a dependency found in the graph.

from https://gradle.org/maven-and-gradle/

[yladiz]

How do you change the order?

[adrianmsmith]

You go into your pom.xml file (bunch of <dependency>) using a text editor and change the order.