Right, it shows commons-compress:jar:1.0.0 in all the cases, but here as "loser": https://gist.github.com/cstamas/bd9f18a1ce5781d6a9b6f0472812c12a#file-gistfile1-txt-L61
On Sat, Oct 11, 2025 at 9:36 PM Vladimir Sitnikov <[email protected]> wrote: > > >Did you check the gist i posted earlier? > > The gist shows commons-compress:jar:1.0.0 in all the cases (even with lib-a > and lib-b variation). > mvnw toolbox:tree does not work for me (No plugin found for prefix > 'toolbox'), and selectionStrategy makes no difference for dependency:tree. > > ./mvnw dependency:tree > -Daether.conflictResolver.versionSelector.selectionStrategy=highest > -DverboseTree -e > > Apache Maven 4.0.0-SNAPSHOT (8134db6f3c18ab2c68764a5ae05c9e08846b9787 > > [INFO] org.example:app:pom:1.0.0 > [INFO] +- org.example:lib-a:jar:1.0.0:compile > [INFO] | \- org.example:commons-compress:jar:1.0.0:compile <-- I expect > this to be 2.0.0 > [INFO] \- org.example:lib-b:jar:1.0.0:compile > [INFO] \- org.example:commons-compress-tar:jar:2.0.0:compile > [INFO] \- org.example:commons-compress-core:jar:2.0.0:compile > > >compress-core depend on compress > > Can you please explain exactly what you mean by "tweaking deps"? > lib-a and lib-b might be out of my control, so there's no much I can do > about tweaking lib-a and lib-b. > > >compress-core depend on compress, similar pattern that hamcrest did > > As far as I understand, Hamcrest has deprecated all individual jars, and > they merged everything into a single hamcreset.jar: > https://hamcrest.org/JavaHamcrest/distributables > > It is the opposite of what I am asking: I want to split a jar in multiple > for security reasons, so the users do not get unwanted classes. > > Vladimir > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
