我有一个父Pom.xml(BOM),其中包含一个DependencyManagement标记,其中包含依赖性列表,以及这些依赖性所带来的传递性依赖性的一些安全补丁。例如:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>x</groupId>
<artifactId>y/artifactId>
<version>z</version>
</dependency>
<dependency>
<groupId>a</groupId>
<artifactId>b/artifactId>
<version>c</version>
</dependency>
</dependencies>
</dependencyManagement>
I want the Child projects which use this parent pom to not to use a:b-c.jar artefact in their pom as a dependency.
For this, I thought of using maven-enforcer-plugin with enforce-banned-dependencies like below:
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.0.0-M2</version>
<executions>
<execution>
<id>enforce-banned-dependencies</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<bannedDependencies>
<excludes>
<exclude>a:b</exclude>
</excludes>
<includes>
<!--only 1.0 of badArtifact is allowed-->
</includes>
</bannedDependencies>
</rules>
<fail>true</fail>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
但是,这不起作用。并且子项目poms仍可以在其项目中引用a:b(无需指定课程的版本c)。
任何人都可以告诉我,无论是否使用此插件或任何其他技术,是否有可能实现我想做的事情?