MaRCo
Compatible Version Ranges in Maven
C.R. Paulsen (TU Delft - Software Engineering)
S. Proksch (TU Delft - Software Engineering)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Managing dependencies in Java projects is challenging: undeclared, implicit dependencies and conflicting version declarations can lead to breaking changes and unpredictable resolution. We present MARCO, a tool to improve resolution reliability in Maven. It injects missing direct dependencies and replaces pinned versions with client-agnostic compatible version ranges, which can be safely reused across clients. The ranges are obtained by combining bytecode differencing and cross-version testing to detect API and behaviorally compatible dependency versions. We demonstrate how MARCO can be used to retrieve compatible versions for specific dependencies, replace pinned versions using compatibility mappings, and execute the full pipeline to enable compatibility-aware resolution. Our preliminary evaluation shows MARCo recovers all missing dependencies for 91% of affected projects, and replaces pinned versions with stable, compatible version ranges for 13 % of dependencies on average across 78 % of projects. MARCO demonstrates the feasibility of scalable, compatibility-driven dependency management. The demo is available at https://youtu.be/2faDG8Cmmh0.
Files
File under embargo until 05-05-2026