Exclude transitive dependency for all dependencies

Hi,

for dependencies such as slf4j, guava, joda, … I generally don’t care what version a dependency declares itself. I know I can exclude those transitive dependencies one by one, but is there also a way to tell gradle to exclude specific dependencies in general?

I know I can force a version of a dependency in general, but then it still shows in the dependency report, and will not be excluded if I generate a POM.

Sorry, I guess this one shows an example of how to do it: http://forums.gradle.org/gradle/topics/resolve_gradle_transitive_dependency_conflict_with_file_system_libs_ie_not_maven_ivy

The gradle manual also has something similar: http://www.gradle.org/docs/current/userguide/dependency_management.html

However, not quite what I want. By using all*.exclude group:‘org.apache’, name: ‘httpcore’, version:‘4.0.1’ I only exclude one version, but I want to exclude all versions. By using

all*.exclude group:‘org.apache’, name: ‘httpcore’

I would also exclude the dependency I want to use myself. Is there any recipe or shortcut for what I want (e.g. use dependency ‘org.apache:httpcore:4.3.2’, and exclude any other version in any transitive dependency?

Or, expressed differently: exclude only such transitive dependencies, but not direct dependencies?

It sounds like what you want is to [force](http://www.gradle.org/docs/current/javadoc/org/gradle/api/artifacts/ResolutionStrategy.html#force(java.lang.Object...)) a particular version of a dependency.

configurations.all {

resolutionStrategy {

force ‘org.apache:httpcore:4.3.2’

}

}

What I want is similar, but AFAIK a force does not influence the exclude rule generation in the maven pom generation of the maven-publish plugin. And as a result, when I publish a lib to nexus, and another project imports my lib, it has again to solve the same conflicts. This is also ugly, because I would prefer client applications not having to worry about conficts coming only from depending on my single library.

I think I neglected to read the last line of your original post. Since Maven has no notion of global excludes you would have to add the exclusion to each dependency for it to show up in the resulting POM. While not idea, you could make this easier on yourself by adding the excludes programatically.

def excludeModules = [[group : ‘org.apache’, name: ‘httpcore’]]

excludeModules.each { exclusion ->

configurations.compile.dependencies.all {

if (name != exclusion.name || group != exclusion.group) {

exclude group: exclusion.group, module: exclusion.name

}

}

}

This is a pretty inelegant “brute-force” method that simply adds an exclusion to every dependency except the original, but it should work. Ideally the maven publishing capability would take forced modules into consideration when generating the final pom.

Yes, I was looking for an elegant alternative to something like this. Ideally just declaring ‘excludeInOtherDependencies=true’ in the declration of a dependency. Not sure if that is worth a JIRA issue or not.

BTW: This solution works for me. when used with configurations.all it also exclude my direct dependencies, so maybe I need to iterate over all configurations this applies to, but else no issue with it.

No issue other than the unnecessarily bloated pom, as you noted. But I also could not see a straight way here to only exclude what might be added.

As far as I can tell, the only way to determine if a given dependency will bring in transitive dependencies is to resolve the configuration. Since we would want to exclude certain dependencies from the resolved configuration that would probably require making a copy of the original configuration and then resolving the copy in order to determine which dependencies require the exclusion. Seeing as how the only side-effect of the above approach is superfluous excludes in your pom I wouldn’t expect the benefit be worth the additional build overhead.