maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Glick <>
Subject Re: Dependency exclusions being ignored
Date Sat, 16 Nov 2013 17:56:25 GMT

I believe that your 2nd pastebin output reflects a bug in the gradle 
mechanism for determining dependencies.

The problem that you have referred to is that you have marked 2 maven 
plugins to be excluded from the transitive dependencies of 
abdera-client, because you are seeing the plugins referenced as if they 
were members of its transitive dependency set. If you look at the gradle 
tree listing carefully you will see that the gradle has assigned jaxen 
the version range of jaxen:jaxen:1.1-beta-9 -> 1.1.3, and the plugins 
are listed as dependencies of jaxen.

When I forget about gradle and use the maven-dependency-plugin:2.8 and 
execute "mvn dependency:tree" with a pom that I simplified to just the 
issue that you have reported and which you can find below, I don't see 
the plugins listed as dependencies of jaxen so they do not appear. And I 
see that the dependency plugin has chosen jaxen 1.1.1 rather than a 
version range. The pom of jaxen 1.1.1 doesn't list any plugins as its 
dependents, though I did find at least 1 reference to one of the plugins 
as a dependency of jaxen's in the pom for 1.1.3.  My sense is that you 
are seeing 1 or more gradle bugs at work here.

The pom dependencies look like the following when I trace them:

abdera-client has a dependency on abdera-parser

abdera-parser has a parent pom abdera in which the dependency-management 
section chooses jaxen 1.1.1, not a range

abdera-parser has a dependency on jaxen which is referenced without a 
version, so the parent (abdera pom) version of 1.1.1 ought to be in force

jaxen 1.1.1 pom has no transitive dependencies on any plugins. It does 
declare/use plugins within <build><plugins> but that doesn't count.

I did include the the 4 non-plugin dependencies of abdera-client in the 
exclusions list, and all of them have been excluded.

The results of the dependency:tree run appear 1st followed by the pom 
that I used. Please notice that I commented out the exclusions for the 
plugins and they are still not being listed.

As you can see from the dependency tree's graph below, the gradle report 
is simply in error.

Hope that this helps.

C:\java\simple-jpa\jpa-story-parent>mvn dependency:tree -f ppom.xml
[INFO] Scanning for projects...
[INFO] Building dotcms 2.5.1
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ dotcms ---
[INFO] com.dotcms:dotcms:jar:2.5.1
[INFO] \- org.apache.abdera:abdera-client:jar:0.4.0-incubating:compile
[INFO]    +- org.apache.abdera:abdera-core:jar:0.4.0-incubating:compile
[INFO]    |  +- org.apache.abdera:abdera-i18n:jar:0.4.0-incubating:compile
[INFO]    |  \- commons-codec:commons-codec:jar:1.3:compile
[INFO]    +- org.apache.abdera:abdera-parser:jar:0.4.0-incubating:compile
[INFO]    |  +- org.codehaus.woodstox:wstx-asl:jar:3.2.1:runtime
[INFO]    |  +- jaxen:jaxen:jar:1.1.1:compile
[INFO]    |  |  +- xml-apis:xml-apis:jar:1.3.02:compile
[INFO]    |  |  \- xerces:xercesImpl:jar:2.6.2:compile
[INFO]    |  \- commons-logging:commons-logging:jar:1.0.4:compile
[INFO]    \- commons-httpclient:commons-httpclient:jar:3.1-rc1:compile
[INFO] Total time: 2.119s
[INFO] Finished at: Sat Nov 16 12:25:04 EST 2013
[INFO] Final Memory: 10M/121M

the pom that I used:

<?xml version="1.0" encoding="UTF-8"?>
<project xsi:schemaLocation=""


On 11/14/2013 8:14 AM, Jason Tesser wrote:
> I have the following POM but my exclusion for
> <artifactId>abdera-client</artifactId> are not being respected.  Actually
> only 2 of them are not
> the 2 not working are maven-plugins and maven-plugins
> they are coming down anyways
> see
> what am I missing
> I have altered the POM but I cleared my local cache and refreshed
> dependencies

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message