• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Maven bcprov dependency issue

 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In my application we have bouncy castle dependency is used. I want this dependency to be excluded from the pom.xml file.
Even after removing this dependency from the pom file, it is still appearing in the .m2 repository folder.
While deploying there are two different versions of bcprov ( bcprov-jdk14 and bcprov-jdk15on) dependencies.
I need to exclude both bcprov-jdk14 and bcprov-jdk15on from the pom.xml file.

<dependency>
<groupId>bouncycastle</groupId>
<artifactId>bcprov-jdk14</artifactId>
<version>140</version>
</dependency>

I also tried looking on this link  https://stackoverflow.com/questions/9975167/maven-transitive-dependency-issue but it did not worked for me.

I ran the mvc dependency:tree command and this is the link on the tree output https://github.com/Wens1/books/blob/main/mavendependencies.txt

Please help how to exclude these dependencies.
 
Marshal
Posts: 22449
121
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ignore what's in your .m2 folder. That's a local repository where every dependency or plugin you need are downloaded to. However, there is no clean-up mechanism. Once something is downloaded to it, you need to manually remove it.

In your dependency tree I can see a few occurrences of Bouncy Castle:
  • Starting at https://github.com/Wens1/books/blob/main/mavendependencies.txt#L105: these are direct dependencies that are still in your POM, or perhaps in your parent POM if you have any.
  • Starting at https://github.com/Wens1/books/blob/main/mavendependencies.txt#L188: these are included through iText. You may try to exclude them but you could break iText that way.
  • Starting at https://github.com/Wens1/books/blob/main/mavendependencies.txt#L214: these are included through MQ. Again, you may try to exclude them but you could break MQ that way.

  • Because excluding Bouncy Castle may break two of your other dependencies, perhaps we should focus on another question: why do you want to exclude it?
     
    Saloon Keeper
    Posts: 13257
    292
    • Likes 1
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    The .m2 folder is not a good indicator for whether or not dependencies are included in a specific project. Maven uses it to cache dependencies it has downloaded, regardless of whether they end up in your projects.

    Exclude bcprov-jdk14 from itext, and exclude bcprov-jdk15on from com.ibm.mq.allclient.
     
    Saloon Keeper
    Posts: 24295
    167
    Android Eclipse IDE Tomcat Server Redhat Java Linux
    • Likes 1
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    I'm going to add to the chorus.

    the .m2 directory is a cache of every Maven dependency that Maven has ever asked for while logged in as your user ID and that includes indirect (transitive) dependencies. Once downloaded, it's there forever. The only way to get rid of it is to erase the subdirectory tree in the .ms repositories directory or its parents up to and including the .m2 diirectory itself (which of course, cleans out [ieverything[/i]). And if you run maven again and something depends on that deleted dependency the Maven will simply re-download and cache it all over again.

    So if you don't want something in a project, make sure that the project itself doesn't want that something. And that includes - as has also been noted - stuff that wants it indirectly.
     
    Why am I so drawn to cherry pie? I can't seem to stop. Save me tiny ad!
    Thread Boost feature
    https://coderanch.com/t/674455/Thread-Boost-feature
    reply
      Bookmark Topic Watch Topic
    • New Topic