In my application we have bouncy castle dependency is used. I want this dependency to be excluded from the pom.xml file.
Even after removing this dependency from the pom file, it is still appearing in the .m2 repository folder.
While deploying there are two different versions of bcprov ( bcprov-jdk14 and bcprov-jdk15on) dependencies.
I need to exclude both bcprov-jdk14 and bcprov-jdk15on from the pom.xml file.
Ignore what's in your .m2 folder. That's a local repository where every dependency or plugin you need are downloaded to. However, there is no clean-up mechanism. Once something is downloaded to it, you need to manually remove it.
In your dependency tree I can see a few occurrences of Bouncy Castle:
The .m2 folder is not a good indicator for whether or not dependencies are included in a specific project. Maven uses it to cache dependencies it has downloaded, regardless of whether they end up in your projects.
Exclude bcprov-jdk14 from itext, and exclude bcprov-jdk15on from com.ibm.mq.allclient.
the .m2 directory is a cache of every Maven dependency that Maven has ever asked for while logged in as your user ID and that includes indirect (transitive) dependencies. Once downloaded, it's there forever. The only way to get rid of it is to erase the subdirectory tree in the .ms repositories directory or its parents up to and including the .m2 diirectory itself (which of course, cleans out [ieverything[/i]). And if you run maven again and something depends on that deleted dependency the Maven will simply re-download and cache it all over again.
So if you don't want something in a project, make sure that the project itself doesn't want that something. And that includes - as has also been noted - stuff that wants it indirectly.
I'm going to be a "small government" candidate. I'll be the government. Just me. No one else.