Maven bcprov dependency issue

In my application we have bouncy castle dependency is used. I want this dependency to be excluded from the pom.xml file.
Even after removing this dependency from the pom file, it is still appearing in the .m2 repository folder.
While deploying there are two different versions of bcprov ( bcprov-jdk14 and bcprov-jdk15on) dependencies.
I need to exclude both bcprov-jdk14 and bcprov-jdk15on from the pom.xml file.

<dependency>
<groupId>bouncycastle</groupId>
<artifactId>bcprov-jdk14</artifactId>
<version>140</version>
</dependency>

I also tried looking on this link  https://stackoverflow.com/questions/9975167/maven-transitive-dependency-issue but it did not worked for me.

I ran the mvc dependency:tree command and this is the link on the tree output https://github.com/Wens1/books/blob/main/mavendependencies.txt

Please help how to exclude these dependencies.

Ignore what's in your .m2 folder. That's a local repository where every dependency or plugin you need are downloaded to. However, there is no clean-up mechanism. Once something is downloaded to it, you need to manually remove it.

In your dependency tree I can see a few occurrences of Bouncy Castle:

Starting at https://github.com/Wens1/books/blob/main/mavendependencies.txt#L105: these are direct dependencies that are still in your POM, or perhaps in your parent POM if you have any.

Starting at https://github.com/Wens1/books/blob/main/mavendependencies.txt#L188: these are included through iText. You may try to exclude them but you could break iText that way.

Starting at https://github.com/Wens1/books/blob/main/mavendependencies.txt#L214: these are included through MQ. Again, you may try to exclude them but you could break MQ that way.

Because excluding Bouncy Castle may break two of your other dependencies, perhaps we should focus on another question: why do you want to exclude it?

The .m2 folder is not a good indicator for whether or not dependencies are included in a specific project. Maven uses it to cache dependencies it has downloaded, regardless of whether they end up in your projects.

Exclude bcprov-jdk14 from itext, and exclude bcprov-jdk15on from com.ibm.mq.allclient.

I'm going to add to the chorus.

the .m2 directory is a cache of every Maven dependency that Maven has ever asked for while logged in as your user ID and that includes indirect (transitive) dependencies. Once downloaded, it's there forever. The only way to get rid of it is to erase the subdirectory tree in the .ms repositories directory or its parents up to and including the .m2 diirectory itself (which of course, cleans out [ieverything[/i]). And if you run maven again and something depends on that deleted dependency the Maven will simply re-download and cache it all over again.

So if you don't want something in a project, make sure that the project itself doesn't want that something. And that includes - as has also been noted - stuff that wants it indirectly.