1

I have a dependency inherited from one external project dependency, which we don't have control and we want to exclude a specific dependency from that project. Tried several exclusion attempts but still not able to exclude the same.

<dependency> <groupId>..</groupId> <artifactId>...</artifactId> <version>...</version> <type>pom</type> <scope>import</scope> <exclusions> <exclusion> <groupId>...</groupId> <artifactId>...</artifactId> </exclusion> </exclusions> </dependency>

Could anyone let me know is it possible to exclude the dpendency. I am using 3.5.2 maven version.

Improve this question
7
  • Using Maven 3.5.4 the exclusions are working fine. Usually, I set them in dependencyManagement section as you mentioned. Commented Nov 9, 2018 at 5:51
  • Your dependency seems strange because you have type pom and scope import. Why? Commented Nov 9, 2018 at 7:42
  • @KérdezösködőIndián tried the latest version 3.6.0 but did not solve my issue. Commented Nov 9, 2018 at 9:27
  • Exclusions work in all newer Maven versions ... there must be some error in your pom. Could you add more details, and especially answer my question on why you want an exclusion on an import scoped dependency? Commented Nov 9, 2018 at 9:55
  • @JFMeier this project from where i want to exclude a dependency is managed by some other team and we cannot ask them to update the dependency of a specific jar that is coming as a part of existing imports which is done few years back. So i want to exclude that dependency and add my version of dependency .But the problem is as it is managed through <scope>import</scope> , even if we add exclusions, and add our dependency with a correct version ,it overrides the version.Hope i answered your question.this a case of transitive dependency Refer this issues.apache.org/jira/browse/MNG-5600 Commented Nov 9, 2018 at 10:11

2 Answers 2

Reset to default
1

It looks like that version is not released yet, but there is a workaround.

There is an example of dependencies import at Importing Dependencies with following explanation:

<project> <modelVersion>4.0.0</modelVersion> <groupId>maven</groupId> <artifactId>Z</artifactId> <packaging>pom</packaging> <name>Z</name> <version>1.0</version> <dependencyManagement> <dependencies> <dependency> <groupId>maven</groupId> <artifactId>X</artifactId> <version>1.0</version> <type>pom</type> <scope>import</scope> </dependency> <dependency> <groupId>maven</groupId> <artifactId>Y</artifactId> <version>1.0</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement> </project>

In the example above Z imports the managed dependencies from both X and Y. However, both X and Y contain dependency a. Here, version 1.1 of a would be used since X is declared first and a is not declared in Z's dependencyManagement.

Given that description, you should be able to override the version and/or scope of offending dependency if you define it BEFORE imports.

Following the same example, the definition below should use version 2.0 of a:

<project> <modelVersion>4.0.0</modelVersion> <groupId>maven</groupId> <artifactId>Z</artifactId> <packaging>pom</packaging> <name>Z</name> <version>1.0</version> <dependencyManagement> <dependencies> <dependency> <groupId>test</groupId> <artifactId>a</artifactId> <version>2.0</version> </dependency> <dependency> <groupId>maven</groupId> <artifactId>X</artifactId> <version>1.0</version> <type>pom</type> <scope>import</scope> </dependency> <dependency> <groupId>maven</groupId> <artifactId>Y</artifactId> <version>1.0</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement> </project>

Make sure to check the effective pom!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Exclusions have been available for a long time in Maven, that's not the problem. Keep you current Maven version, it will do it's job well.

I think there is a confusion there. From the pom excerpt you wrote above, we can see that you import a pom (scope "import") which is often called a BOM (for Bill Of Material).

A BOM is imported in a <dependencyManagement> section (not showed above) and it's goal can be summed up by: "I define many different libraries, including their versions so that if you import me you can ommit to specify the version of the libraries you define, but you still have to explicitly define your direct dependencies".

By that, I mean that a BOM does not "force" you to use the libraries it defines: it only hints that in the case that you or your dependencies depends upon a specific library Z, then the version of Z will be forced to the one defined in the BOM".

So the BOM does not "forces" dependencies upon you so you cannot "exclude" any dependency where the BOM is defined. You have to find exactly where the dependency Z you want to exclude is defined in your own project and remove it there. It may also be brought as a transitive dependency in which case you have to use exclude it from the dependency you have specified using the <exclusions> / <exclusion> tags and the groupId / artifactId.

In conclusion: change your approach, you're not looking in the right place. And also use Maven dependency plugin which is your best friend to understand where your unwanted dependency comes from exactly ( mvn dependency:tree ).

I hope it helps

PS: you did not tell but do you have a multimodule project ?

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.