There are Maven plugins:
org.apache.maven.plugins:maven-dependency-plugin:3.1.2org.apache.maven.plugins:maven-site-plugin:3.9.1
that indirectly use commons-beanutils:commons-beanutils:jar:1.7.0. According to this the dependencies are:
org.apache.maven.plugins:maven-site-plugin:maven-plugin:3.9.1 [Information]
org.apache.maven.doxia:doxia-site-renderer:jar:1.9.2 (compile) [Information]
org.apache.velocity:velocity-tools:jar:2.0 (compile) [Information]
commons-beanutils:commons-beanutils:jar:1.7.0 (compile)
How to change the dependency version from 1.7.0 to 1.9.4 for these plugins?
Here's an example POM and my solution that doesn't work:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.example</groupId>
<artifactId>freaking-beanutils</artifactId>
<version>1.0-SNAPSHOT</version>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>8</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>3.1.2</version>
<dependencies>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>1.9.4</version>
</dependency>
<dependency>
<groupId>org.apache.maven.doxia</groupId>
<artifactId>doxia-site-renderer</artifactId>
<version>1.9.2</version>
<exclusions>
<exclusion>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity-tools</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity-tools</artifactId>
<version>2.0</version>
<exclusions>
<exclusion>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<version>3.9.1</version>
<dependencies>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>1.9.4</version>
</dependency>
<dependency>
<groupId>org.apache.maven.doxia</groupId>
<artifactId>doxia-site-renderer</artifactId>
<version>1.9.2</version>
<exclusions>
<exclusion>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity-tools</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity-tools</artifactId>
<version>2.0</version>
<exclusions>
<exclusion>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>
</project>
Then execute
mvn -X dependency:resolve-plugins > 11111.txt
to see something like this:
. . .
[DEBUG] org.apache.maven.plugins:maven-dependency-plugin:jar:3.1.2:
[DEBUG] commons-beanutils:commons-beanutils:jar:1.9.4:runtime
. . .
[DEBUG] Populating class realm plugin>org.apache.maven.plugins:maven-dependency-plugin:3.1.2
[DEBUG] Included: org.apache.maven.plugins:maven-dependency-plugin:jar:3.1.2
[DEBUG] Included: commons-beanutils:commons-beanutils:jar:1.9.4
. . .
[INFO] org.apache.maven.plugins:maven-site-plugin:maven-plugin:3.9.1:runtime
. . .
[INFO] org.apache.maven.plugins:maven-dependency-plugin:maven-plugin:3.1.2:runtime
. . .
[INFO] commons-beanutils:commons-beanutils:jar:1.7.0
. . .
Now we see that commons-beanutils-1.7.0 is a dependency. Need to avoid it.
